Could this be the solution to many of our SCCM deployment woes?
User Affinity is shaping up to be one of the most promising new features in SCCM 2012. What is User Affinity? This new feature creates a “link” called an “Affinity” between a user and their primary device(s). Yes you read that correctly, users can have more than one primary device. With this “Affinity” in place, software can be assigned to the user and it will only be installed on the devices in the user’s “Affinity” list. Sounds simple right, well it has taken Microsoft a while to get this into their product. Now that it is here, SCCM administrators can once again broach the topic of user assigned software instead of computer based assignments. All this without the worry of software ending up in places where it shouldn’t and the associated licensing headache.
So how does this “Affinity” work?
When a workstation is built, the task sequence has two new variables that can be set. As long as the SCCM distribution point has been configured to accept the Affinity assignments during the build then the Affinity links to users can be defined on the fly during the build process.
The first variable is “SMSTSAssignUsersMode”. This variable can be set to one of three settings depending on the desired behavior of Affinity creation. If set to “Auto”, the Affinity processing will be automatically approved by SCCM. Set to “Pending”, the Affinity rules created during the build will require central approval via SCCM administrators. Lastly, set to “Disabled” no user Affinity processing will take place.
The second variable is “SMSTSUdaUsers”. This is where the magic happens. One or more users can be assigned to this variable in the format of “DOMAINUsername”. This can be done by any number of traditional methods for setting task sequence variables such as VBScript, custom executable, or the popular HTA method. We’ll talk more about this in a bit! Once the user is assigned to the variable, then the SCCM client will create the Affinity to the workstation in SCCM. After the task sequence completes the SCCM, client will begin installing User assigned applications that match the Affinity of the machine.
How can this make the deployment of workstation easier?
Over the last few years, many of our client’s shifted from 3rd party software distribution tools to SCCM 2007 only to realize the headache of user based software assignment after the fact. At Kraft Kennedy we have assisted clients with this challenge in a number of ways, ranging from simple Direct Membership assignments to assigning software to workstations via Active Directory Security Groups, all the way up to customized databases for linking software assignments to users and installing the assignments on the fly during the task sequence via Multiple Application Installation tasks. The latter of these options brought clients very close to Microsoft’s “Zero Touch” build process, but requires a fair amount of custom code. Achieving Zero Touch builds is realistic for homogenous workstation environments. In reality, especially for those of you in the Legal community, workstations require many different combinations of applications and many of the combinations apply to one or two users at best.
User Affinity looks to be the sweetheart solution to a lot of these deployment issues. Circling back around to the actual assignment of Affinity values during the build; to make this concept work in a Zero Touch environment all we are going to need is (1) users properly assigned software and (2) a simple system such as a database for linking hardware to usernames. The only custom code required will be the process for assigning the User Affinity variables during the task sequence according to the entries in the linking system. SCCM will take care of the rest by installing the usual build software and the “Affinity” assigned software immediately after the build.
At Kraft Kennedy we are working on a web front-end that is SharePoint compatible for easy and central creation of the “Affinity” links to be used during the build process. How are you planning on implementing the new “Affinity” feature?
For those of you looking for some additional information on this topic John V. at Microsoft has a great post on the topic found HERE.