Logo
CAR REVIEW
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
PREGNANCY
 
 
Windows Server

System Center Configuration Manager 2007 : Distributing Packages - Creating Collections (part 5) - Exclusion Collections

12/28/2013 2:55:09 AM
3.3 Exclusion Collections

An interesting situation occurs when trying to create a collection for systems that do not match a condition. As an example, it is easy to create a collection of systems that have a particular file deployed to them. It is more difficult to create a collection of systems without that file deployed to them. You can accomplish this by creating a custom query that uses a subselect to exclude the members of another query.

Exclusion collections are useful in situations where you want software to deploy to a large number of systems but have specific systems you want to exclude. An example of where this applies is with validated systems. A validated system is one that has a strict process to validate system functionality any time software is installed on it. Typically, these types of systems are patched less frequently, with larger number of patches occurring at the same time to minimize the time required to execute the validation process.

To create an exclusion collection, the first thing to do is identify the collection you want to exclude. Navigate to Collection IDs in the Configuration Manager console by going to System Center Configuration Manager -> Site Database -> Computer Management -> Collections. In this case, Validated Systems is the collection you want to exclude, and it has a Collection ID of CEN0000E, as displayed in Figure 21.

Figure 21. Determining the collection ID for the Validated System collection

The goal is to create a collection based on the Forefront Client Deployment collection that does not include the members of the Validated Systems collection. As you see in Figure 22, there are currently 11 systems meeting the criteria defined earlier for the original Forefront Client Deployment collection.

Figure 22. Members of the Forefront Client Deployment collection

In contrast to the Forefront Client Deployment collection, the Validated Systems collection displayed in Figure 23 is a static collection with Buda and Thalia as members .

Figure 23. Members of the Validated Systems collection

There now are two collections: One contains 11 members (including Buda and Thalia) and the second contains only two members (Buda and Thalia). You can modify the query that defines the Forefront Client Deployment collection to tell the first collection to exclude members of the second collection. Add the following code to the original query:

and SMS_R_System.ResourceID not in (Select ResourceID from
SMS_FullCollectionMembership where CollectionID="<collection ID>")

The query restricts this particular collection to the collection ID CEN0000E. The complete query will look like Figure 24.

Figure 24. New query removing validated systems from the Forefront Client Deployment collection


By editing the WMI Query Language (WQL) code directly, you can create additional criteria to limit the collection. Here, System Resource – ResourceID (SMS_R_System.ResourceID) is added to the criteria list as a subselect type, and “not in” is used as the operator.

You can use the same concept to exclude multiple collections. Simply specify multiple collections to exclude, such as:

and SMS_R_System.ResourceID not in (Select ResourceID from
SMS_FullCollectionMembership where CollectionID="<collection ID>",
"<collection ID 2>", ...)

You can also add this directly via the user interface (UI) through the Criterion Properties, shown in Figure 25, which shows the original collection criterion changed to remove the members of the CEN0000E collection.

Figure 25. Changing the criterion to exclude a collection


Tip: Benefits of Using Two Collections

You may find it useful to have both a “not in” collection and a collection defined as “which ones are missing from the other collection.” This technique allows you to define a very complicated collection for the actual membership; then the second collection is just a comparison between (as an example) all systems and the “not in” collection.

To illustrate how this can work, consider a case using antivirus systems. Here, you may want one collection that has all systems that have McAfee and another collection that has all systems that do not have McAfee. One is used to get an action (perhaps to update a date file) and the other is set with another action (deploy the McAfee software).

You can also easily create a collection that excludes members from one collection and from a second collection, such as a “servers without antivirus” collection, which is a collection containing any server without McAfee or Norton or Forefront, and so on.


The original Forefront Client Deployment collection had 11 resources, and the Validated Systems has two resources that overlap between the two collections. By excluding those resources in the second collection, the expectation is the new collection will only have nine resources and not contain the resources from the Validated Systems collection (Buda and Thalia). The contents of the new Forefront Client Deployment collection, displayed in Figure 26, confirm that the collection does not include the members of the Validated Systems collection.

Figure 26. Forefront Client Deployment collection without Validated Systems resources

3.4 Collection Flexibility

These include collections with static members, dynamic memberships, subcollections, and exclusion collections. Each of these demonstrates the flexibility of the ConfigMgr collection functionality, which really comes down to the powerful ability to target exactly what you need to target with your collections.

Right-clicking a Collection

If you want to see the power and flexibility of Configuration Manager 2007, a great way to do so is to simply right-click a collection. The resulting list is staggering at first glance. As you would expect with a right-click, you can see the properties of the collection, delete the collection, get help, refresh the contents, and customize the view that you are seeing. However, with a simple right-click, you can also show the count of how many systems are in the collection, update the membership of the collection, install the ConfigMgr client to the systems in the collection, and modify the settings of the collection or export the objects in the collection. You can create a new collection or a new link to a collection, delete the resource in the collection, and distribute software to the collection.

