While SCCM 2012 provides user-centric application deployment, it is only possible to deploy software updates to a device or device collection.

Here’s a collection I built in SCCM 2012 to retrieve the primary device of a user who is a member of the “SCCM Software Updates Pilot User Group”. In this way, I can deploy software updates to a device collection based on an Active Directory user group. It’s kind of like user-centric software update deployment.

The query below should create a collection of devices where the device has a primary user that is a member of the AD group “SCCM Software Updates Pilot User Group”.

Select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client FROM SMS_R_System JOIN SMS_UserMachineRelationship ON SMS_R_System.Name=SMS_UserMachineRelationship.ResourceName JOIN SMS_R_User ON SMS_UserMachineRelationship.UniqueUserName=SMS_R_User.UniqueUserName WHERE SMS_UserMachineRelationship.Types=1 AND SMS_R_User.UserGroupName="DOMAIN\\SCCM Software Updates Pilot User Group"