Overview of Scripted Actions

Overview of Scripted Actions

Scripted Actions are a library of PowerShell scripts that can be run in either Azure or AVD Virtual Machines as another step for various tasks performed by Nerdio Manager.

There are two types of scripted actions: Azure Runbooks and Windows scripts. Each differ according to where they are run.

Create a New Scripted Action

To create a new scripted action:

  1. At the Account level, navigate to Scripted Actions.

  2. Navigate to either Windows scripts or Azure runbooks.

  3. Select Add scripted action.

  4. Enter the following information:

    • Name: Type the name of the script. This name is displayed when you select this action from the list of available scripted actions.

    • Description: Type the script's description.

    • Tags: From the drop-down list, select optional tags for the script. These tags are used for searching and organization.

    • Script Execution Mode: From the drop-down list, select the script's execution mode.

      Note: This parameter determines how Nerdio Manager acts when it passes the scripted action(s) to the VM. Nerdio Manager uses the Azure Custom Script Extension to ultimately execute the PowerShell commands (for more information about Scripted Actions for windows refer to Custom Script for Windows). The extension needs to be installed and removed every time Nerdio Manager executes a Windows Scripted Action. Optionally, PowerShell scripts can be combined and passed in a single run, if they do not interfere with each other, thus saving time.

      • Combined: Marks the script as one that can be combined safely with other scripts. For example, a script that adds a registry value.

      • Individual: A stand-alone script for an action that should be run on its own. For example, a long script with commonly used variable names that may conflict with other scripts, or a script that requires a fresh PowerShell session.

      • Individual with restart: For Windows scripts, run the script in stand-alone mode and perform a restart when complete.

    • Enable Cloud PC: Optionally for Windows scripts, toggle this option on to create a Cloud PC script policy.

      • Run this script using the logged on credentials: Select this option to run the script with the user's credentials on the client computer. By default, the script runs in system context.

      • Enforce script signature check: Select this option to enforce that the script must be signed by a trusted publisher. By default, no warning or prompt displays and the script runs unblocked.

      • Run script in 64 bit PowerShell Host: Select this option to run the script in a 64-bit PowerShell Host for a 64-bit client architecture.

      • Assign to all users: Select this option to assign the script to all users.

      • Assign to all devices: Select this option to assign the script to all devices.

      • Assign to selected groups: From the drop-down list, select the group(s) to assign this script to.

      • Exclude assignments: From the drop-down list, select the group(s) to exclude this script from.

    • Script: Type the PowerShell command(s) to execute.

      Note:Nerdio Manager allows you to integrate variables into the Azure runbooks scripted actions.

      Note: Cmdlets used in this code must be available on the VMs or in the Azure Automation account. If using PowerShell cmdlets from modules not present by default on the Windows VMs or in the Azure Automation account, the modules must first be installed.

      Nerdio provides several pre-populated variables that can be used in the script code. The available variables are:

      • $HostPoolId (Available when the script is associated with a host pool)

      • $HostPoolName (Available when the script is associated with a host pool)

      • $AzureSubscriptionId

      • $AzureSubscriptionName

      • $AzureResourceGroupName

      • $AzureRegionName

      • $AzureVMName (Available when the script is associated with a VM)

      • $ADUsername (if passing AD credentials)

      • $ADPassword (if passing AD credentials)

      • $DesktopUser (Available when the script is associated with a personal host pool)

      Tip: It is recommended to develop code using an IDE such as VSCode or ISE. Then test the PowerShell code on a dedicated development session Host /Azure VM.

  5. Once you have entered all the desired information, select OK.

View and Edit Existing Scripted Actions

Nerdio Manager allows you to view or edit existing scripted actions.

To view and edit an existing scripted action:

  1. Navigate to Scripted actions.

  2. Navigate to either Windows Scripts or Azure runbooks.

  3. Locate the scripted action you want to work with and select Edit.

  4. If desired, make the necessary changes and select OK.

Clone a Scripted Action

Nerdio Manager allows you to clone a scripted action.

