Helping Manage the COVID-19 crisis: Automation for Users Who Work from Home

Following our recent webinar series focused on helping partners deal with the global crisis, I’ve received several emails asking for help creating or using the automation we discussed. To help answer your questions, I’ve created an outline below of what the automations are, how and when to use them, and links to the policies.

The four automation policies we covered in the webinars are:

  • Installing apps to ensure customers have the basic apps they need
  • Creating a local admin and a work-only user account
  • Installing a Layer Two Tunneling Protocol (L2TP) over Internet Protocol Security (IPSEC) VPN
  • Environment baselining

Let’s discus each of these individually. I’ll do full blog articles on some of these in the future, so for now I’ll just include a summary and the links for each.

1/ Installing applications

Installing applications can be tricky and time-consuming, so it’s a good thing to automate. Chocolatey is a free, crowd-sourced platform that allows users to create app deployment scripts.

We’ve created an automation policy that leverages Chocolatey to install one or more apps to your end users’ computers in seconds—without having to worry about creating your own install scripts, finding the URLs to the app, etc.

To use it, click the link here and get the policy.

2/ Creating local users

If you’re faced with a growing number of devices being added or replaced on your customers’ networks, increased staff turnover, or you simply need to add a user’s at-home personal or work computer to your management roster, being able to use automation to create a local admin and a limited work user account on a device is extremely important. These two policies allow you to create a local admin for you to use as well as a local user account with no admin privileges on the end user’s device.

Create Local Admin:

Create Local End User:

3/ Installing a L2TP over IPSEC VPN

With so many companies forced to close their physical offices and have staff work from home, a lot of businesses are upgrading their VPN infrastructures or replacing it to support higher workloads. We’ve created an automation policy with one of our partners, Aztech in the UK, which allows you to create a VPN profile.

The policy is straightforward. It asks for a name, gateway IP, and pre-shared key. With this, it will create the profile.

Here is the link to the article and file:

Alternatively, you can reach out to me if you need help deploying another VPN client and I’ll be happy to assist if I can. My email is below.

4/ Environment baselining

The final automation in this article is about securing the desktop environment and ensuring you meet basic security requirements. The policy linked below offers a range of functionality, including the ability to enable UAC and SmartScreen, disable RDP, and much more. We recommend you go through this and modify it to fit your own requirements. This policy was built initially in collaboration with NetEffect in Las Vegas and Aztech IT in Milton Keynes.

You can read the article and download the file here:


If you have created an automation policy and would like to share it with the community, please feel free to email me at [email protected].

As always, don’t forget to look in the Automation Cookbook at if you’re interested in other automation policies, script checks, and custom services.


Marc-Andre Tanguay is Head Automation Nerd. You can follow him on Twitter at @automation_nerd