Background Zero Touch Provisioning utilizes Microsoft Systems Management server to provide the ability to easily manage machines, operating systems, and applications. The scenarios where SMS is used directly include the services: | • | Subscribe to Published Application. | | • | Remove Published Application. | | • | Upgrade My Computer. |
There are several important steps that need to be accomplished within SMS to allow an application or operating system to be sent to a machine. Here are some of the most frequent questions with answers immediately following. How are applications and image packages targeted at machines by default? Zero Touch Provisioning uses the addition and removal of direct membership rules to SMS collections to install and uninstall applications and operating systems to target machines. This allows for the quickest response to user application request while maintaining best practices for SMS configuration. How do I setup a Collection/Application to be published to my end users? 1. | Create an SMS Collection that is descriptively named like the software that you want to offer your end users. | 2. | Give any user or group that you want to allow to subscribe to this application Instance security rights to “read” the collection (in the example below all Domain Users will be able to choose the “Microsoft Visio 2003 (Viewer Only)” application). 
| 3. | Target an Advertisement at the collection that is configured with the software package that you want to allow users to install on request (in the example below the installation package is targeted at the collection show in the previous step). 
| 4. | Save your Collection and Advertisement. The net time users log onto the portal they should be presented with the newly published application. |
How do I get a machine to show up in the user interface for the “Subscribe to Published Application” service? The Provisioning engine runs the BizTalk Business Rule called "Zero Touch Managed Machines" to derive the list of machines that can have applications targeted at them by the current user. By default this rule looks for all machines in Active Directory in which the currently logged on user is listed in the “Managed By” attribute on the Computer account. Note: That is the default behavior; it can be changed if you modify the rule to look at whatever is appropriate for your customer. Why don’t the collections I have configured and secured appear in the drop down list? Once you choose a machine from the drop down list any SMS collections that have been configured with appropriate security rights (instance security rights to “read”) will appear. The Zero Touch Provisioning portal will filter out any collections that already include the machine that you have chosen. No applications will appear if the machine you have chosen is not an SMS client. How do I get a machine to show up in the user interface for the “Upgrade My Computer” service? The Provisioning engine runs the BizTalk Business Rule called “Zero Touch Upgradable Managed Machines" to derive the list of machines. By default this rule looks for all machines in Active Directory in which the currently logged on user is listed in the “Managed By” attribute on the Computer account that also have an OperatingSystem attribute that does not equal to “Windows XP Professional”. Note: That is the default behavior; it can be changed if you modify the rule to look at whatever is appropriate for your customer. How do I setup a Collection/OSD Image to be published to my end users? 1. | Create an SMS Collection that is descriptively named like the operating system version that you want to offer your end users. Ensure the text “OSDIMAGE” appears somewhere in the SMS Collection Comment. This allows the provisioning engine to distinguish image packages from application packages 
| 2. | Give any user that you want to allow to subscribe to this image Instance security rights to “read” the collection | 3. | Target an Advertisement at the collection that is configured with the image package that you want to allow users to install on request. |
How do I set up a collection to automatically uninstall an application that they have unsubscribed to? You can use the flexibility inherent in SMS Query based collections to allow users to have software automatically uninstalled when they unsubscribe to an application. To correctly configure an SMS collection to manage the un-installation process for you automatically complete the following steps. 1. | Start your SMS Administrator console in Debug mode To operate the Administrator Console in Node Information mode, start the console with the following command line: mmc.exe /sms:NodeInfo=1 D:\sms\bin\i386\sms.msc
where D is your Systems Management Server installation directory. This will add an extra property page (tab) called Node Information to every property sheet. | 2. | Select the collection that you have setup as a Zero Touch published application using the instructions presented earlier. Right click on the selected collection and select properties. Select the “Node Information” tab. You should see the following. Note the CollectionID value, you will need it later. | 3. | Select the Advertisement that was targeted at your published Collection. Right click on the selected Advertisement and select properties. Select the “Node Information” tab. You should see the following. Note the AdvertisementID value, you will need it later. | 4. | Create a new Collection to house your un-installation targets | 5. | Select your newly created collection 1. | Right click | 2. | Select properties | 3. | Select the “Membership Rules tab” | 4. | Click the “Create Query Rule” button | 5. | Name your new query rule “Automatic Uninstallation” | 6. | Click the “Edit Query Statement” button | 7. | Click the “Show Query Language” button | 8. | Enter the text below, substituting the CollectionID and AdvertisementID values that we collected earlier Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line. Select SMS_R_System.Name,
SMS_R_System.ResourceID from SMS_R_System,
SMS_ClientAdvertisementStatus Where
SMS_R_System.ResourceID =
SMS_ClientAdvertisementStatus.ResourceID
AND SMS_ClientAdvertisementStatus.
LastStateName = 'Succeeded'
And SMS_ClientAdvertisementStatus.
AdvertisementID ='%YOUR AdvertismentID HERE%'
AND Not SMS_R_System.ResourceID
IN(SELECT ResourceID
from SMS_CM_RES_COLL_%YOUR
COLLECTION ID HERE%) | 9. | Save your changes to the collection |
| 6. | Create an Advertisement that performs an uninstall of the application that we published to the user. | 7. | Target your newly created uninstall application to your newly created collection |
There are several items of note that administrators need to be aware of when setting up an automated un-installation in this manner: | • | The collection evaluation interval of your un-installation collection will affect how long it takes to remove the software off of an end users machine | | • | It is suggested that you make your un-installation procedures silent so that they do not require end user intervention | | • | It is suggested that you maximize collection evaluation settings to reduce load on the SMS collection evaluator component. |
| 
