Getting Started with Remediation

In order to reduce the number of IT tickets and improve user experience, Aternity developed the Remediation feature. Remediation allows IT help desk personnel to identify issues that can cause problems and remotely fix them before they are escalated. Running remediation actions remotely resolves performance issues on end user Windows devices by one-click reducing the problem-solving time and the risk of human errors. Remediation actions can be triggered automatically based on Service Desk Alerts, manually by IT help desk personnel or from external systems using REST API.

For example, identify that a user has low disk space and trigger the Empty Recycle Bin action before end user is out of disk space, or stop Windows service that should not run on the device.

This functionality applies only to Windows end-user devices with Agent 12 or later. Install the Agent for End User Devices locally on a Windows desktop or laptop.

Initiate Remediation on End User Devices

Workflow for adding remediation actions to Aternity

The below steps present a general workflow for adding remediation actions to Aternity. More details and links to relevant articles are in the below table.

  1. Install Agent for End User Devices 12. If you want to use unsigned scripts for testing their validity, then install the Agent as Unrestricted. Alternatively, use self-signed certificates, follow the instructions in the readme file.
  2. Write a script. You can use the repository for templates and examples.
  3. Add a new action to Aternity by uploading the prepared script.
  4. Run the action on a device with Agent for End User Devices 12 and make sure the action completed successfully. You can view the status in the Device Events dashboard.
  5. Sign scripts and install the Agent for End User Devices as Trusted to run scripts in a secure network.
  6. Use the Analyze Remediation Actions dashboard to view the details about all actions executed on different devices.
  7. Once remediation actions are added to Aternity, run automatic remediation actions by adding SDA rules and linking them to actions or execute scripts using REST API.
To... Do This...

Enable remediation actions

Administrators should sign in to Aternity and under Settings:

Use Remediation screen to view, configure, and add remediation actions to Aternity to provide early and easy one-click fixes for performance issues, improve user experience and decrease the volume of IT support cases.

Learn more.

Create script(s) and upload them to Aternity

To run remediation actions on end user devices, learn how to create scripts. Learn more.

Sign the scripts before executing them on the monitored devices

  • For security reasons, by default, the Agent runs only scripts that are signed either by Aternity or by certificates listed in the Trusted Publishers store of the device on which you run the script. To open the Certificates dialog-box and to see the certificates included in the Trusted Publishers store of the device, open a Command Prompt window and run the certlm command.
    Launch Local Computer Certificates
    Tip

    If using the default execution policy during Agents mass deployment, which is ACTION_EXECUTION_POLICY=Trusted, make sure to place your certificates in the folder shown in the above figure.

    It is possible to change the default parameter of the ACTION_EXECUTION_POLICY in the Agent's batch file only during its installation. There are three possible options to alter:
    • Trusted - The default policy that automatically applies during Aternity Agent mass deployment.

    • Unrestricted - Aternity Agent runs any script, both signed and not signed.

    • Blocked - Aternity Agent blocks any script, either signed or not.

    Currently, changing these options is supported only for the mass installation batch file by entering the following parameter: ACTION_EXECUTION_POLICY=Unrestricted or ACTION_EXECUTION_POLICY=Blocked

Learn more.

Manually run remediation process from the dashboard

In the Device Events dashboard, execute remediation actions. Learn more.

.

Run an automatic remediation action

When generating service desk alerts for health events, you can assign a remediation action to this alert and enable running it in case of alert.

Learn more.

Execute remediation action with REST API

You can run remediation actions on end user devices using REST API. You can do that from outside Aternity. For example, use this API to trigger remediation actions from your ticketing system or use it in mass healing flows.

Learn more.

View all executed remediation actions and their states with REST API

Use REMEDIATION_ACTIONS_RUN_RAW REST API.

REMEDIATION_ACTIONS_RUN_RAW tracks remedial actions executed on end user devices by returning the raw list of all remediation actions which were executed by IT in your organization. Each raw displays the current state of the action run.

Learn more.

Ask for end-user confirmation or execute actions silently

In the Remediation configuration screen, toggle to enable or disable sending a request message for end user confirmation. Learn more.

Enable it in case you want end user to confirm the action. Disable it in case you want to silently initiate a remediation action on end user devices. When disabled, all other fields become grayed out.

Send a nice branded message to end-users

Include your organization logo in the message for end-user that you send when triggering an action. Learn more..

Run an automatic remediation action

Assign remediation actions to service desk alerts to trigger them automatically.

In the SDA configuration screen, enable running a remediation action. When Aternity generates this SDA alert, the action will be automatically executed. Learn more.

Once enabled, select an action from the drop-down list.

Do not enable this option if you do not want to execute remediation actions automatically.

To view the status of running actions

Go to the Device Events dashboard (learn more).

To view and analyze all remediation actions

Go to the Analyze Remediation Actions dashboard (learn more).

To customize the dashboard

If the data you need for your investigation is not available in the non-advanced Analyze dashboard, use the Advanced version to design your own layout, by customizing and displaying only the data which you need.

Go to the Remediation Actions (Advanced) dashboard (learn more).

This dashboard displays raw data in real time, refreshing every time you access it or whenever you manually refresh the browser page.