Packages ignoring machines with users in specific AD security groups
Is it possible to run - say an uninstall package - across all computers but ignoring specific machines where the logged in user is in a particular AD security group?
EG we want to ensure people are using a licenced copy of 'MySoftware' and we manage the licensing and distribution of 'MySoftware' by adding users to an AD security group that grants them and their machine access to a network location with the licensed installer.
The problem is they can get unlicensed versions of the software from the internet, so we want to run a PDQ scheduled package that removes all instances of 'MySoftware' from all computers where the user is not in the particular AD security group.
Is that possible?
An alternate way to think about it: when the license key is entered, does it create a registry entry? If so, create a scanner for that, then a dynamic group based on the results of that scan. You can run the uninstall on all machines not in that group.
Ah that's a great way of looking at it. Thanks for the idea. I'll take a look at that.
This is doable with a powershell or batch script (dsquery). It can query who is currently logged in, check that AD group, if they are in it, send a good exit code, if not send a bad exit code and tell PDQ Deploy to quit.
Alternatively you can use pdq inventory as well to track, more of a static way.
Please sign in to leave a comment.