Sergey Nivens - Fotolia

PowerShell automation helps MSPs, but with some caveats

PowerShell scripting can help MSPs automate mundane and time-consuming chores, but service providers need to test their scripts and look to security first.

As a managed service provider grows, so does its management chores and their complexity. Many MSPs are turning to PowerShell automation to stay on top of this administrative challenge.

Microsoft's scripting language lets MSPs create scripts to automate manual tasks. The scripts may run independently or in conjunction with a service provider's remote monitoring and management (RMM) tool. PowerShell scripts can prove a boon to MSPs, but they should pay attention to the potential downsides, such as inadequate testing and security vulnerabilities.

Radius Executive IT Solutions, an MSP based in Stoneham, Mass., is one company actively pursuing PowerShell automation.

"This is a direction we are pushing full steam ahead in," said Phil Cardone, CEO at Radius. "As we grow our MSP business, it's becoming ever increasingly difficult to keep track of all different steps involved in truly managing multiple clients throughout all of the different types of [software] and systems they are using."

Cardone said he hired a master programmer to begin the process of taking the day-by-day, mundane tasks that plague his staff and automating those tasks as much as possible.

Tasks on the PowerShell automation list

MSPs tap PowerShell's scripting capabilities in a number of areas.

"There are so many uses for PowerShell," said Shawn Sachs, senior solutions architect at Generation IX, an MSP based in Culver City, Calif. "That's what is nice about it -- it is so versatile."

PowerShell scripts play a number of roles at Generation IX, including software deployment, software integration and reporting. The MSP has created scripts that push out the common suite of apps that run on customers' machines. Here, PowerShell is used in tandem with the ConnectWise Automate RMM tool, Sachs noted.

"RMM gives us a lot of great information, but it doesn't do the actual installation of the software," he said. "That's where you build scripts."

Generation IX also uses PowerShell to set up and enforce policies. For example, a script runs every couple of hours to make sure customers' computers have required software installed -- antivirus software and the MSP's security tools, for example. Machines that don't meet policy are put in a group for remediation and brought into compliance with the baseline configuration.

Sachs said he has also created PowerShell scripts for report generation and software integration.

Administrative tasks such as account management also fall within PowerShell's scope.

"We have created some PowerShell scripts to automate user creation for Office 365," noted Jorge Rojas, partner at Tektonic Inc., an MSP based in Toronto.

This is a direction we are pushing full steam ahead in.
Phil CardoneCEO, Radius Executive IT Solutions

The Office 365 automation speeds up this process, copying the Active Directory (AD) attributes of an existing user to build a new account.

"The script prompts us for the user we want to copy from, and the new username, along with first [and] last name and password," Rojas said.

Next, the script copies the current user and creates a new one in the same AD organizational unit. As it creates the new user, the script writes the necessary AD attributes, such as email address, from the earlier prompts. The script then syncs the new account to Microsoft Azure. In this last step, the script forces an Azure AD sync, waits to allow the sync to complete and then assigns the license in Office 365, Rojas noted.

"The only caveat is that we have to create a script for each type of license, and we have to create scripts for each client site," he said. "But, overall, it has saved us a lot of time."

Scripting also boosts accuracy, Rojas said, noting a number of AD attributes had to be set manually in the past.

At Radius, Cardone said customer onboarding and change management are the highest scripting priorities for his company's master programmer, who will also update the company's standard operating procedures to match.

PowerShell automation pitfalls to avoid

Brett Cheloff, vice president for ConnectWise's Automate RMM product, said the biggest PowerShell pitfall he's seen among MSPs is failing to test scripts. He said an MSP might write a script, run it successfully on one machine and put it directly into production. A faulty script, however, can wreak havoc at a customer site, mistakenly deleting files from servers, for instance, and putting the MSP in recovery mode.

Cheloff said MSPs must establish a quality assurance process to assess automation before it goes into production. "Make sure you are testing, just like any other software company," he advised.

MSP evolution timeline
Automation has been embedded in the MSP business model since the beginning. PowerShell scripting has been a part of that evolution.

Failure to track the benefits of automation is another issue Cheloff said, noting an MSP may hire someone to write scripts, yet fail to see the full value of automation. He said ConnectWise encourages MSPs to keep tabs on how much time the organization saves through PowerShell.

"That is what is going to show what value you bring to a table to justify the cost of doing automation," Cheloff said.

An MSP's script writer should shadow technicians and review the types of support requests that come in from clients, he added. That way, the scripter can develop a work plan to lower the ticket volume.

Radius' Cardone pointed to security as a potential concern with PowerShell automation. He advised, "properly securing the scripts to ensure either a malicious hacker, or rogue tech, doesn't modify the scripts to put any types of backdoors into them."

Putting too much weight on automation could also prove problematic. Cardone recommended striking a balance between automated and manual actions. Keeping some tasks manual keeps staff accountable, particularly when it comes to checking on mission-critical items.

"I believe there is a happy medium of how many PowerShell scripts are built into the RMM, versus how many are manually called by techs," he said.

Dig Deeper on MSP business strategy