Installing Packages and Apps Dynamically during OSD via AD groups – Web service Edition

During MMS 2016 I demonstrated how to use a web service to query AD groups in order to install ConfigMgr Packages and Applications dynamically during OS Deployment, here is the code and sample scripts.

Cred: Thanks to Patrik Felix and Pontus Wendt for granting me permission to post the solution to the community.

Note: ConfigMgr guru Jörgen Nilsson also has a shiny blog post about using a client side script for the application (only) part.


A little while back, one of our customers wanted to have the OSD task sequence query AD groups to install packages and applications during deployment, so I wrote a web service that did it. The solution (web service) enumerates all AD groups that the computer is a member of, and queries the AdminDescription value of each group to create a list of packages and applications to install. Then the task sequence calls the web service, and the default Install Software and Install Applications actions installs them dynamically.

Step-by-step instructions

Here is the download, and to make it work you do the following:

1. Create an AD group named with the ConfigMgr package or application name. The name doesn't have to match exactly, but it helps if they are somewhat alike 🙂

2. Using Active Directory User and Computers (select View / Advanced Features to get the Attribute Editor), edit the AdminDescription attribute of the group. Use a prefix of PKG: if it's a legacy package, and APP: if it's an application model application.

Adding info on the AD group, so ConfigMgr knows what packages or apps to install during OS Deployment.

3. Configure the task sequence to query the web service by adding two command line actions in the state restore phase, before the actions that installs packages and applications. The commands are:

cscript.exe "%deployroot%\scripts\ZTIListPackages.wsf"

cscript.exe "%deployroot%\scripts\ZTIListApplications.wsf"

Adding instructions to call the web service.

4. Add the scripts and CustomSettings.ini to the scripts folder of your MDT package. Modify the CustomSettings.ini file with your server name, and then update the package.

5. Copy the web service to a folder on your site server, I used the E:\ViaMonstraWebServices\Applist in this example.

Web service copied to E:ViaMonstraWebServicesApplist.

6. On your site server (my is named CM01), using Internet Information Services (IIS) Manager, expand CM01 (VIAMONSTRA\Administrator), and expand Sites.

7. Right-click the Default Web Site, and select Add Application. Use the following settings:

   Alias: applist
    Physical Path: E:\ViaMonstraWebServices\Applist

8. Expand the Default Web Site, and select the applist application. Configure the following authentication settings:

   Anonymous Authentication: Enabled
    ASP.NET Impersonation: Enabled
    Forms Authentication: Disabled
    Windows Authentication: Disabled

9. Using Internet Explorer, verify that the webservice works by navigating to http://cm01/applist/configmgr.asmx and run the two web methods.

Testing the web service.

List of legacy packages returned by the web service.

About the author

Johan Arwidmark

0 0 votes
Article Rating
Notify of
Oldest Most Voted
Inline Feedbacks
View all comments
2 years ago

Great Post. I am trying to achieve the same thing.
If I have not created any boundary in sccm is it going to deploy the application ?

3 years ago

This is a great post! I am looking to something similar however I would like to use the USER assigned packages instead of systems. Is this possible?