Contents
-
Introducing Shopping
-
Implementing Shopping
-
Working with Shopping
-
The Shopping Admin Console
-
Setting up Configuration Manager sites
-
Approvers
-
User and Computer categories
-
Managing applications
-
Managing Configuration Manager applications
-
Managing Intune applications
-
Managing non-Configuration Manager / non-Intune applications
-
Managing mobile applications
-
Creating OS Deployment applications
-
Bulk importing applications from Configuration Manager
-
Enabling and disabling applications
-
Removing and deleting applications
-
Application properties
-
User-specific application visibility
-
OS Filtering
-
Setting up computer category approval
-
Configuring application license management
-
Configuring application rental
-
Configuring AD membership applications
-
AD group membership rental
-
Searching for applications
-
Application sets
-
Creating Windows Servicing Assistant Deployment Applications
-
Managing Configuration Manager applications
-
Node Security
-
Setting up Configuration Manager sites
-
Using the Shopping Web
-
Shopping Web administration
-
Advanced features
-
The Shopping Admin Console
-
Troubleshooting
-
Training
-
Reference
Applications in Shopping can be configured to enable membership of two selected AD groups, one group for the user and the other for the user's computer. When the application is shopped for the user's user account and/or computer account get added to the group. For example, an organization may want to do this in order to provide self-service access to shares, or use domain groups to grant access to an application database.
The latest version of Shopping also allows AD group membership to be revoked when the application is uninstalled and supports AD group membership rental.
An example application
To illustrate AD integration we will use an example application called ACME DataMater, this application is intended to provide data mining capabilities and so requires access to shares and databases.
The User AD Group we are going to select is one called ACME DataMater DB Access, this is configured in our example network to enable appropriate database access for users of the ACME DataMater application.
The Computer AD Group we will use is one called ACME DataMater Share Access, this is configured in our example network to enable a share on the machine where the ACME DataMater application is installed.
Saving the changes
Having set the groups, we then click OK to store the settings with the application. At this point, Shopping will confirm that the Shopping Central service account has write access to the selected groups. If this is not the case, a warning dialog will appear and the Properties dialog will not close, preventing the selection of the groups. To resolve this issue, you should contact the AD Administrator and ensure that the Shopping Central service account gets the appropriate write permission to modify the membership of the selected groups.