Hexnode’s automation for Windows enables IT teams to perform a wide range of remote actions that strengthen security, streamline device management, and improve compliance. By automating everyday tasks, from configuration and monitoring to user and policy controls, organizations reduce manual effort, eliminate errors, and ensure every endpoint remains consistent, resilient, and work‑ready across the enterprise.
Patches and Updates: Automated Security & Stability Management
| Action Name |
Definition |
Use Case: Why Automating this Action Helps |
| Auto Patch |
Enforces the installation of Windows updates based on predefined rules. |
Zero-Touch Maintenance: Automatically applying critical security patches ensures the fleet is never vulnerable to known exploits, removing human delay. |
| Manual Patch |
Allows admins to selectively approve and push specific updates. |
Stability Control: Automating “Approved Only” patches ensures system stability by only deploying updates pre-tested for compatibility. |
App Distribution: Streamlined Deployment & Removal
| Action Name |
Definition |
Use Case: Why Automating this Action Helps |
| App Distribution |
Simplifies large-scale deployment of store and enterprise apps. |
Bulk Provisioning: Automating software suites (e.g., Microsoft 365) to the “New Hire” group ensures laptops are work-ready before reaching the employee. |
| App Uninstallation |
Removes unwanted or outdated applications across devices in a controlled manner. |
System Hygiene: Automating app removal prevents software bloat, reduces security risks from unused apps, and ensures compliance with organizational standards. |
Device Control: Remote Management & Compliance
| Action Name |
Definition |
Use Case: Why Automating this Action Helps |
| Power Off |
Remotely shuts down the Windows machine. |
Energy Savings: Automatically powering off desktops at 8 PM reduces energy costs and shrinks the attack surface for after-hours threats. |
| Restart Device |
Triggers an immediate or scheduled reboot of the OS. |
Update Completion: Automating reboots after major patches ensures system changes take effect immediately, preventing performance lags. |
| Rename Device |
Changes the computer’s system name. |
Inventory Standards: Automating renames during enrollment (e.g., %username%-%serial%) ensures an orderly, easy-to-audit network environment. |
| Set Friendly Name |
Assigns a custom label in the Hexnode portal. |
Search Efficiency: Automating friendly names with wildcards allows admins to instantly find devices by department or role in the console. |
| Change Owner |
Reassigns the device to a different user. |
User Transition: Automating ownership changes ensures smooth handover when employees shift roles or devices are reassigned, with policies updated instantly. |
| Change Ownership |
Transfers the device to a new organizational category or department. |
Role Redefinition: Moving a laptop from “Sales” to “Design” triggers an automated swap of department-specific software and policies. |
| Edit Device Attributes |
Updates metadata fields like Asset Tag or Department. |
Record Accuracy: Automating attribute updates based on group movement ensures the asset database is accurate without manual entry. |
Policy: Dynamic Security & Configuration Control
| Action Name |
Definition |
Use Case: Why Automating this Action Helps |
| Associate Policy |
Links a security or configuration policy to the device. |
Adaptive Security: Instantly apply a “Restricted USB Policy” the moment a device joins an untrusted network to prevent data exfiltration. |
| Remove Policy |
Detaches a policy from the device or group. |
Access Transitions: Automatically removing “Work-From-Home” VPN policies when a device reconnects to the office LAN optimizes performance. |
Scans: Proactive Monitoring & Compliance
| Action Name |
Definition |
Use Case: Why Automating this Action Helps |
| Scan Device |
Refreshes hardware info, battery, and compliance status. |
Health Monitoring: Automated scans every 6 hours provide data on disk space and battery health to proactively replace failing hardware. |
| Sync Local Accounts |
Fetches info about all local user accounts on the PC. |
Security Auditing: Daily syncs allow IT to detect unauthorized local admin accounts created by users or malicious software. |
| Scan Device Location |
Fetches instantaneous GPS or network-based location. |
Asset Security: Hourly automated location scans for laptops provide a reliable path history if hardware is ever lost or stolen. |
| Scan for Updates |
Checks for available Windows OS and driver updates. |
Compliance Visibility: Automated scans ensure “Out-of-Date” reports are accurate, allowing IT to prioritize the most vulnerable machines. |
| Scan for Apps |
Updates the list of all installed software on the PC. |
License Compliance: Automated scans detect unauthorized software (Shadow IT) and track license usage without manual audits. |
User Controls: Account Management & Onboarding
