4 Replies Latest reply on Nov 29, 2013 6:53 AM by timhandy

    Multiple package deployment via Active Directory Security Group?


      I have successfully deployed individual packages (Management Suite 9.5) to machines via scheduled tasks based on targeting machines in Active Directory security groups, however it appears the options for multiple deployments is lacking.


      My end goal is for our service desk to add new machines to the domain (with the agent already installed), and add the machine to a 'Core-Software' Active Directory Security group. The machine should then check Landesk for policies and a list of core software packages should be installed (Office, Firefox, Java, Skype etc.). I would also like to be able to deploy multiple packages easily for department-specific multiple deployments.


      I have seen that this can be fudged via various methods http://community.landesk.com/support/docs/DOC-7751, but nothing that seems very slick, most of which seem to lose the ability to use policy-supported push and multicast options.


      Have I completely missed something, or is this not a very complete application?


      Kind regards,


        • 1. Re: Multiple package deployment via Active Directory Security Group?

          Our entire build process is built around AD group membership.  We use two different OUs.  One called Staging which is where the device gets the core build of Anti-Virus and Endpoint Control.  We then move the machine into a Departmental Based OU which determines what further software needs to be installed. The tasks are all policy based which allows you to control bandwidth consumption.


          So, for example, a machine is dropped into the Sales OU.

          Core syncs with AD (configurable schedule).  We have ours set to 20 minutes (we are a fairly small shop ~2500 users).   You place the AD based Sales query in the tasks assigned to that department.  Again core based schedule.  We only have ~800 queries which only takes about 16 minutes to complete.


          So to summarize:

          -Core determines OU membership.

          -Departmental query based on OU which is assigned to all required tasks(policies).  We put numbers at the beginning of the task names so we can control the order and minimize the reboots required.

          -Machine checks for policies, finds all of the policies, and queues them up in task order.


          I hope this all makes sense.  I can provide some screenshots of how we structured it if you'd like.  We used this structure to build all of our machines in our Win7 refresh and it worked almost perfect.

          • 2. Re: Multiple package deployment via Active Directory Security Group?

            Hi Novar, thanks for your response.


            So rather than having a 'meta-package' made up of smaller packages (as in the OS Deployment Template) and a single targeted security group applied to machines, you have multiple scheduled tasks, one for each software package? each scheduled task targeting an OU that you place the machine objects into? Correct?


            I could do as you have done and have a Staging OU to apply all our core software, and then a specific departmental OU to apply additional software. This would involve moving the machine object several times which I was trying to avoid, but I can live with that.


            How do you deal with deploying software to machines at a later date, for example if someone calls in and requests an approved software title that wasn't installed when the machine was initially rolled out?


            Some screenshots to show how you configured your setup would be great! I'd really appreciate that, thanks.


            Kind regards,


            • 3. Re: Multiple package deployment via Active Directory Security Group?

              Correct.  We only move the computer object once.  Our build script puts it in the Staging OU and we move it to the Dept OU when it has been assigned.


              For the later installs we have AD group based installs.  Adobe 9 Pro task is targeted with an AD group called SW-AdobePro9.


              Below is a screenshot of our tasks which may help (if you can see it)sample.jpg

              • 4. Re: Multiple package deployment via Active Directory Security Group?

                Thanks Novar, very helpful, I'll attempt to replicate this.