About LDAP user Task targeting vs. Machine based Task targeting in Software Distribution

Version 5

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x

    Overview

     

    When using LDAP-User based queries to target tasks the opportunity is presented for re-installs to occur if multiple users are sharing a device. This document outlines the reason behind this and the option we've included to prevent this behavior.

     

    Reason

     

    Starting in LDMS version 9.6, we migrated from client-side databases (.db3 file) and implemented client policy .XML files to handle task data. This change allowed for the creation of two (2) repositories housing task data instead of one (1) central location. When a task is targeted by a device the client policies xml get deposited into the following directory:

     

    C:\Programdata\LANDESK\Policies

     

    User-based task targeting allows for the client policy xml file to get deposited in the user's local directory:

     

    C:\Users\user_A\AppData\local\LANDESK\Policies

     

    The problem presented when targeting by the user is as follows:

     

    If user_A logs into device_A, launches Ivanti EPM Portal Manager and successfully installs a package, when user_A logs off and  user_B logs onto the same device, they will be able to reinstall that same package through the same method.

     

     

    Configurable option to prevent potential re-installs

     

    We've included a configurable option to avoid the above mentioned behavior. This option is only available to Policy-based software distribution tasks and will not be available for any other task type.

     

    LDAP_TARGETED_USERS.jpg

     

    This option is TASK specific. By default, this option is set to Install for all users (device). This will allow the client policy xml to get deposited in the ProgramData repository and not the user's local repository.