Friday, May 5, 2017

User Device Affinity (UDA) in C#

With the demise of Silver Light, you might want to keep it just so you can do UDA for the users.  Well here is some code you can use to create a webpage, much like I did to go around that issue.

Here is some straight code:

First you need to search for the user you want to add:
Create a Text box named UserSelected
Now search for the user based on the name, this will also contain their userID so it helps with the searches.

string strQuery = "Select * from SMS_R_User where Name like '%" + UserSelected.Trim() + "%'";
IResultObject UsersFound = SCCMconnection.QueryProcessor.ExecuteQuery(strQuery);

Now you can move through the list and add them to the radio button if you like.

foreach (IResultObject UserFound in UsersFound)
dt.Rows.Add(CreateRow(UserFound["UniqueUserName"].StringValue.Trim(), UserFound["Name"].StringValue.Trim(), dt));
dv = new DataView(dt);
UniqueUserName-  This is what SCCM needs in order to add the user domain\userid
UserFound["Name"] - this is used for our searches because it looks like this (userID\domain  Username ResourceID)
Next you can create a search for the machine,

SMS_CM_RES_COLL_XY000017 - This is your collection of machines you wish to search, this could be your AllWorkstations collection

Select ResourceID,Name from SMS_CM_RES_COLL_XY000017 where name like '%" + FindComputerTxtBox.Text.Trim() + "%'";

Once you find it add it to a drop down box. 
Now with both the user and the Machine we can set the UDA.  Be sure your Security on the Service Account performing the action has access to set User Device Affinity.

Dictionary<string, object> addUDAParameters = new Dictionary<string, object>();
addUDAParameters.Add("MachineResourceId", ResourceIDVariable);
addUDAParameters.Add("UserAccountName", "domain\userid";
addUDAParameters.Add("SourceId", "2");  //Administrative change
addUDAParameters.Add("TypeId", "1");
IResultObject UDA = SCCMconnection.ExecuteMethod("SMS_UserMachineRelationship", "CreateRelationship", addMembershipRuleParameters);

Depending on what you use the Application Catalog for, you can use this code on a website and remove SilverLight.

Tuesday, May 2, 2017

What is Managed Mobile Convergence and why is it important to my business?

Managed Mobile Convergence is the ability to manage a mobile device, desktops or even servers as the same machine.  Think of as treating everyone the same not matter what!!  Let’s outline some definitions because as the lines blur so do the meaning.
Mobile Device – traditionally we would refer to these as smart devices like smart phones but now see laptops and tablets slowly move into this area.
IoT Devices – Internet of Things- We use to call these embedded devices.  They were sometimes dumb devices that might have linked to a central control, had a small storage and ran PIC but now the name has changed and so have the usability.  These devices are as smart as Mobile devices and sometimes run a modern OS like Windows 10 or Linux. 
Workstations / Desktops – Machines we use for our daily work and play.  These devices use a full OS like Apple, Linux, Windows and are work hard.  These machines are now blurring between our work pc and the home pc with the Bring Your Own Device initiative.
Now what is left out of all this conversation are servers.  Servers have moved from closets to rooms to “server room” and now to the Data Center.  In all our management views, we traditionally leave server management up to the Server admins.  Even today Servers are treated differently that other devices. 
Intune currently doesn’t support Server but it has slowly provided more modern management of the mobile workstations like Win10 devices and can also manage the desktop for smaller organizations. This is a great idea but be aware that part of this solution is no reimage, yet.  Now we have Win10 provisioning, MDT and other solutions.  Using this perspective MS is looking to move you to the Cloud, “Modern Management” and with no more on-prem management infrastructure like SCCM.  This can save money but you still need to manage your server environments.
I see your “Modern Management” and raise you “Managed Mobile Convergence”.  The ability to manage all devices globally, without prejudice.  Smart phone, Workstation, Laptop, BYOD, Tablet, Server as well as Operating System Agnostic all utilizing a single pane of glass.  To begin to see this world we must place a blinder on the use of the machine and look at it from the perspective as business device, nothing more.  If the device needs antivirus/antimalware it should be managed, even if that means Microsoft devices pull from MS and the Apple Devices pull from Apple, all the while talking to the same management infrastructure.  The machine policies should be the same even if the signatures are from different vendors.  I should have a single pane of glass to create an exemption for a virus alert, file type, etc.
We see this partly in SCCM with the Adroid for Work, Mac support, Servers and many different types of machines.  To truly reach our goal of Managed Mobile Convergence we must treat every device as equal.  That would mean if we want to deploy an update to an Apple, Workstation, Server, IoT device it should be a single solution with a single interface. 
I am only discussing the management of the machine. I am leaving out the trade compliance issue of data entering or leaving counties, client data in the cloud.  These problems will always exist and there for complicate the infrastructure to manage these devices.  For this reason we will always need a kind of hybrid approach for management.  That is a discussion for later….