Related Posts:
- Create global conditions – Configuration Manager | Microsoft Learn
- Manufacturer Global Condition for App Model
- Creating ConfigMgr Global Conditions – Test for Existing Application PreReq
- Back to basics: Deploying applications with Custom Global Conditions – Example TS Running
I’m not going to go into a lot of detail on making them, you can look at the details in the Related posts. I’m just providing the information to use a Certificate as the Condition
You’ll need to know the Path to the Certificate, in this example, I’m confirming the WSUS Self-signed Certificate is on the device in the Trusted Root
$Cert = Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object {$_.Thumbprint -eq "ddf67dc780f9c52caf5a75c46205ef68ef6b0066"}
if ($Cert){$true}
So when I run the short script, it returns “True”, since the device has a certificate matching the thumbprint.
If I remove that certificate, it will no longer return any value
ConfigMgr Global Condition
- Set the name to something that makes sense
- Condition type: Setting
- Setting type: Script
- Data type: Boolean
And now you’ve got it.
Assing to an Application DT:
- Custom Condition: The one you just made
- Rule type: Existential
- Choose: The selected global condition must exist on client devices
Endpoint Tests: Device with Certificate
Device installs the software fine, as it found the certificate to meet the requirements.
Endpoint Tests: Device without Certificate
Device blocks installation, as it doesn’t meet the Global condition requirements.
GARYTOWN.COM