The Microsoft Deployment Toolkit (MDT) is really good at managing deployments based on information we have about the computer, but not so great about managing and compiling deployments based on user information. ConfigMgr 2012 addressed some of these issues with user device affinity (UDA) and we can pre-deploy applications in a task sequences based on applications deployed to user collections. It is also common to find organisations which deploy applications to users and computers based on Active Directory security group membership. This is something which ConfigMgr and MDT are not good at.
This becomes a problem if we want to install software which is assigned to security groups (which eventually ends up as collection membership) at build time so that by the time we get to Ctrl+Alt+Del we have a fully built machine with computer and user targeted applications without the need to wait for policy to refresh and applications to download. Applications (and packages) cannot install in this manner in the task sequence as the client runs in provisioning mode which prevents non-OSD content such as applications from getting downloaded and executed. Meaning we have to wait until the user logs on until the applications finish off.
How this interaction works is outlined in the quick diagram shown below. Over the next few posts I will be stepping through the setup and deployment of the web service and the integration with MDT and your existing task sequences.