Getting Started with Remediation

In order to reduce the number of IT tickets and improve user experience, Aternity developed the Remediation feature. Remediation allows IT help desk personnel to identify issues that can cause problems and remotely fix them before they are escalated. Running remediation actions remotely resolves performance issues on end user Windows devices by one-click reducing the problem-solving time and the risk of human errors. Remediation actions can be triggered automatically based on Service Desk Alerts, manually by IT help desk personnel or from external systems using REST API.

For example, identify that a user has low disk space and trigger the Empty Recycle Bin action before end user is out of disk space, or stop Windows service that should not run on the device.

This functionality applies only to Windows end-user devices with Agent 12 or later. Install the Agent for End User Devices locally on a Windows desktop or laptop.


You can use the remediation templates repository. To use the repository, you are required to log in to Aternity Customer Success site.

Initiate Remediation on End User Devices

The below steps explain a general WORKFLOW for adding remediation actions to Aternity. More details and links to relevant articles you can find in the below table.

  1. Deploy Agent for End User Devices 12.x or later. Make sure it is set to Trusted (default), this enables running scripts in a secure network.

    Field Description

    For Agents earlier than 12.1.4

    To use unsigned scripts for testing their validity, install Agent as Unrestricted. Alternatively, use self-signed certificates. Learn how to self-sign scripts here.

    For Agent 12.1.4 or later

    The Unrestricted option is not available any more. Use self-signed certificates. Learn how to self-sign scripts here.

  2. Write a script. Learn tips for writing scripts.

    Use the remediation templates repository. To use the repository, first log in to Aternity Customer Success site.

    Use templates from Aternity repository
  3. Self-sign the script, add a new action to Aternity by uploading the prepared script, and test it on several devices. This script must be signed.
  4. Sign the script so it will be able to run on any device in your organization. Contact your IT representative for assistance.

  5. Validate the signature of the scripts.

  6. Add a new action to Aternity by uploading the prepared script.
  7. Run the action on a device with Agent for End User Devices 12 or later and make sure the action completed successfully. You can view the status in the Device Events dashboard.
  8. Use the Analyze Remediation Actions dashboard to view the details about all actions executed on different devices.
  9. Once remediation actions are added to Aternity, run automatic remediation actions by adding SDA rules and linking them to actions or execute scripts using REST API.
To... Do This...

Create scripts

Learn here.

Sign scripts for testing purposes

Learn here.

Validate scripts signature

Learn here.

Sign scripts for executing them on monitored devices

  • For security reasons, by default, the Agent runs only scripts that are signed either by Aternity or by certificates listed in the Trusted Publishers store of the device on which you run the script. To open the Certificates dialog-box and to see the certificates included in the Trusted Publishers store of the device, open a Command Prompt window and run the certlm command.
    Launch Local Computer Certificates

    If using the default execution policy during Agents mass deployment, which is ACTION_EXECUTION_POLICY=Trusted, make sure to place your certificates in the folder shown in the above figure.

    It is possible to change the default parameter of the ACTION_EXECUTION_POLICY in the Agent's batch file only during its installation. There are three possible options to alter:
    • Trusted - The default policy that automatically applies during Aternity Agent mass deployment. This setting enforces the usage of digital signing of scripts and allows running only the scripts that are signed and secured.

    • Blocked - Aternity Agent blocks any script, either signed or not.

    • (For Agents below 12.1.4) Unrestricted - Aternity Agent runs any script, both signed and not signed. Starting Agent 12.1.4, Unrestricted is not supported any more.

    Currently, changing these options is supported only for the mass installation batch file by entering the following parameter: ACTION_EXECUTION_POLICY=Trusted or ACTION_EXECUTION_POLICY=Blocked

Learn more.

Upload scripts to Aternity

Learn here.

Set up remediation actions execution to resolve device issues

Use Remediation screen to view, configure, and add remediation actions to Aternity to provide early and easy one-click fixes for performance issues, improve user experience and decrease the volume of IT support cases.

As Administrator of Aternity, sign in to Aternity and open Remediation under the Gear Icon > Settings.

Learn more.

Manually run remediation process from the dashboard

In the Device Events dashboard, execute remediation actions.

Learn more..

Run automatic remediation actions

When generating service desk alerts for health events, you can assign a remediation action and enable it to run in case of alert.

Learn more.

Execute remediation action with REST API

Run remediation actions on end user devices using REST API. You can do that from outside Aternity. For example, use this API to trigger remediation actions from your ticketing system or use it in mass healing flows.

Learn more.

View all executed remediation actions and their states with REST API


REMEDIATION_ACTIONS_RUN_RAW tracks remedial actions executed on end user devices by returning the raw list of all remediation actions which were executed by IT in your organization. Each raw displays the current state of the action run.

Learn more.

Ask for end-user confirmation or execute actions silently

In the Remediation configuration screen, toggle to enable or disable sending a request message for end user confirmation. Learn more.

Enable it if you want end user to confirm the action. Disable it if you want to silently initiate a remediation action on end user devices.

When disabled, all other fields become grayed out.

Send a nice branded message to end-users

Include your organization logo in the message for end-user that you send when triggering an action.

Learn more.

Run an automatic remediation action

Assign remediation actions to service desk alerts to trigger them automatically.

In the SDA configuration screen, enable running a remediation action. When Aternity generates this SDA alert, the action will be automatically executed. Learn more.

Once enabled, select an action from the drop-down list.

Do not enable this option if you do not want to execute remediation actions automatically.

To view the status of running actions

Go to the Device Events dashboard.

Learn more.

To view and analyze all remediation actions

Go to the Analyze Remediation Actions dashboard.

(Learn more.

To customize the dashboard

If the data you need for your investigation is not available in the non-advanced Analyze dashboard, use the Advanced version to design your own layout, by customizing and displaying only the data which you need.

Go to the Remediation Actions (Advanced) dashboard (learn more).

This dashboard displays raw data in real time, refreshing every time you access it or whenever you manually refresh the browser page.

Watch how to Improve Service Desk KPIs with Aternity Automated Remediation on YouTube