Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Packages ignoring machines with users in specific AD security groups

Hi Guys

Is it possible to run - say an uninstall package - across all computers but ignoring specific machines where the logged in user is in a particular AD security group?

EG we want to ensure people are using a licenced copy of 'MySoftware' and we manage the licensing and distribution of 'MySoftware' by adding users to an AD security group that grants them and their machine access to a network location with the licensed installer.

The problem is they can get unlicensed versions of the software from the internet, so we want to run a PDQ scheduled package that removes all instances of 'MySoftware' from all computers where the user is not in the particular AD security group.

Is that possible?




Date Votes
  • An alternate way to think about it: when the license key is entered, does it create a registry entry?  If so, create a scanner for that, then a dynamic group based on the results of that scan.  You can run the uninstall on all machines not in that group.

  • Ah that's a great way of looking at it. Thanks for the idea. I'll take a look at that.

  • This is doable with a powershell or batch script (dsquery). It can query who is currently logged in, check that AD group, if they are in it, send a good exit code, if not send a bad exit code and tell PDQ Deploy to quit.


    Alternatively you can use pdq inventory as well to track, more of a static way.