Tuesday, July 3, 2018

Creating Global Conditions in System Center Configuration Manager for Office 365 deployments

Creating Global Conditions in System Center configuration Manager for Office 365 deployments

Firstly I would recommend reading the Microsoft docs article below.
https://docs.microsoft.com/en-us/sccm/apps/deploy-use/create-global-conditions

Software Library > Application Management > Global Conditions.

Scenario: I have an AD group "SD-LSG-Comp-Microsoft Project ClickToRun" with computer objects that should install Office 365 - ProjectProXVolume edition. I wanted to create one application with multiple deployment types depending on their AD membership.


For example if the computer is only a members of the "SD-LSG-Comp-Microsoft Project ClickToRun" AD group then the deployment should only run the deployment Type "Office 365 Default Deployment Type-Install_InstallProject.cmd".  


This deplyoment Type calls the Office 365 setup.exe with a configuration xml detailing the <Product ID="ProjectProXVolume">.


(For a detailed understanding of how to package Office 365 see here. This blog will be updated to reflect the latest setup.exe and the switch <RemoveMSI All="True" />)


<Configuration>

<Add OfficeClientEdition="32" Channel="Monthly" OfficeMgmtCOM="True" AllowCdnFallback="True">
<Product ID="ProjectProXVolume">
<Language ID="en-us" />
</Product>
</Add>
<Updates Enabled="TRUE" />
<Display Level="none" AcceptEULA="TRUE" />
<Logging Path="%Windir%\Temp\" />
<Property Name="AUTOACTIVATE" Value="1" />
</Configuration>

For the deployment to choose  "Office 365 Default Deployment Type-Install_InstallProject.cmd" we need to create a global condition that will issue a $True value if the computer is a member of the AD group "SD-LSG-Comp-Microsoft Project ClickToRun".



The global condition created below, will run a Powershell script on the local computer listing all the groups the computer is a member of and if one of the groups found matches the AD group "SD-LSG-Comp-Microsoft Project ClickToRun" issue a $true value and stop the script. 





#Get groups of local computer
$Group = "AD Group Name"
$ComputerMembership = ([adsisearcher]"(&(objectCategory=computer)(cn=$env:COMPUTERNAME))").FindOne().Properties.memberof -replace '^CN=([^,]+).+$','$1' | % {If ($_ -ieq $Group) {$true;break;} }

For the deployment to be linked to the AD group  the deployment type "Office 365 Default Deployment Type-Install_InstallProject.cmd" must have a "Requirement type" set.

We now simply set a the global condition created to equal True. 





In my screen shot i have multiple deployment types for several scenarios i.e. Visio and Project, Visio, Project, Office365, Office 365 during a Task Sequence.





See Global Condition details below.

 #Get groups of local computer
$Group = "AD Group Name" #The AD group name to be filtered.
$ComputerMembership = ([adsisearcher]"(&(objectCategory=computer)(cn=$env:COMPUTERNAME))").FindOne().Properties.memberof -replace '^CN=([^,]+).+$','$1' | % {If ($_ -ieq $Group) {$true;break;} }































#Get process TSManager; will issue true if within a Task Sequence
[bool] (Get-Process TSmanager -ea 0)