GitHub
Sign in
Start for free
View Categories

Groups

Quick guide #

A Configuration Group is a logical container in XOAP that assigns a specific configuration a Policy and optionally an Application Role to a set of nodes.

Create a new Configuration Group #

  1. In the upper-right corner, click + Create Group.
  2. Enter the Group name and select/add Tags.
  3. From the dropdown menu at the top, select the desired Application Role.
  4. Move nodes from Available nodes to Selected nodes to assign them to this group.
  5. Select configuration and configuration version
  6. Select Policy
  7. Click Create to finish.

Edit a Configuration Group #

  1. Click the Action menu (⋮) and select Edit.
  2. Update the Name, Policy, Application Role, Tags or modify the assigned Configurations.
  3. Click Save to apply any changes.

Delete a Configuration Group #

  1. Click the Action menu (⋮) and select Delete.
  2. Confirm the deletion by clicking Delete.

Additional useful information #

Configuration Groups and Nodes: #

In Configuration Groups, you can add only nodes (Available Nodes) that are not already assigned to another Configuration Group. Nodes can be removed in the details of the Configuration Group.

To register a new node (a node that is not yet available in your XOAP workspace), run the registration script or registration command in PowerShell on the node. A Configuration Group can have only one Configuration and one Application Role assigned.

Technical documentation #

A Configuration Group is a logical container in XOAP that assigns a specific Configuration—and optionally an Application Role and Policy—to a set of nodes. Nodes registered through the group inherit these assignments, and the group view provides an overview of how many nodes are compliant, non-compliant, or currently running the configuration.

To register nodes in your workspace, run the registration script (or registration command) on the target node using Windows PowerShell 5.1 as Administrator.

You can find the registration script/command in the Action menu (⋮): #

  1. Click the Action menu () and select Download registration script or Copy registration command.
  2. On the target system (node), open Windows PowerShell 5.1 as Administrator, and either:
    • Run the downloaded script, or
    • Paste the registration command and run it.
  3. The specified configuration will be applied to the node. If an Application Role is defined, the assigned applications will also be installed.
  4. The node will appear in the Nodes table under Configuration Management.

Both methods apply the same configuration and produce the same result.

Mass registration (deploy to multiple nodes) #

To register many nodes at once, distribute the registration command/script using your existing software deployment or policy tooling. The registration must run in an elevated context (Administrator/SYSTEM).

Option 1: Group Policy (GPO) – Scheduled Task or Startup Script #

Use a domain GPO to run the registration on target machines:

  • Scheduled Task (recommended): Create a GPO Scheduled Task that runs at startup as SYSTEM and executes the registration command/script.
  • Startup Script: Assign a startup script that runs during boot (computer scope).
    This approach is simple, works well for large fleets, and ensures the command runs with the required privileges.

Option 2: Microsoft SCCM / MECM #

Deploy the registration as an SCCM package/application:

  • Run the registration command/script as Local System.
  • Target a device collection (for example, a pilot group first, then broader rollout).
    This provides reporting, retry logic, and controlled rollout.

Option 3: Microsoft Intune (Proactive Remediations or Script Deployment) #

For Entra ID / Intune-managed devices:

  • Deploy the registration script as a device script, or use Proactive Remediations to run it once and verify the node is registered.
  • Ensure the script runs in system context for required permissions.

Option 4: Remote execution (PowerShell Remoting) #

If PowerShell Remoting is available:

  • Use Invoke-Command to run the registration command on a list of target computers under an account with local admin rights.
    This is useful for quick onboarding of smaller batches or ad-hoc groups.

Practical tips for mass deployment #

  • Use a pilot group first to validate connectivity, permissions, and expected behavior.
  • Ensure the environment allows outbound HTTPS (443) to the XOAP API endpoint.
  • Avoid re-running on already registered nodes by using the appropriate targeting/exclusions in your deployment tool (e.g., SCCM collections or GPO scoping)

Prerequisites to register a node #

  • Windows device
  • Run as Administrator
  • 64-bit Windows PowerShell (not PowerShell ISE)
  • Windows PowerShell 5.1 with DSC (PSDesiredStateConfiguration) available
  • WinRM / PowerShell Remoting can be enabled and restarted
  • Outbound HTTPS (443) access (or a working proxy for SYSTEM access) to: https://api.xoap.io

Powered by BetterDocs

Scroll to Top