Configuration Manager 2012: User Device Affinity and OS Deployment

As we move to Configuration Manager 2012 we have spent a lot of time focusing on user centric software distribution. One of the new concepts we have introduced is a concept called user device affinity (UDA). This provides the ability to define a relationship between a user and a device. It allows the admin to think “user first”, while also ensuring the application not installed everywhere the user logs on. Configuration Manager 2012 supports: single primary user to primary device, multiple primary devices per user, and multiple primary users per device.

Now when we look at operating system deployment we are still limited to machine targeting, however we can still prepare the system for user centric management. That is where the ability to set the UDA relationship is important.

So let’s look at how we can leverage our user centric software distribution and integrate it into our operating system deployment process.

Step 1. Create your task sequence. Configure task sequence similar to how you would in ConfigMgr 2007. Except in your ConfigMgr 2012 task sequence, let’s focus on only adding applications to your task sequence that require state restore. We will talk about how the rest of the applications get to the user shortly.

So after we have created a task sequence we are going to want to edit it. We are going to add a variable to the being of the task sequence SMSTSAssignUsersMode, this can have one of the following values:

  • Auto - the UDA will be processed during provisioning and automatically approved
  • Pending - the UDA will be processed during provisioning and await administrator approval
  • Disabled – does not allow UDA to be set during the task sequence

The purpose of this variable is to control on a task sequence level if you want to allow the ability to set UDA. The variable does not have to be set as part of the task sequence, it can be a computer variable, collection variable or set as part of the prestart command.

Step 2. Create a prestart command that you can prompt the end user to provide a user ID. This is the user ID that will be set in the relationship. The prestart command can be something simple like a VBScript with a input box to a fancy HTA that might provide some validation of the end user inputting the information. Basically an extensible solution, in case you might want to tie into a third party database or other resource to get the information. 

The variable we want to set the information on is: SMSTSUdaUsers. This variable can contain one to many users. It needs to have the user in the following format Domain\User1, Domain\User2.

Below is a sample of code to set the UDA variable from a VBScript. From an input or other source, configure the script variable UDAUser and it will set the task sequence environment. 

set env = CreateObject("Microsoft.SMS.TSEnvironment")
env("SMSTSUdaUsers") = UDAUser

Step 3. Now we have one more area to discuss. There is an option on both PXE and media to secure the entry point. The reason for this is that you may allow technicians to provision with auto approval on UDA and then set all PXE servers to pending, so you can approve the UDA a user may set. This option is easily set from a drop down box in the UI.

Illustrated below: (Setting on the PXE tab of a distribution point)

image

OK. We have set up our task sequence, created a prestart command to get some input from a user for setting UDA and set all the appropriate settings. What does this mean for the applications. 

When deploying required applications to users, there is an option we like to call “pre-deploy”. This means that the users primary device will attempt to install the application that is targeted whether or no the use is logged in. When creating your user targeted, required deployment remember to enable the following checkbox in the deploy wizard.

image

Using these options will see your user targeted pre-deploy applications install immediately after the task sequence completed. 

End to end workflow:

image

Using this approach to operating system to deployment will allow for quicker provisioning and simplified task sequences. In my next post, I will follow with more details on provisioning Applications in a task sequence. In additional some advantages to deploying applications to users outside of a task sequence. 

John Vintzel
Microsoft Corporation | Sr. Program Manager | System Center Configuration Manager | twitter: jvintzel
http://blogs.technet.com/b/inside_osd

The blog is own by some members of the System Center Configuration Manager product team. These postings are provided "AS IS" with no warranties, and confer no rights.

  • Introduction to Configuration Manager 2012 - link
  • What’s New in Configuration Manager 2012 - link
  • Fundamentals of Configuration Manager 2012 - link
  • Download the ConfigMgr Beta 2 here
  • Join our 800 friends in the Community Evaluation Program here
  • Check out our Virtual Labs on Technet here
  • Download a pre configured Virtual Machine here

Comments

  • Anonymous
    January 01, 2003
    John, Do you have a followup post regarding the last step in the process "User Targeted Applications Set for Pre-Deploy Install"?  I am looking for information about how this works since there is no step you can create in the task sequence called "Install User Affinity Applications"... etc.

  • Anonymous
    January 01, 2003
    yes.  This is just one of the many options to set user device affinity.  This becomes helpful if you are provisioning unknown computers.

  • Anonymous
    February 02, 2012
    Hi, great article. I'm also interested in zero touch builds. I'm assuming that if we don't use the above method to set the userid for UDA during the build then the build will just use the userid that has been already defined in the console? (I'm hoped to prepoulate the user for all my workstations using the "Import User Device Affinity" CSV options)...