Service Desks Leveraging Windows Powershell

Part of an aggressive continual service improvement strategy at the service desk involves looking for opportunities to improve resolution rates. To that end, additional access, documentation, or training rolled out to the agents is the operational mantra.

While closing those gaps tends to be a primary focus during monthly metric review and root cause analysis, honing troubleshooting techniques that are already working well is a proactive approach that should not go overlooked.

Service desk outsourcing companies must frequently evaluate and leverage the tools of the trade that increase agent efficiency. Windows PowerShell offers shortcuts to incident resolution by automating processes and promoting the speed and accuracy of traditional service desk tasks.

Windows Powershell

Windows PowerShell is a “task automation and configuration management framework” with infinite possibilities, but even scratching the surface from a Level 1 support standpoint yields enormous benefits.

For example, it can streamline the process of setting up an out-of-office message on behalf of the end-user. Ordinarily, the agent would have to grant themselves access rights to that mailbox (assuming the client has already authorized them to do so) and compose and set the message before removing those rights again.

The Benefits

In PowerShell’s Integrated Scripting Environment (ISE), the service desk can create and use a script that merely queries the email address and auto-reply message content.

So this task that previously took several minutes and 20 mouse clicks to accomplish is resolved in seconds, reducing the Average Handle Time of the agent so they can be available for the next inbound contact more quickly. The same concept applies to adding and removing users from distribution lists.

Agents bypass the lengthier process of using the Exchange Management Console and Active Directory to make the change. Using a similar PowerShell script the agent can merely enter the user name and the name of the distribution list and it’s all set.

When end users find themselves inexplicably locked out of an account, service desk agents can use PowerShell scripts to search the event log and trace the IP address of the device causing the problem.

All too often the user may not realize it may still be syncing with a mobile device from which their credentials had been updated. The good news is the agent can, utilizing PowerShell, monitor and verify the resumption of service for any incidents involving end-user access to various systems and applications without having to contact the individual directly, because those login activities are time stamped.

Similarly, when end-users experience hung processes that freeze up their applications, agents use PowerShell to query which processes are flooding the device memory and terminate them via the remote server until normal performance resumes.

In addition to resolving end-user prompted incidents, PowerShell scripts can be written as a preventative measure to enforce data security. Agents can query Active Directory accounts to see which ones have been inactive over a fixed period or detect accounts that have passwords with no expiration timeframe.

Depending on the IT organization’s security policy, upon identifying those accounts that can remain indefinitely active, the agent can either establish a specific password expiration or, if the account has shown no recent login activity, disable it completely.

With a PowerShell script, entering a couple of key data fields into the query will automatically generate execution of those tasks in Active Directory. Typically, account administration notifications are managed as an HR function within an ITSM platform’s service request web form, but for organizations that have a manual system, automated email reminders can also be set up via PowerShell.

Remote Level 2 service desk agent Rico Feliciano explains, “For the clients I support, I wrote a script that indicates when a password is about to expire and prompts the end-user to reset it in advance of the preconfigured number of days. I have also created scripts that auto-disable accounts due to inactivity after 90 days.”

For application installs, agents can use PowerShell to grant temporary administrative rights to the end-users, so they can easily run a .exe file without having to respond to those annoying User Access Control (UAC) prompts.

A script can also be written to terminate those administrative rights within a short period or at the conclusion of the call to the service desk.

The service desk can also uninstall an application remotely after writing a script that queries the name of the user and application, subsequently launching the automated process through completion via PowerShell.


With a properly written script that addresses access and executes all subtasks, remote service desk support through the PowerShell interface is faster, more efficient, and procedurally standardized.

Any IT organization stands to gain major service improvements by leveraging such a powerful tool even if only for troubleshooting common Level 1 support issues.

After a cursory review of its potential, a proactive service desk provider will recognize the value of introducing it to their client support equation without being prompted to do so…but there’s a PowerShell script for that just in case they forget.

If you would like to get more from your support team or supplement your current resources, Mechdyne’s outsourced service desk team is ready to help you today.

    Related Posts