Although that sounds like a long list, it is just the beginning! How about transferring site settings or clearing the last PXE advertisement, advertising a task sequence, assigning a baseline configuration, or performing Out of Band Management on the systems in the collection. The point here is that collections are extremely powerful and extremely flexible, and they are a key piece of how you can configure Configuration Manager to perform very complex and granular forms of targeting.

Other -----------------
- Sharepoint 2013 : New Installation and Configuration - Configuring Your SharePoint Farm
- Sharepoint 2013 : New Installation and Configuration - Managed Accounts
- Sharepoint 2013 : New Installation and Configuration - SharePoint Products Configuration Wizard
- Sharepoint 2013 : New Installation and Configuration - Choosing the Installation Type
- Sharepoint 2013 : New Installation and Configuration - SharePoint 2013 Prerequisites
- Windows Server 2012 Group Policies and Policy Management : GPO Administrative Tasks - GPO Administrative Delegation
- Windows Server 2012 Group Policies and Policy Management : GPO Administrative Tasks - Troubleshooting Group Policies
- Windows Server 2012 Group Policies and Policy Management : GPO Administrative Tasks - Backing Up and Restoring Domain GPOs
- Windows Server 2012 Group Policies and Policy Management : GPO Administrative Tasks - Creating and Linking WMI Filters to GPOs
- Windows Server 2012 Group Policies and Policy Management : GPO Administrative Tasks - Creating and Using Starter GPOs
- Windows Server 2012 Group Policies and Policy Management : GPO Administrative Tasks - Creating a GPO Central Store
- Windows Server 2012 Group Policies and Policy Management : Designing a Group Policy Infrastructure
- Microsoft Lync Server 2013 : Deploying Lync Online - Configuring an Auto Attendant Number
- Microsoft Lync Server 2013 : Deploying Lync Online - Enabling Users for Exchange UM, Configuring a Subscriber Access Number
- Microsoft Lync Server 2013 : Deploying Lync Online - Configuring Lync-to-Phone, Creating a SIP URI Dial Plan
- Microsoft Lync Server 2013 : Deploying Lync Online - Configuring Dial-in Conferencing, Configuring Lync Properties for User Accounts
- Microsoft Lync Server 2013 : Deploying Lync Online - Adding User Accounts in Bulk, Configuring Federation and Public IM
- Microsoft Lync Server 2013 : Deploying Lync Online - Adding User Accounts Using the Online Portal
- Microsoft Lync Server 2013 : Deploying Lync Online - Adding Domains to Lync Online
- Microsoft Lync Server 2013 : Office 365 and Lync Online - Experiencing Lync Online
 
 
Most view of day
- Configuring Startup and Troubleshooting Startup Issues : Understanding the Startup Process
- Windows Server 2008 R2 high-availability and recovery features : Installing and Administering Network Load Balancing (part 1) - Adding Network Load Balancing feature
- Microsoft Excel 2010 : Calculating the Mode (part 1)
- Sharepoint 2013 : SharePoint Designer and Branding - SharePoint 2013 User Interface
- Microsoft Exchange Server 2007 : Single Copy Clusters (part 2) - Installing Exchange Server 2007 on the Active Node
- Sharepoint 2013 : Managing Security - Grant Permissions to a File or List Item
- Microsoft Visio 2010 : Working with Individual Shapes - Resizing and Rotating Shapes
- Maintaining Security : Restricting Access on the Computer
- Adobe Dreamweaver CS5 : Using Library Items and Server-side Includes (part 1) - Using the Library Assets Panel - Adding a Library item
- SQL Server 2008 R2 : Creating and Managing Stored Procedures - Debugging Stored Procedures Using SQL Server Management Studio
Top 10
- Microsoft Lync Server 2013 : Director Troubleshooting (part 3) - Synthetic Transactions,Telnet
- Microsoft Lync Server 2013 : Director Troubleshooting (part 2) - DNS Records, Logs
- Microsoft Lync Server 2013 : Director Troubleshooting (part 1) - Redirects, Certificates
- Microsoft Lync Server 2013 : Administration of the Director Role (part 4) - Services Management, Client Version Filter
- Microsoft Lync Server 2013 : Administration of the Director Role (part 3) - Topology Status
- Microsoft Lync Server 2013 : Administration of the Director Role (part 2) - Ports,Firewall Rules
- Microsoft Lync Server 2013 : Administration of the Director Role (part 1) - Services
- Microsoft Lync Server 2013 : Configuring the Director (part 2) - Web Services Ports,Reverse Proxy
- Microsoft Lync Server 2013 : Configuring the Director (part 1) - SRV Records, Web Services FQDN Overrides
- Sharepoint 2013 : SharePoint Designer 2013 (part 2) - Locking Down SharePoint Designer
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro