Good automation can make the difference between a profitable MSP and one that struggles. Effective automation reduces the risk of human error, decreases mean time to resolve (MTTR) customer issues, and ensures repeatable results across a variety of IT and professional services workflows without requiring a human to do the work.
Worded differently, automation helps MSPs save time and money, improve customer satisfaction, and focus on tasks that drive your business forward instead of just “keeping the lights on”.
For many MSPs, that means PowerShell scripts are an essential tool of the trade. From software installs to LDAP queries, if you need to do it programmatically in Windows, PowerShell scripts have you covered.
Simply put, PowerShell scripting is an MSP superpower that can significantly impact your bottom line. In this article, we’ll look at 8 PowerShell script use cases that can help MSPs become more efficient.
8 PowerShell script use cases for MSPs
Let’s jump into 8 specific use cases where you can use scripting to make your MSP business more efficient.
- Detect unwanted RMM, security, and remote access apps
- Check if SMB v1 is enabled and disable if needed
- Harden web browsers
- Remove bloatware
- Generate warranty reports
- Hide Windows update prompts
- Clean up disk space
- Streamline ransomware recovery
⚠️ Warning: Review scripts before production use! The scripts in this article are great examples of what you can do with an RMM and custom scripts. However, like any code you find on the internet, you should use caution before deploying them in production. Any given script in this article may have bugs or security flaws of their own.
Detect unwanted RMM, security, and remote access apps (and clear up those MuddyWaters!)
The recent MuddyWaters spear phishing campaigns were an example of threat actors using legitimate tools for illegitimate purposes. As an MSP, you should know which RMM agents are expected on your client’s machines.
If new RMM software shows up, that’s likely a sign of malicious activity. This script from SkyCampTech—which will be in our community library soon—searches for unwanted RMM software, security, and remote access apps and raises an alert in the Syncro notification center if any unwanted apps are detected.
Configuring it to run regularly on your clients’ machines can help you quickly detect and remediate issues if unwanted software is detected. You could even extend the script to uninstall the unwanted software automatically.
Adding the “Check-PotentiallyUnwantedApps.ps1” script to Syncro
Similarly, the Syncro community script trtuelibrary has a Monitor – Other RMM Solution Installation script you can import and use to detect other RMM tools when you take over a new client.
The “Monitor – Other RMM Solution Installation” script in the Syncro community script library
Check if SMB v1 is enabled and disable if needed
WannaCry ransomware infamously infected over 200,000 Windows machines running server message block (SMB) v1 in 2017 and many more since. Microsoft has made it clear you shouldn’t be using SMB v1 since at least 2016.
However, just because a protocol is insecure doesn’t mean a new client has it disabled. The Security – Disable SMB v1 Protocol script from the community library disables SMB v1 and then reboots the computer.
But what if you’re unsure if SMB v1 is enabled on the machines and you want to add a check? That’s easy. Simply edit the script post-import.
You can edit code to customize your scripts in Syncro
Here’s our updated sample code that includes a check:
Import-Module $env:SyncroModule
$SMB1 = (Get-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol").State
if ($SMB1 -eq "Enabled") {
Write-Host "SMBv1 is enabled, disabling…"
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol -NoRestart
Write-Host "SMBv1 disabled, restarting machine."
shutdown /r /t 240
}
else {
Write-Host "SMBv1 is NOT enabled!"
}
SMB v1 is just one example. You can leverage similar scripts for shutting off other protocols to harden your clients’ systems and even combine them into one “hardening” script.
Harden web browsers
Browser security is a big part of maintaining a strong overall security posture. There are plenty of scripts available to help harden web browsers on the systems you manage.
For example, the Disable Browser Password Saving script is designed to prevent users from storing passwords in their browsers.
This Chrome and Edge browser hardening script from an unofficial Syncro GitHub repo disables password saving and goes further to automate tasks like:
- Disabling the Flash plugin
- Denying serial port access
- Denying Bluetooth
- Denying USB access
- Disabling cross origin prompts
- Blocking dangerous downloads
- Disabling payment autofill
- Block non-allowlisted extensions
Remove bloatware
Many modern Windows systems come with additional apps that aren’t always ideal for business computers. This creates a problem for MSPs that want to limit attack surface and improve performance. When PCs come with apps you don’t want, you have to live with it or do some work to remove them.
The Xbox app isn’t ideal for many business PCs
The problem is so common among MSPs that the Windows 10 – Remove Bloatware Apps script is the most popular (over 2,000 imports!) in the Syncro community library. That script helps you automate removing apps like Solitaire, the Xbox app, and Bing Sports.
Generate warranty reports
Warranty is one of the biggest factors to consider for a hardware refresh. As your clients’ trusted advisor, you should clearly understand their hardware warranties to help them make informed decisions. However, keeping track of assets and their warranty status isn’t always easy.
Fortunately, there are a few scripts you can use to help you automate the process. Kelvin Tegelaar’s MIT-licensed PowerShellWarrantyReports covers a lot of ground and is compatible with multiple RMMs, including Syncro.
Additionally, Dave Evans’ GetDellWarranty-V5 is a popular entry in the Syncro community library.
The “GetDellWarranty-V5 script” in the Syncro community script library
Hide Windows update prompts
Windows updates are important. But it’s also important that you control when they occur. For example, many admins wanted to avoid Windows 11 updates before they were ready. The CyberDrain.com – Hide Windows Update Icons script from the community library helps prevent users from ever seeing the update prompts and puts you back in control.
Clean up disk space
In general, cleaning up disk space by removing unneeded files is a good idea. If you’re an MSP that provides cloud backups, it can be a money saver too. Those GBs matter when it comes to cloud storage.
Several community scripts can help you free up disk space. For example, the Empty Every Recycle Bin script can help you automate emptying recycle bins.
The “Empty Every Recycle Bin” script is a simple script to clear out recycle bins
The Disk Clean Up script goes further and automates tasks like:
- Deleting system restore points
- Deleting “rogue” folders like C:\Config.Msi and C:\PerfLogs
- Removing temp files
- Setting up and running cleanmgr
Streamline ransomware recovery
This last example is an excellent real-world story of PowerShell scripts helping an MSP solve a problem, acquire a new client, and streamline system provisioning. In 2020, John Wheeler, president of Cyber Shift Technologies, was brought into a meeting with a large national company.
It turned out the company had recently been hit with ransomware. John immediately recommended using Syncro and PowerShell scripts to automate the recovery process. Within a few weeks, Cyber Shift had Syncro installed on about 800 devices and:
- Used PowerShell scripts automatically capture the data the forensic team needed
- Isolated the network to a clean environment
- Formatted and reimaged the company’s Windows machines
- Used install scripts to reduce the provisioning time for fresh Windows installs from 1-2 hours to 5-10 minutes per machine
As a result of their success, Cyber Shift turned the company into a client, one of their largest to date.
While every cybersecurity incident is different, once you know a thing or two about PowerShell scripts, it’s easy to see where they can be beneficial in cases like these.
For example, suppose you know the prerequisites for a given malware variant is a combination of a specific application, Windows version, and hardware platform. You can start with a PowerShell script like Get List of Installed Applications and extend it with additional business logic and Syncro platform variables like
{{asset_custom_field_os}} and {{asset_custom_field_model}} to detect what machines have those prerequisites. Then, you could use the Create-Syncro-Ticket cmdlet to create a ticket for at-risk machines.
When it’s time to provision fresh Windows images, you could install Chocolatey, then use PowerShell scripts with the choco install command to automate app installs.
Final thoughts on PowerShell scripts: Automate wisely!
Bill Gates famously said:
“The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency.”
That holds true for MSPs. Automation is amazing, but you must know where and how to apply it. With the right workflows and tooling, you can effectively automate many MSP processes and free your team up to focus on more strategic work.
As an all-in-one RMM, PSA, and remote access tool, Syncro has powerful cross-platform scripting capabilities, plus a rich community script library and an inventory of one-line PowerShell commands to help power your MSP. Start your free Syncro trial today.
