Role-based Application Sets are associated with one or more Management Groups. Before you define Role-based Application Sets, you will need to create Management Groups in the SLA Platform that correspond to the roles or locations that your Application Sets will apply to. Management Groups can be defined using AD Site, OU or Computer Name. You can use partial matching of computer name in a Management Group definition, so if your computer naming convention includes identifiers for location or department - for example, 1E UKMK L1234 identifies a computer in the UK and in the Marketing (MK) team - then you can use this to define your Management Groups.
Role-based Application Sets are built by defining the name of the set and the Management Groups that the set is associated with. You then add applications to the set. The expected results of defined Role-based Application Sets on a given computer can be previewed from the Preview Machine page in the Application Migration admin interface. At deployment time, the Application Migration step in the Task Sequence will return the list of applications that need to be installed based on matching of the computer name, OU and AD site of the computer being deployed.
If a computer meets the criteria of multiple Management Groups, the union of all applicable application sets will apply. If two or more applicable application sets include different versions or editions of the same application (vendor and title), Application Migration will attempt to install all versions / editions. The end result on the machine will depend on the behavior of the vendor's installers - for example, if they support side-by-side installation of multiple versions - and may be affected by Application Supersedence rules in Configuration Manager.
Note that migration rules will be applied to a Role-based Application Set before the results are returned. For example, if your application set includes Visio 2013 but there is a rule applicable to the computer being deployed that upgrades Visio 2013 to Visio 2016, Application Migration will return Visio 2016 in the list of applications to be installed.
Working with Role-based Application Sets
Below are some worked examples that demonstrate the behavior of Role-based Application Sets. For these examples, the following Management Groups have been created.
|Management Group Name||Membership criteria||Members|
|All Workstations||Workstations OU||PC0001, PC0002, PC0003, PC0004, PC0005|
|Engineering||Workstations\Engineering OU||PC0002, PC0004|
|Portland, OR||Portland AD Site||PC0001, PC0002 (and 4 servers)|
|Seattle, WA||Seattle AD Site||PC0003|
|Oakland, CA||Oakland AD Site||PC0004, PC0005|
Simple implementation of a Role-based Application Set
In the following example, a Role-based Application Set named Common Apps has been created for the All Workstations Management Group. Refer to Managing Role-based Application Sets to learn how to create and manage Role-based Application Sets.
The set includes Office 365 and 7-Zip. As the All Workstations Management Group includes all computers in the Workstations OU, any new computer that is added to the Workstations OU in the Task Sequence will have Office 365 and 7-Zip installed.
You can use the Preview Machine view to determine what applications will be installed when a new computer is built, based on attributes that the machine will have when it is built. The machine does not need to exist in the SLA Platform inventory, but Application Migration can determine which Management Groups it will belong to based on how it will be configured during the OS deployment.
On the Preview page, the administrator selects New Machine then selects By Device Attributes. The admin knows the new computer will be added to the Workstations OU, so enters that in the OU field. The results show the Management Groups that the computer will belong to based on the attributes entered, and therefore the applications that will be installed on that computer (in this case Office 365 and 7-Zip from the Common Apps set).
Note that there are rules applicable to these applications. As it happens, in this environment there is a Global migration rule to upgrade any version of Office 365 to v16.0.8309.1000, which has been applied to the application in Role-based Application set (although in this example the rule does not actually change the version that is included in the application set). Similarly you can see there is an applicable migration rule to retain 7-Zip (again, in this example the rule does not change the version that is included in the application set).
Applying multiple Role-based Application Sets
It is possible for a computer to exist in multiple Management Groups. It can therefore have multiple Role-based Application Sets applied to it. Consider the example below. Remember that the PMO Management Group includes computers in the PMO OU and the All Workstations Management Group includes computers in the Workstations OU. As the PMO OU is a child of the Workstations OU, a computer in the PMO OU will also be in the Workstations OU, so a computer built in the PMO OU will be included in both All Workstations and PMO Management Groups and therefore have the Common Apps and PMO Applications installed.
The PMO Applications set includes just Microsoft Project 2016
Note that the Preview page does not allow multiple OUs to be specified when viewing results by device attributes. In this scenario, you can view by management groups and select multiple management groups, as illustrated below. From this view, you can see that a computer built in the Workstations\PMO OU will get Office 365, 7-Zip and Project Professional 2016.
How Migration Rules can modify applications installed using Role-based Application Sets
The following example demonstrates how migration rules can change applications defined in a Role-based Application Set. In this example, we'll add a Role-based Application Set for the Portland, OR Management Group.
The Portland office application set includes just SmartFTP Client.
As the Portland, OR Management Group is based on the Portland AD site, we can use device attributes to preview what applications would be installed on a computer that was built in Portland in the Workstations OU.