Overview of Scripted Actions
Scripted Actions are a library of PowerShell scripts that can be run in either Azure or AVD Virtual Machines as another step for various tasks performed by Nerdio Manager.
Note: Once scripted actions are created, they can be grouped into Scripted Actions Groups. These groups allow administrators to create script collections and assign them during standard deployment tasks. See Overview of Scripted Actions Groups for additional information.
There are two types of scripted actions: Azure Runbooks and Windows scripts. Each differ according to where they are run.
Create a New Scripted Action
To create a new scripted action:
At the Account level, navigate to Scripted Actions.
Navigate to either Windows scripts or Azure runbooks.
Select Add scripted action.
Enter the following information:
Name: Type the name of the script. This name is displayed when you select this action from the list of available scripted actions.
Description: Type the script's description.
Tags: From the drop-down list, select optional tags for the script. These tags are used for searching and organization.
Script Execution Mode: From the drop-down list, select the script's execution mode.
Note: This parameter determines how Nerdio Manager acts when it passes the scripted action(s) to the VM. Nerdio Manager uses the Azure Custom Script Extension to ultimately execute the PowerShell commands (for more information about Scripted Actions for windows refer to Custom Script for Windows). The extension needs to be installed and removed every time Nerdio Manager executes a Windows Scripted Action. Optionally, PowerShell scripts can be combined and passed in a single run, if they do not interfere with each other, thus saving time.
Combined: Marks the script as one that can be combined safely with other scripts. For example, a script that adds a registry value.
Individual: A stand-alone script for an action that should be run on its own. For example, a long script with commonly used variable names that may conflict with other scripts, or a script that requires a fresh PowerShell session.
Individual with restart: For Windows scripts, run the script in stand-alone mode and perform a restart when complete.
Enable Cloud PC: Optionally for Windows scripts, toggle this option on to create a Cloud PC script policy.
Run this script using the logged on credentials: Select this option to run the script with the user's credentials on the client computer. By default, the script runs in system context.
Enforce script signature check: Select this option to enforce that the script must be signed by a trusted publisher. By default, no warning or prompt displays and the script runs unblocked.
Run script in 64 bit PowerShell Host: Select this option to run the script in a 64-bit PowerShell Host for a 64-bit client architecture.
Assign to all users: Select this option to assign the script to all users.
Assign to all devices: Select this option to assign the script to all devices.
Assign to selected groups: From the drop-down list, select the group(s) to assign this script to.
Exclude assignments: From the drop-down list, select the group(s) to exclude this script from.
Script: Type the PowerShell command(s) to execute.
Note:Nerdio Manager allows you to integrate variables into the Azure runbooks scripted actions.
Note: Cmdlets used in this code must be available on the VMs or in the Azure Automation account. If using PowerShell cmdlets from modules not present by default on the Windows VMs or in the Azure Automation account, the modules must first be installed.
Nerdio provides several pre-populated variables that can be used in the script code. The available variables are:
$HostPoolId (Available when the script is associated with a host pool)
$HostPoolName (Available when the script is associated with a host pool)
$AzureSubscriptionId
$AzureSubscriptionName
$AzureResourceGroupName
$AzureRegionName
$AzureVMName (Available when the script is associated with a VM)
$ADUsername (if passing AD credentials)
$ADPassword (if passing AD credentials)
$DesktopUser (Available when the script is associated with a personal host pool)
Tip: It is recommended to develop code using an IDE such as VSCode or ISE. Then test the PowerShell code on a dedicated development session Host /Azure VM.
Once you have entered all the desired information, select OK.
View and Edit Existing Scripted Actions
Nerdio Manager allows you to view or edit existing scripted actions.
To view and edit an existing scripted action:
Navigate to Scripted actions.
Navigate to either Windows Scripts or Azure runbooks.
Locate the scripted action you want to work with and select Edit.
If desired, make the necessary changes and select OK.
Clone a Scripted Action
Nerdio Manager allows you to clone a scripted action.
To clone a scripted action:
At the Account level, navigate to Scripted actions.
Navigate to either Windows Scripts or Azure runbooks.