To clone a scripted action:

  1. At the Account level, navigate to Scripted actions.

  2. Navigate to either Windows Scripts or Azure runbooks.

  3. Locate the scripted action you want to clone, and from the action menu select Clone.

  4. Make all the necessary changes and select Clone.

Apply Scripted Actions

Scripted Actions can be used as part of these tasks:

  • VM Lifecycle Events: Executed during the provisioning or re-imaging of Session Host VMs, or when a VM is stopped/started. Whenever a session host is created, destroyed, stopped, or started, the scripted action is performed as a final step.

  • Run Script: Manually run a command against a host pool. This is useful if you need to change all the session hosts without fully re-imaging them (for example, a script to change a registry key).

To apply a configured scripted action to AVD host VM lifecycle events:

  1. At the Account level, navigate to AVD > Host Pools.

  2. Locate the host pool you wish to work with.

  3. From the action menu, select PropertiesVM Deployment.

  4. Toggle on the desired Run scripted actions when... options.

  5. For each option, enter the following information:

    • Windows scripts: From the drop-down list, select the script to execute.

    • Azure runbooks: From the drop-down list, select the scripted actions to execute.

    • Pass AD credentials: Select this option to pass AD credentials to the script as variables.

    • AD Credentials: From the drop-down list, select the AD credentials to pass.

  6. Once you have entered all the desired information, select Save or Save & close.

    The scripted actions are added to the list of scripted actions for this host pool.

Warning: For some automations, the necessary actions to take must be done in the context of Azure, outside of the VM itself. While these commands could be run on the session host VM with the Azure PowerShell module installed, running scripts on session hosts that target Azure are less efficient and can be unreliable. Azure Automation allows for consistent execution, and allows for the Nerdio Manager to run the scripts as itself easily. Some scripts even require the VM to be restarted or shutdown, which means it could not be run on the session host VM regardless.

To run a scripted action on the Host Pool using the Run Script option:

  1. At the Account level, navigate to AVD > Host Pools.

  2. Locate the host pool you wish to work with.

  3. From the action menu, select Hosts > Run script.

  4. Enter the following information:

    • Windows scripts: From the drop-down list, select the scripted actions to execute.

    • Azure runbooks: From the drop-down list, select the scripted actions to execute.

    • Pass AD credentials: Select this option to pass AD credentials.
    • AD Credentials: From the drop-down list, select the AD credentials to pass.

    • Restart VMs after scripted action: Select this option to restart the VMs after script execution. It is preferable to use this option instead of using any PowerShell restart commands as Custom Script extension fails if the script restarts the computer.

    • Process hosts in groups of: Type the number of concurrent actions to execute during this bulk operation

    • Number of failures before aborting: Type the number of failures that causes the process to stop.

    • Schedule: Toggle on the Schedule, and enter the schedule information, to enable running the script per a schedule.

    • Messaging: Toggle on the Messaging to send messages to active users.

      • Delay: From the drop-down list, select the number of minutes to wait after sending the message before starting the process.

      • Message: Type the message you want to send to the users.

  5. Once you have entered all the desired information, select OK.

Default Scripts for Nerdio Manager

Every installation of Nerdio Manager contains default scripted actions. These are commonly used scripts and examples that you can use or reference for your own scripts. Default scripts have the Nerdio Tag and are locked for editing. You can clone them in order to create a customized, editable version.

Note: This is a partial list. Nerdio continuously updates the default Scripted Actions.

Default Window Scripts

Name

Use Case

Recommended Target

Requires Customization*

Enable RDP Shortpath

Enables RDP Shortpath.

Global Images

No

Grant user local admin rights

Adds user who is assigned to the personal desktop VM to the local admin group.

Session Hosts

No

Enable RDP Shortpath for Public Networks

Enable RDP Shortpath for public networks (Preview) on session host VMs.

Global Images

No

Update Windows 11

Installs latest Windows 11 updates.

Global Images

No

Virtual Desktop Optimizations (20H2)

Installs Microsoft Virtual Desktop Optimizations for Windows 10 20H2 (clone and edit to customize).

