Configuration Manager OSD Post Action and the Evil Twin

There are many great reasons to run a script to perform actions at the end of your OS Deployment after the Task Sequence engine has shut down.  You may the client check in to get policy right away, trigger an AV signature update, or refresh Group Policy.  You can do this by setting the action to run using the SMSTSPostAction variable.

If you have written a PowerShell script with logging to perform this you may have noticed that your script runs TWICE! Depending on what your script is doing this can cause undesired side effects and result in general tomfoolery.

This is not a new issue, in searching the interwebs, it seems this issue has existed since the feature was introduced in the Configuration Manager 2012 SP1 release. A user on Microsoft’s support forum thread aptly dubbed this the “Evil Twin”.  He also posted his proposed fix for this on the same forum thread you can find at

Spotting the Evil Twin

In the below screenshot of the SMSTS.LOG you can see the post action is executed by the TSManager at 1:12:10 PM and then three seconds later by the OSDSetupHook at 1:12:13 PM.

Vanquish the Evil Twin

The proposed fix in the Microsoft forum leverages a flag file to determine duplicate instances of the script. This is not an approach I like to use unless I have no other method as it does not feel clean.  I took the approach of leveraging WMI to detect all instances of PowerShell.exe where the OSD.ps1 script was running in memory and checked the creation time stamp to determine which instance was created first.  If the current process was not the first, then it gracefully exits out and avoids the potential unsaid chaos caused by the evil twin.

#// Check for multiple instances - and exit if not first created instance
$process = gwmi -query "Select ProcessId, CreationDate, Commandline From WIn32_Process Where Name = 'powershell.exe' and CommandLine like '%osd.ps1%'"
If ($process.Count -gt 1) {
    #// Get current script process creation time stamp
    $p1 = [Management.ManagementDateTimeConverter]::ToDateTime(($process | Where ProcessID -eq $pid).CreationDate)

    #// Compare start timestamp against other scripts
    ForEach ($p in $process | Where ProcessID -ne $pid) {
        $p2 = [Management.ManagementDateTimeConverter]::ToDateTime($p.CreationDate)
        If ($p2 -lt $p1) {
            Write-Host "DUPLICATE: ($($p.ProcessId)) [$p2] duplicate of ($pid) [$p1]"
            Exit 52

Configuring Your Post Action

When building OS Deployment Task Sequences for my clients, I avoid setting TS variables as steps and set them as part of my UI++ implementation when configuring the LTI experience. I leverage the OSD Helper Script for configurations, including the post action step setting the SMSTSPostAction variable as follows:

<Action Type=”TSVar” Name=”SMSTSPostaction”>Powershell.exe -ExecutionPolicy Bypass -NoLogo -NoProfile -NonInteractive -WindowStyle Hidden -File C:\WINDOWS\CCM\Scripts\OSD.ps1 -mode:config -submode:postaction</Action>



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.