Skip to main content

About Roles and Conditions

You can use roles to manage software deployments. A role is a logical container that you can use to apply and or group software applications, tasks, settings and/or functions. In a role, you can assign dynamic conditions directly to a catalog item that will enable that role to detect its deployment target.

Role Types

There are three role types:

  • Applications—On the Applications tab of the Role Properties dialog box, you can apply a single or grouped and sorted lists of software applications to roles.
  • Computer variables—On the Variables tab of the Role Properties dialog box, you can apply standard OSD/MDT variables and the population of those values—either hard set or passed as tokens from SS native data—to a role. You can also apply custom variables and the population of those values—either hard set or passed as tokens from SS native data—to a role.
  • USMT profiles—On the USMT Profiles tab of the Role Properties dialog box, you can apply USMT profiles. Using user profile migration integration with USMT (Microsoft User State Migration Tool) enables both admin and user-controlled Scan State and Load State configuration profiles to be applied to roles, which are then passed to computer variables for use by a task sequence.

The three role types can be used in combination or separately in any way you choose on the same role or multiple roles that might apply to the same conditional criteria. For instance, you might have a separate role for each type to be applied based on the same or different conditions.

Role Conditions

On the Conditions tab of the Role Properties dialog box, you can define role conditions to enable roles to be applied to a user or computer automatically based on the criteria of the condition.

For example, if a user is a member of the Active Directory OU “HR”, or if a user or their system is a member of a collection, you might have a role that automatically targets a set of applications to them that you have defined in the role.

There are three condition types:

  • Active Directory Groups and OUs
  • Active Directory Properties
  • SCCM Collections

How Roles Work

Roles do not rely on identifying applications present on a source or destination computer. Instead, applications and packages are written to the destination computer object on the Variables tab. These variables are used during the System Center Configuration Manager task sequence process for the Install Package and Install Application steps.

The following are the steps explaining how roles are detected and assigned during the imaging process:

  • Create role—You create a role in App Portal.
  • Enable role for catalog item—You enable a role for an App Portal task sequence catalog item.
  • Role is evaluated during checkout—During the App Portal checkout process, the role is evaluated.
  • Roles are applied to the computer object as variables—Any roles that are detected for the user or computer are applied to the computer object within System Center Configuration Manager as variables.
  • Variables are evaluated by task sequence—The variables are evaluated by the task sequence and used where defined within the task sequence process.