Global Images

No

Virtual Desktop Optimizations (2004)

Installs Microsoft Virtual Desktop Optimizations for Windows 10 20H2 (clone and edit to customize).

Global Images

No

Virtual Desktop Optimizations (1909)

Installs Microsoft Virtual Desktop Optimizations for Windows 10 20H2 (clone and edit to customize).

Global Images

No

Update Windows 10

Installs latest Windows 10 updates.

Global Images

No

Unregister Sophos Endpoint agent in Sophos Central

Unregisters endpoint agent from Sophos Central using API.

Global Images

No

Optimize Microsoft Edge for AVD

(PREVIEW) Configures policy settings for Microsoft Edge meant to optimize performance in WVD.

Global Images

No

Install Zoom VDI client

Downloads and installs Zoom VDI client for WVD. Reference https://support.zoom.us/hc/en-us/articles/360052984292 (under "Windows Virtual Desktop") for more information.

Global Images

No

Install <application> via Chocolatey

Installs <application> via Chocolatey Package Manager (https://chocolatey.org/).

Global Images

No

Install Sophos Server Endpoint Protection agent

Installs Sophos Server Protection Endpoint agent and registers with Sophos Central.

Global Images

No

Install Remote Display Analyzer

Installs the latest version of Remote Display Analyzer (RDAnalyzer) and places it on all users' desktop.

Global Images

No

Install Microsoft Teams

Installs/Updates MS Teams and WebRTC Service with newest versions. Enables Teams WVD Optimization mode. Recommend to run regularly on desktop images.

Global Images

No

Install Microsoft 365 Office Apps

Installs/Updates Office 365 Apps to newest version and disables Auto-Update. Recommended to run on desktop images.

Global Images

No

Default Azure Runbooks

Name

Purpose

Requires Customization*

Assign Public IP to VM

Allows VM to have a public IP.

Yes: If Static IPs are required or naming scheme is not desired.

Enable Anti-Malware Extension

Adds anti-malware extension.

Yes: If custom exclusions or scan settings times are needed.

Enable VM OS Disk Encryption

Encrypts Disk with Key Vault.

Yes: If using an existing key vault.

Use Spot VMs

(PREVIEW) Convert session hosts to spot VM instances for reduced costs in testing environments.

No

Shrink OS Disk

(PREVIEW) Resize VM OS disk to 64 GB.

No

Shrink FSLogix Profiles

(PREVIEW) Creates a temp VM which is used to shrink FSLogix profiles.

No

Detect Stale FSLogix File Handles

(PREVIEW) Scans file handles (R/W locks) on a storage account, and reports ones which do not have an associated WVD user session.

No

Delay host availability in AVD for 10 minutes

Sets session host to drain mode for 10 minutes (configurable). Useful when creating new session host VMs to delay user connections until all initial configurations are done.

No

Troubleshoot Scripts

Azure Runbooks Logs

Azure runbooks have enhanced logs that help you troubleshoot issues with scripted actions.

To view the Azure runbook logs:

  1. At the Account level, navigate to Scripted ActionsAzure runbooks.

  2. At the bottom of the window, in the Scripted Actions Tasks section, locate the task with an Error in the Status column.

  3. Select Details.

    The Job Details window displays.

  4. Locate and analyze the entry in the log with an error.

Troubleshoot Azure Runbooks

Troubleshooting Azure Runbooks

Problem

Solution

Description

In some cases, a script fails to perform the scripted action, but its status is incorrectly set to Complete. This means that the PowerShell script failed to encounter fatal errors. The final output from the script presents information about the script but has no indication of an error.

  1. Navigate to the associated Automation account.

  2. View the log with the time stamp that matches the Nerdio Manager task log.

  3. Find and resolve the error that is produced by the script in your Nerdio Manager.

When running an Azure scripted action, the associated Automation account runs a specialized runbook, which copies the code directly from the Nerdio Manager and executes it. All scripts are executed as instances of the same Automation Account job. Here you can find the errors generated when running your script. The errors vary based on your script.

