A Deep Dive Into How One Company Uses An Automox Worklet to Check Network Health of Remote Workstations
We’re kicking off a new interview series where we go behind the scenes with a Worklet writer to see how the sausage gets made. Matt Richards (@Mrichards) graciously agreed to go first. I chatted with him about how the Workstation Network Health Check Worklet came to be.
Q: What was the impetus for creating this worklet?
MATT: So this Worklet was originally developed right after COVID work-from-home started, mainly because a handful of our users complained that “IT gave me a bad laptop. It’s slow and disconnects from my home wifi all the time.”
We had no real way to get any real data on what was going on at their house (we don’t do house calls). So we had no way to refute their claims about it being “IT’s fault!” Originally this Worklet was just a wifi checker, but we desired more data. It slowly became a “workstation health” script over time.
Q: What difficulties or obstacles did you run into getting it created?
MATT: The biggest difficulty was working with the Activity Log, honestly. It doesn’t really format things super well, and we want to get concise, real, usable data. So, there's a lot of effort in the script to avoid unneeded characters/strings such as removing colons or lines altogether to get nice, readable data.
Q: How well is it working and have you been able to identify any network issues with it?
MATT: Actually yes! It was a huge win for us when we were able to sit down with our end users and discuss home networking with them. We took the worst 10% wifi signal users and did 1:1 meetings with them. We found that they mostly had extremely old routers or were too far away from their access point. We mainly pushed them to either upgrade or invest in a mesh style system for those large mansions.
Q: Have you seen feedback from your end users - are they more satisfied with IT now that this troubleshooting resource is available to the helpdesk?
MATT: We noticed a lot of our less technical users are giving really positive feedback since we are able to pinpoint their issue (i.e., lack of RAM, Tracert hop here looks bad, etc). This also empowered our users to be able to call their ISP and complain with real data.
Our more technical users tend to already have troubleshooted the issue on their own and just want IT to verify and fix the issue.
Q: Have you had to upgrade or troubleshoot your WFH users’ networks? How is that going?
MATT: We realized that normally this was a boundary we never wanted to cross, but WFH changed that. First and foremost, we are trying to improve our organization’s efficiency -- with WFH, that includes home networks a bit now. We will try and do break-fix work on their network, or give guiding assistance, but there is still that separation of personal equipment from work equipment. It’s an odd line that we try and figure out on a case-by-case basis.
Q: What would you add to a v2 of this Worklet after having used it for a while?
MATT: v1.1 was adding wifi names (not uploaded to the community yet, some users get hung up on 2.4ghz/5ghz bands, so this helps). But for 2.0, I would like to set up a schedule so we have more consistent data, and pipe that into a nice looking BI for long-term trends.
Q: How did you get started writing scripts in Powershell?
MATT: I got hired on as an IT generalist doing mostly physical desktop setups with lots of manual tasks. It seemed smart to try and learn how to automate some of this stuff to give me more time to do other aspects of the job.
One of my first big projects was figuring out how to do automated imaging, which mostly relied on FOG (fogproject.org - highly recommend this free solution) to get a base image on a machine, then it was all Powershell after that. I loved the idea of writing something small in Powershell that could be used over and over again to speed up our process.
Q: What are your favorite scripting resources?
MATT: Oh man… Google everything. docs.microsoft.com is surprisingly good once you learn how they lay things out and it’s my usual go-to. Then of course the normal suspects: Spiceworks, Stack Overflow, etc. Related - I can’t stress this enough - get yourself some sort of repo to store your code in. Nothing is more frustrating than remembering you already wrote this Worklet but you cannot find it so you gotta rewrite it.
Q: What is your number one feature request or improvement idea for the Worklet system?
MATT: It has to be native x64 support with admin rights. Coding in x86(32bit) as SYSTEM actually sucks pretty bad. Most of my Worklets in some way or another require a codeblock + calling an encoded x64 Powershell window. My security team hates it because encoded hidden Powershell gets lit up by our AV.
In the same vein, [another feature request] would be digitally signed code in the same respect to trying to get my security team off my back. (Apparently they get spooked when I run long unsigned hidden encoded Powershell scripts across 200+ endpoints all at the same time. Who knew!?)
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.