Associating Users with Their Computers

In the NOIDMIF file examples in this chapter, Wide World Importers used a NOIDMIF file to associate each computer in the organization with its geographical location. Another reason for customizing NOIDMIF files is to associate users and members of user groups with their computers.

In SMS 2.0, collections can be composed of groups of similar computers or groups of users. Typically user groups represent a logical grouping that correspond to the way your company is organized.

For example, Wide World Importers created user groups that correspond to the divisions of the company, including a Finance group, a Personnel group, and an IS group. The company’s system administrators want to distribute software to these groups, but they want to do so when the users are not logged on to their computers.

To accomplish this task, the administrators considered using a NOIDMIF file to record the principal user of each computer and all the user groups that user belongs to. After doing this, they could create a collection of all the computers for members of the Personnel user group.

Instead, for greater security, they decided to create an IDMIF file for each user group within the organization. They used NOIDMIF files to record only the principal user of each computer. By using the IDMIF file that is controlled by the administrator, they eliminated the possibility that unauthorized users might create a NOIDMIF file, thereby adding themselves to user groups where they do not belong.

Note   When you use an IDMIF file to create a record of user groups within your organization, you must update the IDMIF file whenever users are added or removed from these groups.

Wide World Importers’ administrators added a NOIDMIF file to each computer on the network that serves as the principal computer for a member of a user group. The format for this file is similar to the following:

Start Component   Name = "User Information"   Start Group      Name  = "Primary User"      ID    = 1      Key = 1      Class = "Users"
      Start Attribute         ID      = 1         Name    = "Primary User Name"         Type    = String(80)         Value   = "Linda Mitchell"      End Attribute   End GroupEnd Component

Then, for each user group, the administrators added an IDMIF file similar to the following:

//AgentID<Admin John>//Architecture<Personnel User Group>//UniqueID<Personnel Division>Start Component      Name = "Personnel User Group"      Start Group          Name = "Personnel"          ID = 1          Class = "Personnel User Group"           Key = 1  Start Attribute               Name = "Name"               ID = 1               Type = String(50)               Value = "Personnel"          End Attribute      End Group      Start Group      Name = "Members"          ID = 1          Class = "personnelMember"           Start Attribute               Name = "Member1"               ID = 1               Type = String(50)               Value = "Linda Mitchell"          End Attribute          Start Attribute               Name = "Member2"               ID = 1               Type = String(50)               Value = "Julia Moseley"          End Attribute     End GroupEnd Component