Locate the scripted action you want to clone, and from the action menu select Clone.
Make all the necessary changes and select Clone.
Apply Scripted Actions to Host Pools
Scripted Actions can be used as part of these tasks:
VM Lifecycle Events: Executed during the provisioning or re-imaging of Session Host VMs, or when a VM is stopped/started. Whenever a session host is created, destroyed, stopped, or started, the scripted action is performed as a final step.
Run Script: Manually run a command against a host pool. This is useful if you need to change all the session hosts without fully re-imaging them (for example, a script to change a registry key).
To apply a configured scripted action to AVD host VM lifecycle events:
At the Account level, navigate to AVD > Host Pools.
Locate the host pool you wish to work with.
From the action menu, select Properties > VM Deployment.
Toggle on the desired Run scripted actions when... options.
For each option, enter the following information:
Windows scripts: From the drop-down list, select the script to execute.
Azure runbooks: From the drop-down list, select the scripted actions to execute.
Pass AD credentials: Select this option to pass AD credentials to the script as variables.
AD Credentials: From the drop-down list, select the AD credentials to pass.
Once you have entered all the desired information, select Save or Save & close.
The scripted actions are added to the list of scripted actions for this host pool.
Warning: For some automations, the necessary actions to take must be done in the context of Azure, outside of the VM itself. While these commands could be run on the session host VM with the Azure PowerShell module installed, running scripts on session hosts that target Azure are less efficient and can be unreliable. Azure Automation allows for consistent execution, and allows for the Nerdio Manager to run the scripts as itself easily. Some scripts even require the VM to be restarted or shutdown, which means it could not be run on the session host VM regardless.
To run a scripted action on the Host Pool using the Run Script option:
At the Account level, navigate to AVD > Host Pools.
Locate the host pool you wish to work with.
From the action menu, select Hosts > Run script.
Enter the following information:
Windows scripts: From the drop-down list, select the scripted actions to execute.
Azure runbooks: From the drop-down list, select the scripted actions to execute.
- Pass AD credentials: Select this option to pass AD credentials.
AD Credentials: From the drop-down list, select the AD credentials to pass.
Restart VMs after scripted action: Select this option to restart the VMs after script execution.
Note: It is preferable to use this option instead of using any PowerShell restart commands as Custom Script extension fails if the script restarts the computer.
Process hosts in groups of: Type the number of concurrent actions to execute during this bulk operation
Number of failures before aborting: Type the number of failures that causes the process to stop.
Schedule: Toggle on the Schedule, and enter the schedule information, to enable running the script per a schedule.
Messaging: Toggle on the Messaging to send messages to active users.
Delay: From the drop-down list, select the number of minutes to wait after sending the message before starting the process.
Message: Type the message you want to send to the users.
Once you have entered all the desired information, select OK.
Apply Scripted Actions to Servers
Scripted Actions can be applied to servers.
To apply a configured scripted actions to a server:
At the Account level, navigate to AVD > Servers.
Locate the server you wish to work with.
From the action menu, select Run script.
Enter the following information:
Windows scripts: From the drop-down list, select the scripted actions to execute.
Azure runbooks: From the drop-down list, select the scripted actions to execute.
- Pass AD credentials: Select this option to pass AD credentials.
AD Credentials: From the drop-down list, select the AD credentials to pass.
Restart VMs after scripted action: Select this option to restart the VMs after script execution.
Note: It is preferable to use this option instead of using any PowerShell restart commands as Custom Script extension fails if the script restarts the computer.
- Schedule: Optionally, toggle on the Schedule to perform the script during a selected time frame. Otherwise, the script start as soon as you select OK.
Start Date:Select the date to start.
Time Zone: From the drop-down list, select the time zone for the Start/End times.
Start Time: From the drop-down lists, select the time to start.
Repeat: From the drop-down list, select the recurring schedule, if desired.
Once you have entered all the desired information, select OK.
Default Scripts for Nerdio Manager
Every installation of Nerdio Manager contains default scripted actions. These are commonly used scripts and examples that you can use or reference for your own scripts. Default scripts have the Nerdio Tag and are locked for editing. You can clone them in order to create a customized, editable version.
