Configuration Manager OSD Post Action and the Evil Twin

There are many great reasons to run a script to perform actions at the end of your OS Deployment after the Task Sequence engine has shut down.  You may the client check in to get policy right away, trigger an AV signature update, or refresh Group Policy.  You can do this by setting the action to run using the SMSTSPostAction variable.

If you have written a PowerShell script with logging to perform this you may have noticed that your script runs TWICE! Depending on what your script is doing this can cause undesired side effects and result in general tomfoolery.

This is not a new issue, in searching the interwebs, it seems this issue has existed since the feature was introduced in the Configuration Manager 2012 SP1 release. A user on Microsoft’s support forum thread aptly dubbed this the “Evil Twin”.  He also posted his proposed fix for this on the same forum thread you can find at https://social.technet.microsoft.com/Forums/en-US/2244fb88-0443-4c94-bf7a-b42cc4ee5c21/smstspostaction-running-twice.

Spotting the Evil Twin

In the below screenshot of the SMSTS.LOG you can see the post action is executed by the TSManager at 1:12:10 PM and then three seconds later by the OSDSetupHook at 1:12:13 PM.

Vanquish the Evil Twin

The proposed fix in the Microsoft forum leverages a flag file to determine duplicate instances of the script. This is not an approach I like to use unless I have no other method as it does not feel clean.  I took the approach of leveraging WMI to detect all instances of PowerShell.exe where the OSD.ps1 script was running in memory and checked the creation time stamp to determine which instance was created first.  If the current process was not the first, then it gracefully exits out and avoids the potential unsaid chaos caused by the evil twin.


#// Check for multiple instances - and exit if not first created instance
$process = gwmi -query "Select ProcessId, CreationDate, Commandline From WIn32_Process Where Name = 'powershell.exe' and CommandLine like '%osd.ps1%'"
If ($process.Count -gt 1) {
    #// Get current script process creation time stamp
    $p1 = [Management.ManagementDateTimeConverter]::ToDateTime(($process | Where ProcessID -eq $pid).CreationDate)

    #// Compare start timestamp against other scripts
    ForEach ($p in $process | Where ProcessID -ne $pid) {
        $p2 = [Management.ManagementDateTimeConverter]::ToDateTime($p.CreationDate)
        If ($p2 -lt $p1) {
            Write-Host "DUPLICATE: ($($p.ProcessId)) [$p2] duplicate of ($pid) [$p1]"
            Exit 52
        }
    }
}

Configuring Your Post Action

When building OS Deployment Task Sequences for my clients, I avoid setting TS variables as steps and set them as part of my UI++ implementation when configuring the LTI experience. I leverage the OSD Helper Script for configurations, including the post action step setting the SMSTSPostAction variable as follows:

<Action Type=”TSVar” Name=”SMSTSPostaction”>Powershell.exe -ExecutionPolicy Bypass -NoLogo -NoProfile -NonInteractive -WindowStyle Hidden -File C:\WINDOWS\CCM\Scripts\OSD.ps1 -mode:config -submode:postaction</Action>

Share:

Facebook
Twitter
LinkedIn
Picture of Levi Stevens

Levi Stevens

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 037
Cyber Security

WME Security Briefing 06 January 2025

Evolving Strategies for Managing Expanding Attack Surfaces Overview As remote work gained incredible traction and an already-existing digital transformation accelerated, the domain of attack surface management, as previously understood, has changed profoundly. Modern infrastructures are normally spread over

Click Here to Read Full Article »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=