×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Exclude an Active Directory OU from SMS Client Push

Exclude an Active Directory OU from SMS Client Push

Exclude an Active Directory OU from SMS Client Push

(OP)
How to exclude computers in an Active Directory OU from SMS Client Push?

We are in Advanced Security mode. I tried denying Read permission for the SMS Site Server's computer account for the OU I wish to exclude. It didn't work. The computers are still being discovered and showing in "All Computers" collection.

Any help would be really appreciated.

-Keshav

RE: Exclude an Active Directory OU from SMS Client Push

I dont think that can happen. SMS reads the AD information from the AD db.  You can of course prevent installation of clients by various methods, but I've never heard of preventing SMS from seeing something in the same domains AD.
 The only other thing I would think would work if you created another Domain in the forest and place those computers in that domain.

RE: Exclude an Active Directory OU from SMS Client Push

The other perhaps more practicle method is to use a GPO script to install the client and not apply the script to that OU.  This is how I setup every account I do.  (there are several scripts "out there" including some very good sms client health scripts that run at startup)

RE: Exclude an Active Directory OU from SMS Client Push

(OP)
Thanks for your response. We already have the GPO method of SMS Advanced Client installation in place. This is just to know if OU exclusion if possible.

RE: Exclude an Active Directory OU from SMS Client Push

You could make a collection say all computers and add a subselect statement to it say:

select * from SMS_R_System where SystemOUName = "ABC1.ABC.YOURDOMAIN.COM/ OUNAME / OUNAME / OUNAME /WORKSTATIONS/STANDARD"

This would see all the computers in ad but prevent those from a sms push of the client.


***Subselect instructions:
http://www.myitforum.com/articles/1/view.asp?id=179

RE: Exclude an Active Directory OU from SMS Client Push

(OP)
Thanks for your reply. I believe this method will be more helpful for Client Push Installation Wizard (initiated from SMS Admin Console). How do I use this for configuring Client Push Installation on a secondary site? If I enable Client Push on a secondary site, won't all the computers with in the assigned site boundaries be discovered and SMS Adv Clients be installed (irrespective of the OUs they belong)?

The subselect method did solve one of my other puzzles smile

-Keshav

RE: Exclude an Active Directory OU from SMS Client Push

(OP)
Btw, I had raised a PSS case with Microsoft and they replied today that it won't be possible. sad

-Keshav

RE: Exclude an Active Directory OU from SMS Client Push

Although I have never done it, if you open your console to Site settings | Discovery Methods | and right click Active directory security group discovery and select help, it indicated you can you can discover OU's, that said if you can do that you should be able to create a query based collection based on the OU you discovered and push tho that collection only.

RE: Exclude an Active Directory OU from SMS Client Push

(OP)
Thanks for your reply. I think this is perfect for the Client Push Installation Wizard which an SMS Administrator will use to push the SMS Advanced Client to computers in a collection. I am talking about the Client Push Installation enabled on an SMS Site. As per my understanding, this will  automatically install SMS Advanced Client on the discovered computers (irrespective of their OU/Collection memberships) falling with in the subnets assigned as Site Boundaries to that SMS Site. Please correct me if I am wrong.

-Keshav

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close