Uninstall AppV 5.0 package automatically if an user is removed from a user based collection in SCCM 2012
With SCCM 2007 you had the option to automatic uninstall virtual applications. In the package you selected ‘Remove this package from clients when it is no longer advertised’. If the user was no longer member of the collection the virtual application was removed.
With SCCM 2012 this feature has been discontinued.
In SCCM 2012 the trick is to create a collection that contains all the users that are no longer member of the group that belongs to the application.
In this example the application ‘Demo_MoreShortcuts_1.0_ENG – TEST’ will be removed by the users who are no longer member of the Active Directory group ‘APPL – Demo_TST’
The start position
The shortcut is visible for the user:
Create a query for the user based collection
select SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain from SMS_R_User inner join SMS_G_System_AppClientState on SMS_R_USER.UniqueUserName = SMS_G_System_AppClientState.UserName where SMS_G_System_AppClientState.AppName = "Demo_MoreShortcuts_1.0_ENG - TEST" and G_System_AppClientState.ComplianceState = 1 and SMS_R_USER.UniqueUserName not in (select distinct SMS_R_USER.UniqueUserName from SMS_R_User where UserGroupName = "DEMOFOREST\\APPL - Demo_TST")
The most important parts are:
- SMS_G_System_AppClientState.AppName = “Demo_MoreShortcuts_1.0_ENG – TEST” and G_System_AppClientState.ComplianceState = 1
More information can be found at SMS_G_System_AppClientState Server WMI Class
- SMS_R_USER.UniqueUserName not in (select distinct SMS_R_USER.UniqueUserName from SMS_R_User where UserGroupName = “DEMOFOREST\\APPL – Demo_TST”)
The query does not return any users:
The application has both a install and uninstall deployment attached to it.
Remove the user from the group and perform all client actions on the client.
After a while the user who was member of the group is now visible in the collection:
If you install Configuration Manager Support Center on a server, you can open both the AppIntentEval.log and the AppEnforce.log. It shows as a ProhibitedApplication in the AppIntentEval.log.
The virtual application has been uninstalled.