Troubleshoot Windows Scripts

For information about troubleshooting Windows scripts refer to Custom Script Windows - Troubleshoot and Support.

For more information about troubleshooting the custom script extension (CSE or CSExtension) refer to Custom Script Windows - Troubleshoot and Support for Extensions.

Tip: It is recommended that you use an isolated development session host and run the scripts directly on the host to test your scripts. This ensures that the PowerShell code is functional and preforms as desired. In addition, it provides quicker results than running the commands through Nerdio Manager.

Troubleshooting Windows Scripts

Problem

Solution

Description

Scripts that cause reboots fail the entire process. When the extension is waiting for the PowerShell script to complete fully (and if a reboot is started), the script fails.

For actions which require restarts and then additional actions:

  1. Split the script up into multiple scripts.

  2. Select the "Individual with restart" script execution mode.

  3. Place the rest of the scripts in order.

N/A

Use Custom Scripts to Install or Uninstall External Applications

Nerdio Manager allows you to install or uninstall various external applications on AVD host pools using custom Windows scripts.

The following table details the each of the external applications. The table contains the following information:

  • Application: The name of the external application.

  • Script Name: The name of the script to execute to install or uninstall the application.

  • Secure Variables: The names of the secured variables that are passed to the script. These must be configured properly before script execution. See Scripted Actions - Global Secure Variables for details.

  • Location on Host: The location on the host where the application is installed. You can use this to verify that the application was installed.

External Applications

Application

Script Name

Secure Variables

Location on Host

Huntress

Install Huntress agent

HuntressAccountKey

HuntressOrgKey

C:\Program Files\Huntress

Kaseya

Install Kaseya VSA Agent

Uninstall Kaseya VSA Agent

KaseyaDownloadURL

KaseyaGroupId

C:\Program Files (x86)\Kaseya

ConnectWise

Install ConnectWise Agent

Uninstall ConnectWise Agent

AutomateServerToken

AutomateServerUrl

SystemPassword

C:\Windows\LTSvc

Ninja RMM

Install NinjaRMM agent

Uninstall NinjaRMM agent

NinjaDownloadURL

C:\Program Files (x86)\

SentinelOne

Install SentinelOne agent

Uninstall SentinelOne agent

S1AgentVersion

S1APItoken

S1SiteToken

C:\Program Files\SentinelOne\

Datto RMM

Install Datto Agent

Uninstall Datto Agent

DattoDownloadURL

C:\Program Files (x86)\CentraStage

Threatlocker

Install Threatlocker agent

Uninstall Threatlocker agent

ThreatlockerOrgName

ThreatlockerUniqueId

N/A

CrowdStrike

Install CrowdStrike agent

Uninstall CrowdStrike agent

N/A

N/A

BlackPoint

Install BlackPoint agent

Uninstall BlackPoint agent

BPCompanyEXE

BPCustomerUID

N/A

To use custom scripts to install external applications:

Note: You must refer to the table shown above for the specifics related to each external application.

  1. At the MSP level, navigate to SettingsIntegrations.

  2. In the Secure variables for scripted actions tile, edit the application's secure variables, as noted in the table above. See Scripted Actions - Global Secure Variables for details.

  3. At the Account level, navigate to navigate to AVD > Host Pools.

  4. Locate the host pool you wish to work with.

  5. From the action menu, select Hosts > Run script.

  6. Enter the following information:

    • Windows scripts: From the drop-down list, select the install or uninstall script, as noted in the table above.

      Note: If you don't find the required scripts, refresh your Nerdio Manager repository. Alternatively, please refer to GitHub Integration for more details.

    • Enter all the other options, as desired. See Apply Scripted Actions for details.

  7. Once you have entered all the desired information, select OK.

    The script execution task starts. You can follow the task's progress in the Host Pool Tasks section.

  8. Once the script completes successfully, sign in to the session host VM and verify the application was installed in the location noted in the table above.

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Article is closed for comments.