Note: This is a partial list. Nerdio continuously updates the default Scripted Actions.
Name | Use Case | Recommended Target | Requires Customization* |
---|---|---|---|
Enable RDP Shortpath | Enables RDP Shortpath. | Global Images | No |
Grant user local admin rights | Adds user who is assigned to the personal desktop VM to the local admin group. | Session Hosts | No |
Enable RDP Shortpath for Public Networks | Enable RDP Shortpath for public networks (Preview) on session host VMs. | Global Images | No |
Update Windows 11 | Installs latest Windows 11 updates. | Global Images | No |
Virtual Desktop Optimizations (20H2) | Installs Microsoft Virtual Desktop Optimizations for Windows 10 20H2 (clone and edit to customize). | Global Images | No |
Virtual Desktop Optimizations (2004) | Installs Microsoft Virtual Desktop Optimizations for Windows 10 20H2 (clone and edit to customize). | Global Images | No |
Virtual Desktop Optimizations (1909) | Installs Microsoft Virtual Desktop Optimizations for Windows 10 20H2 (clone and edit to customize). | Global Images | No |
Update Windows 10 | Installs latest Windows 10 updates. | Global Images | No |
Unregister Sophos Endpoint agent in Sophos Central | Unregisters endpoint agent from Sophos Central using API. | Global Images | No |
Optimize Microsoft Edge for AVD | (PREVIEW) Configures policy settings for Microsoft Edge meant to optimize performance in WVD. | Global Images | No |
Install Zoom VDI client | Downloads and installs Zoom VDI client for WVD. Reference https://support.zoom.us/hc/en-us/articles/360052984292 (under "Windows Virtual Desktop") for more information. | Global Images | No |
Install <application> via Chocolatey | Installs <application> via Chocolatey Package Manager (https://chocolatey.org/). | Global Images | No |
Install Sophos Server Endpoint Protection agent | Installs Sophos Server Protection Endpoint agent and registers with Sophos Central. | Global Images | No |
Install Remote Display Analyzer | Installs the latest version of Remote Display Analyzer (RDAnalyzer) and places it on all users' desktop. | Global Images | No |
Install Microsoft Teams | Installs/Updates MS Teams and WebRTC Service with newest versions. Enables Teams WVD Optimization mode. Recommend to run regularly on desktop images. | Global Images | No |
Install Microsoft 365 Office Apps | Installs/Updates Office 365 Apps to newest version and disables Auto-Update. Recommended to run on desktop images. | Global Images | No |
Name | Purpose | Requires Customization* |
---|---|---|
Assign Public IP to VM | Allows VM to have a public IP. | Yes: If Static IPs are required or naming scheme is not desired. |
Enable Anti-Malware Extension | Adds anti-malware extension. | Yes: If custom exclusions or scan settings times are needed. |
Enable VM OS Disk Encryption | Encrypts Disk with Key Vault. | Yes: If using an existing key vault. |
Use Spot VMs | (PREVIEW) Convert session hosts to spot VM instances for reduced costs in testing environments. | No |
Shrink OS Disk | (PREVIEW) Resize VM OS disk to 64 GB. | No |
Shrink FSLogix Profiles | (PREVIEW) Creates a temp VM which is used to shrink FSLogix profiles. | No |
Detect Stale FSLogix File Handles | (PREVIEW) Scans file handles (R/W locks) on a storage account, and reports ones which do not have an associated WVD user session. | No |
Delay host availability in AVD for 10 minutes | Sets session host to drain mode for 10 minutes (configurable). Useful when creating new session host VMs to delay user connections until all initial configurations are done. | No |
Troubleshoot Scripts
Azure Runbooks Logs
Azure runbooks have enhanced logs that help you troubleshoot issues with scripted actions.
To view the Azure runbook logs:
At the Account level, navigate to Scripted Actions > Azure runbooks.
At the bottom of the window, in the Scripted Actions Tasks section, locate the task with an Error in the Status column.
Select Details.
The Job Details window displays.
Locate and analyze the entry in the log with an error.
