4 Replies Latest reply on Feb 11, 2010 4:46 PM by dhandy

    Installing and Uninstalling via an AD Group

    dhandy Apprentice

      Hi Everyone,


      We have recently chosen LANDesk as our preferred management software and after setting up OSD we have moved onto packaging and installing apps. One of the features we would like to implement is application installing based on AD group given LanDesk has no linear security on device groups. We have setup an ad group with computers in it and have successfully targeted software to the group via a policy based scheduled task, one thing that does not work though (which should) is when we remove the device from the AD group it is not removed from the scheduled task and subsequently the application does not run it's uninstall (it has one associated with the package)


      I have implemented the registry key change for the device to enumereate ldap groups although for some reason when doing a manual policy sync these groups seem to dissapear from inventory. We are starting to get a little frustrated and hoping it might be something simple or something we have missed? Does anyone have any suggestions or does anyone actually have this working in their environment like this?




      David H

        • 1. Re: Installing and Uninstalling via an AD Group
          Spartan Apprentice

          What deployment method are you using?


          I may be wrong here but I believe policy based is the only method capable of doing this.

          You also need an uninstall package associated with the package in question.


          We often deploy via AD groups but I have never tried the removal side of things (I will test and let you know for sure).






          I ran a test in my lab environment and this worked quite well except for the fact that the machine/user still shows up in my scheduled tasks.

          Which is odd.


          Test was as follows:

          Setup a group in AD and added my test machine to the group.

          Scheduled my a policy based distribution (which includes an Uninstall Association)

          setup a query in Directory Manager

          Targeted this query and started my task.


          On my client I ran a policy update to get the ball rolling and it installed as expected.

          Removed my computer from the group in AD and let the client sit for a little over an hour (to allow for directory refresh).

          Checked my client machine and the software was gone.


          I even tried to restart the task, but the machine does not go away.

          Fortunately it does not run the task which is good, but still... (Status is Waiting)


          Message was edited by: Doc

          • 2. Re: Installing and Uninstalling via an AD Group
            dhandy Apprentice

            Hey Doc,


            Thanks for the response, we are using a policy method and a mixture of msis/batch files for our packages. There is a package associated with the uninstall.


            Were you targeting user or targeting a computer? Did the task ever go away? What would happen now if you wanted the app to go back down again?


            Thanks for your help.



            • 3. Re: Installing and Uninstalling via an AD Group
              Spartan Apprentice

              The test above dealt with the computer but I normally target users in AD as we are a 1to1 school and our users often find themselves with loaner machines.

              When targeting machines I normally use "device" queries.


              I ran the test again adding a user rather then a machine in my targeted query and it had the same results.



              Disregard VM_IT_TESTER_4 as this is an unrelated test machine that my test user logged into.

              Test machine is VM_IT_NB_TESTER


              The "Unknown" machine popped up some time after I removed the user from the group (when the LDAP query refreshed).

              After doing a policy update on the machine the software removed itself. My machine however remained (as you can see) which would make it difficult to determine who is actually part of this task based on the devices in the task.


              I added my user back into the test group and a short time later (after forcing a few policy updates on my client) the software in question reinstalled itself.

              I forced the policy updates on the client because my agent only checks for policies every 2 hours.


              Note: My distribution was just two self extracting archives (One dependant on the other) and the removal was a batch file that cleaned up the files. But what you are distributing should not matter.


              Make sure you have LdapGroupEnumeration turned on if you are planning on targeting users (This may be disabled by default depending on your version).

              Here is a link to a good article on this: http://community.landesk.com/support/docs/DOC-3426

              1 of 1 people found this helpful
              • 4. Re: Installing and Uninstalling via an AD Group
                dhandy Apprentice

                Hi Guys, quick update on this. This issue still exists in nine and I have been working with support on a patch. We are testing it at the moment.