| Action Name |
Definition |
Use Case: Why Automating this Action Helps |
| Create User Account |
Remotely creates a new local user account. |
Onboarding Speed: Automating “Standard User” creation during enrollment ensures new employees can log in and work immediately. |
Security: Protection, Recovery & Compliance
| Action Name |
Definition |
Use Case: Why Automating this Action Helps |
| Lock Device |
Instantly locks the Windows session. |
Theft Prevention: Automating a lock command when a laptop leaves the corporate building ensures data remains inaccessible if stolen. |
| Enable Lost Mode |
Locks the device and displays a recovery message. |
Rapid Recovery: Triggering Lost Mode automatically when “Missing” ensures a finder sees return instructions immediately. |
| Disable Lost Mode |
Restores functionality once the device is recovered. |
Instant Resumption: Automating disablement when a device enters the “Office Geofence” allows work to resume without IT intervention. |
| Wipe Device |
Erases data (Corporate Wipe or Factory Reset). |
Breach Response: In severe security violations (e.g., unauthorized OS changes), automation triggers a wipe to protect sensitive IP. |
| Enable Location Tracking |
Turns on the device’s location services. |
Theft Preparedness: Automating location enablement upon enrollment ensures every device is trackable from day one. |
| Disable Location Tracking |
Turns off the device’s location services. |
Privacy Compliance: Automating disablement for devices in “Privacy-Sensitive” regions ensures compliance with local labor laws. |
| Delete Location History |
Wipes movement history from the portal. |
GDPR Compliance: Automating the deletion of movement data every 30 days meets strict data retention and privacy requirements. |
Scripts: Remote Automation & Standardization
| Action Name |
Definition |
Use Case: Why Automating this Action Helps |
| Execute Custom Script |
Runs PowerShell or Batch scripts remotely. |
Standardized Config: Automating scripts to map network drives or printers ensures a consistent user experience without manual setup. |
Device Encryptions: Data Protection & Access Control
| Action Name |
Definition |
Use Case: Why Automating this Action Helps |
| Force BitLocker Encryption |
Enforces drive encryption with a PIN/Password. |
Data Security: Automating encryption upon enrollment ensures 100% of the fleet is compliant with data protection standards. |
| Force Bitlocker Decryption |
Remotely turns off BitLocker encryption. |
Maintenance Access: Automating decryption during repair windows allows technicians to work on drives without security blocks. |
| Unlock BitLocker |
Remotely unlocks encrypted drives for management. |
Support Speed: Automating the unlock process allows remote troubleshooting of boot issues without needing the user’s recovery key. |
| Rotate Bitlocker Recovery Key |
Updates the BitLocker recovery password. |
Audit Hygiene: Scheduling automated key rotation every 90 days ensures that leaked keys are quickly invalidated and replaced. |
Groups & Domain: Seamless Integration & Clean Offboarding
| Action Name |
Definition |
Use Case: Why Automating this Action Helps |
| Join AD Domain |
Binds the device to a local Active Directory domain. |
Seamless Integration: Automating domain joins during the “Out-of-Box Experience” allows users to log in with corporate credentials immediately. |
| Unjoin AD Domain |
Disconnects the device from the AD domain. |
Clean Offboarding: Automating the unjoin process when a laptop is retired ensures AD records remain clean and permissions are revoked. |
Registry Configurations: Remote OS Hardening & Recovery
| Action Name |
Definition |
Use Case: Why Automating this Action Helps |
| Registry Editor |
Defines and applies registry settings remotely. |
OS Hardening: Automating registry changes (e.g., disabling USB ports) across the fleet ensures a secure, standardized environment. |
| Registry Snapshot |
Takes a backup of the current registry state. |
Disaster Recovery: Automating snapshots before pushing registry changes allows instant reversal if an update causes errors. |
Alerts: Instant Notifications & Incident Response
| Action Name |
Definition |
Use Case: Why Automating this Action Helps |
| Broadcast Message |
Sends a pop-up text notification to the screen. |
Incident Response: Automating messages for outages or alerts ensures users are notified instantly, reducing helpdesk volume. |
App Management: Deployment & Compliance
| Action Name |
Definition |
Use Case: Why Automating this Action Helps |
| Install Application |
Remotely pushes a Windows app for installation. |
Software Readiness: Automating installs of VPNs or Antivirus upon enrollment ensures the machine is secure before being handed over. |
| Uninstall Application |
Removes a specific application from the device. |
Security Cleanup: If an automated scan detects a “Blacklisted” app, the system can automatically remove it to maintain compliance. |