Troubleshoot Azure Runbooks
Problem | Solution | Description |
---|---|---|
In some cases, a script fails to perform the scripted action, but its status is incorrectly set to Complete. This means that the PowerShell script failed to encounter fatal errors. The final output from the script presents information about the script but has no indication of an error. |
| When running an Azure scripted action, the associated Automation account runs a specialized runbook, which copies the code directly from the Nerdio Manager and executes it. All scripts are executed as instances of the same Automation Account job. Here you can find the errors generated when running your script. The errors vary based on your script. |
Troubleshoot Windows Scripts
For information about troubleshooting Windows scripts refer to Custom Script Windows - Troubleshoot and Support.
For more information about troubleshooting the custom script extension (CSE or CSExtension) refer to Custom Script Windows - Troubleshoot and Support for Extensions.
Tip: It is recommended that you use an isolated development session host and run the scripts directly on the host to test your scripts. This ensures that the PowerShell code is functional and preforms as desired. In addition, it provides quicker results than running the commands through Nerdio Manager.
Problem | Solution | Description |
---|---|---|
Scripts that cause reboots fail the entire process. When the extension is waiting for the PowerShell script to complete fully (and if a reboot is started), the script fails. | For actions which require restarts and then additional actions:
| N/A |
Use Custom Scripts to Install or Uninstall External Applications
Nerdio Manager allows you to install or uninstall various external applications on AVD host pools using custom Windows scripts.
The following table details the each of the external applications. The table contains the following information:
Application: The name of the external application.
Script Name: The name of the script to execute to install or uninstall the application.
Secure Variables: The names of the secured variables that are passed to the script. These must be configured properly before script execution. See Scripted Actions - Account-Level Variables for details.
Location on Host: The location on the host where the application is installed. You can use this to verify that the application was installed.
Application | Script Name | Secure Variables | Location on Host |
---|---|---|---|
Huntress | Install Huntress agent | HuntressAccountKey HuntressOrgKey | C:\Program Files\Huntress |
Kaseya | Install Kaseya VSA Agent Uninstall Kaseya VSA Agent | KaseyaDownloadURL KaseyaGroupId | C:\Program Files (x86)\Kaseya |
ConnectWise | Install ConnectWise Agent Uninstall ConnectWise Agent | AutomateServerToken AutomateServerUrl SystemPassword | C:\Windows\LTSvc |
Ninja RMM | Install NinjaRMM agent Uninstall NinjaRMM agent | NinjaDownloadURL | C:\Program Files (x86)\ |
SentinelOne | Install SentinelOne agent Uninstall SentinelOne agent | S1AgentVersion S1APItoken S1SiteToken | C:\Program Files\SentinelOne\ |
Datto RMM | Install Datto Agent Uninstall Datto Agent | DattoDownloadURL | C:\Program Files (x86)\CentraStage |
Threatlocker | Install Threatlocker agent Uninstall Threatlocker agent | ThreatlockerOrgName ThreatlockerUniqueId | N/A |
CrowdStrike | Install CrowdStrike agent Uninstall CrowdStrike agent | N/A | N/A |
BlackPoint | Install BlackPoint agent Uninstall BlackPoint agent | BPCompanyEXE BPCustomerUID | N/A |
To use custom scripts to install external applications:
Note: You must refer to the table shown above for the specifics related to each external application.
At the Account level, navigate to Settings > Portal.
In the Secure variables for scripted actions tile, edit the application's secure variables, as noted in the table above. See Scripted Actions - Account-Level Variables for details.
Navigate to AVD > Host Pools.
Locate the host pool you wish to work with.
From the action menu, select Hosts > Run script.
Enter the following information:
Windows scripts: From the drop-down list, select the install or uninstall script, as noted in the table above.
Note: If you don't find the required scripts, refresh your Nerdio Manager repository. Alternatively, please refer to GitHub Integration for more details.
Enter all the other options, as desired. See Apply Scripted Actions to Host Pools for details.
Once you have entered all the desired information, select OK.
The script execution task starts. You can follow the task's progress in the Host Pool Tasks section.
Once the script completes successfully, sign in to the session host VM and verify the application was installed in the location noted in the table above.
Comments (0 comments)