Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

SCCM software revocation

SCCM software revocation

An administrator can revoke software without any user interaction using Microsoft System Center Configuration Manager (SCCM) if the software configuration specifies an SCCM uninstall collection, even if the software was installed by some other process or user.

Revoke software deployed through the service catalog

Software deployed by SCCM can be revoked, but only when the software's status is Installed and the application associated with the software configuration has an uninstall collection configured.

Before you begin

  • Create an SCCM configuration record for the application that names an appropriate uninstall collection.
  • Associate the CSD catalog item for the application with the SCCM configuration that specifies the uninstall collection.
Role required: sn_client_sf_dist.csd_admin or admin

A workflow called Revoke SCCM Application moves either the user or the device from its respective collection and adds it to the appropriate uninstall collection. When SCCM performs an internal policy check and finds the user or device in the uninstall collection, SCCM removes the related software package from the client computer.

Procedure

  1. Navigate to Client Software Distribution > Reports > Requested Software.
  2. Open the record for the SCCM software package you want to revoke.
    The package must have a Status of Installed to be revocable.
  3. Under Related Links, click Revoke software.

    This action runs the Revoke Client Software workflow, which triggers the Revoke SCCM Application subflow that moves the user or device from the install collection to the uninstall collection. When SCCM performs an internal policy check and finds the user or device in the uninstall collection, SCCM removes the related software package from the client computer.

Revoke unentitled software

An administrator can revoke software using Microsoft System Center Configuration Manager (SCCM) that a user is not entitled to use even if the software was installed by some other process or user.

Before you begin

To revoke software using SCCM, you must create an SCCM configuration record for the application, in which the appropriate software Discovery model is defined. See Software discovery models.

Role required: sn_client_sf_dist.csd_admin or admin

Client Software Distribution (CSD) uses Software Asset Management to identify unentitled software installations. Discovery detects the software on the user's machine, and SAM determines if the user or device is entitled to use that software. This might include software that was not installed through a catalog request or software that the user installed without approval. If the software installation's Discovery model is associated with an SCCM software configuration that has an uninstall collection defined, then an administrator can use CSD to revoke that software from the user's machine without involving the user.

Procedure

  1. Navigate to Client Software Distribution > Reports > Installed Software Not Entitled.
  2. Select the record for the installation that has unentitled users.
  3. Under Related Links, click Revoke software.

    This action runs the Revoke Client Software workflow, which triggers the Revoke SCCM Application subflow that moves the user or device from the install collection to the uninstall collection. When SCCM performs an internal policy check and finds the user or device in the uninstall collection, SCCM removes the related software package from the client computer.

    Figure 1. Revoking a software installation
    Revoking a software installation

SCCM software revocation workflow

The Revoke SCCM Application workflow moves a user or device from an install collection to an uninstall collection to revoke software installed from Microsoft System Center Configuration Manager (SCCM).

For the revocation workflow to run, the software package must have a status of Installed and must be pre-configured for an appropriate uninstall collection. See Revoke software deployed through the service catalog for configuration instructions. When an administrator initiates the revocation process, the system launches the Revoke SCCM Application workflow to move the user or device collection associated with installation to the appropriate SCCM uninstall collection. When the SCCM server performs a policy check, it finds the additions to the user or device uninstall collection and revokes the software package associated with that collection.

The workflow employs two custom activities, Remove from User Collection and Remove from Device Collection, to remove either the user or the device from its original collection. The workflow then adds the user or device to the appropriate uninstall collection on the SCCM server with the Add to User Collection or Add to Device Collection activity.
Note: This workflow is triggered by the Revoke Client Software workflow as a subflow.