Systems Management
Creating ConfigMgr Global Conditions
Topics: Systems Management
Do you need to install an application only when another application is already installed? Or, do you need to prevent an application from installing if a different application is already installed? I have been in both situations before which is why I’ve setup global conditions to check for the existence or non-existence of already installed applications. In this post, I’ll show you how to create ConfigMgr global conditions to check SMS_InstalledSoftware in the application type requirement.
Situation
You want to upgrade an application, so let’s use Microsoft 365 Apps (M365) for enterprise as the example. You know that if you upgrade a user who has Office 2016 and the plugin Faxcom installed, it will successfully upgrade Office 2016 to M365, but break Faxcom in the process, requiring an uninstall and reinstall to fix Faxcom. In order to prevent someone from installing M365 from the Software Catalog and breaking one of their business-critical applications, you can leverage requirements on the application, which are your global conditions.
To learn more about global conditions, check out the MSFT docs https://docs.microsoft.com/en-us/mem/configmgr/apps/deploy-use/create-global-conditions. If you’d like to learn more about how I’ve deployed M365, check out my M365 blog series.
How to Create ConfigMgr Global Conditions
Start by creating a new global condition. Give it a name and a description. Make sure the Setting type is set to Script and then add your code. Below the screenshot, I show the code I used for my script.
Name: SMS_InstalledSoftware - ARPDisplayName
Description:
This will gather the results from all ARPDisplayNames in SMS_InstallSoftware and merge them into a string which gets returned.
Code:
$AllApps = Get-CimInstance -Namespace root/cimv2/sms -ClassName SMS_InstalledSoftware
Foreach ($App in $AllApps)
{
$AppDisplayName += ",$($App.ARPDisplayName)"
}
$AppDisplayName
Here is what the output of PowerShell code on a ConfigMgr client looks like:
Once you create the global condition, you can use it in an application as a requirement. However, before I add requirements to production applications, I have a “Fake App” I like to use for testing things. I will use this app to test this new global condition.
Testing the ConfigMgr Global Condition
On the application, go to Deployment Types and then go to the Requirements tab. Click Add which allows you to create a requirement. When you choose Custom from the Category field, it will pull from your global conditions. Now I select the one I just created, add Does not contain and type in Greenshot for the value.
What does this do? When the application evaluates on the endpoint, it will run this condition, and if it finds an application installed with the ARPDisplayName that CONTAINS Greenshot, it will NOT allow it to install.
Next, I head over to Software Center and try to install the FakeApp with the requirement on a machine that has Greenshot installed and another that doesn’t have it installed. You can see in the screenshots below that the results were as expected.
Reporting Results
And, just how do you figure out why an app failed? Let’s go to reporting in the console.
Under the Requirements Not Met tab, you can see the machine(s) that did not meet the requirements along with the reason. This is nice if you have several requirements on an application and you want to know which one it failed on.
SMS_InstalledSoftware
You can use other fields in SMS_InstalledSoftware, but so far, I’ve only found Publisher to be helpful. In a few instances, we’ve found some applications having similar names from different publishers, but the publisher itself was unique.
Name: SMS_InstalledSoftware - Publisher
Description:
This will gather the results from all Publishers in SMS_InstallSoftware and merge them into a string which gets returned.
Code:
$AllApps = Get-CimInstance -Namespace root/cimv2/sms -ClassName SMS_InstalledSoftware
Foreach ($App in $AllApps)
{
$AppPublisher += ",$($App.Publisher)"
}
$AppPublisher
Leverage PowerShell in ConfigMgr Global Conditions
Leveraging PowerShell in global conditions, gives you the power to add very specialized requirements on your application deployments to granularly control which machines will allow it to install. Now, go forth and allow your deployment teams to deploy your apps in peace knowing even if they deploy them to all systems, it will only install on the correct machines! You can harness the power of global conditions and app deployment type requirements.*
*This is NOT an endorsement of making broad deployments or targeting all systems, just merely making a point that requirements, when properly implemented, can reduce risk and ensure apps get installed on the correct endpoints.