Re: Mandatory assignments, "Logon" switch
From: Shehzad Khoja [MSFT] (srkhoja_at_online.microsoft.com)
Date: 02/22/05
- Next message: Berni: "Re: Should software updates take an inordinately long time?"
- Previous message: Shehzad Khoja [MSFT]: "Re: SMS 2003 and AD User Groups"
- Maybe in reply to: Lars Gregers: "Mandatory assignments, "Logon" switch"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 22 Feb 2005 11:28:09 -0800
Also understand that any user group membership changes are not known on the
client until user logs on the client (without cached credentials). So you
may see 2 logons after creating the advertisement and it actually being
executed. But it is contingent on client not using cached credentials,
discovery methods & their frequency, collection updates cycles and client
requesting policy.
Hope this helps.
-- This posting is provided "AS IS" with no warranties, and confers no rights. "Shehzad Khoja [MSFT]" <srkhoja@online.microsoft.com> wrote in message news:... > For one-shot triggers i would recommend using a time based schedules (as > opposed to ASAP schedule) so that you will be allowed to re-run a program > easily. Since this is not valid for you you should be fine with schedule. > However, I am not sure what you want to ask about machine policy vs user > policy. If possible, I prefer machine policy because tracking status of an > advertisement is easier based on machines rather than users. > > It is not a problem if users logon using cached credentials but you should > understand that at that point SMS client will not be able to contact MP > and therefore program will not be executed. > > As your last question, it depends on when user gets the policy and if s\he > is using cached credentials? This time also depends on your frequency of > AD User user group discovery and collection being updated (if applicable). > What you can do is, find the time when SMS sent 10002 status message and > from there look for event id 528 in security NT event log (generated after > SMS generating 10002 status message) and make sure that event log 528 is > generated for same user who has the policy and he was able to connect to > the MP. If you find 2\3 528 events for interactive logons for the users > then please send us a copy of all NT Event logs and SMS logs. > > Does this answer your questions? > > -- > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > "Lars Gregers" <larsherg@hotmail.com> wrote in message > news:opsmjfswq29tuqu6@lars.ad.grep.no... >> thanks for answering >> >> I just want the program to run once so that is not the problem. >> Is there a best practice when using Mandatatory assignments, >> for example whats best of using User policy or Machine Policy. >> Is there a problem that users uses laptops and is logging on cached >> profiles when they are not at work. >> >> sometimes the user gets the program after the first logon, sometimes the >> user gets >> it after the second or third and sometimes it doesnt go in automaticly at >> all. >> >> lars >> >> >> On Fri, 18 Feb 2005 07:14:04 -0800, Shehzad Khoja [MSFT] >> <srkhoja@online.microsoft.com> wrote: >> >>> If advertisement schedule just has one schedule to run on logon then >>> program >>> will run only on first logon and if it has been executed successfully >>> then >>> SMS will not run it on every logon. If you want to run a program on >>> every >>> logon then you should also add a re-occuring schedule with Logon >>> schedule. >>> >>> Let me know if this doesn't solve your problem. >>> >> >> >> >> -- >> Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ > >
- Next message: Berni: "Re: Should software updates take an inordinately long time?"
- Previous message: Shehzad Khoja [MSFT]: "Re: SMS 2003 and AD User Groups"
- Maybe in reply to: Lars Gregers: "Mandatory assignments, "Logon" switch"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
