We’re currently in the processes of implementing SCCM 2012. I’m looking at this from an application deployment perspective; currently we use Group Policy exclusively for application deployment and configuration. I’ve got a couple of questions that I hope someone might be able to answer.
Software uninstalls
Currently with Group Policy we create a number of policies centrally and allow our delegated administrators to apply them to their own OUs to install software. When unlinking the policies the software subsequently uninstalls. This is particularly useful for licensed software whereby we only allow members of specific AD groups to ‘read/apply’ the policy. Therefore if the software is installed and then they’re removed from the group, the software would uninstall at next reboot. I’ve looked into replicating this functionality with SCCM but can’t see exactly how. I understand I need to create two separate applications; an install and a uninstall. I can then restrict deployment of this application to a collection that only contains members of an AD group which works fine. However for the uninstall, I could restrict this to members who are *not* in the AD group, but this won’t work in our environment. For numerous reasons we may have the same software installed on PCs by methods other than SCCM and we don’t want SCCM to uninstall it from these. Ideally what I’d like to do is create a query to say “if the application has been installed via SCCM, and the PC has subsequently fallen out of scope of the collection (been removed from the group), then uninstall the application”. Is this possible?
Application settings
Secondly, with group policy we package application and relevant settings such as registry keys, and settings from ADMX templates into the same policies. I understand we can deploy simple settings from SCCM such as registry keys, however we still like the extensibility of Group Policy ADMX templates. Is there a recommendation of how to configure application deployment and settings deployment in tandem? Should we do away with group policies in favour of trying to package all settings manually as registry keys with SCCM? If so this seems a backwards-step as the configuration options acheiuevable with Group Policy are vast. Is there a way to tally up SCCM and GP so that if an application is deployed to a PC, then the GP settings relevant to that application are also applied?
Hope this all makes sense.
Cheers,
Phil