Kaseya Community

Automation after agent checks in for the first time

  • Hello All-

    I have been trying to find a solution to allow me to perform a couple of functions when a machine first checks into the vsa.  I have configured some policies that are global and all of the workstations will eventually have a policy apply to them to set the patch scan, automatic install etc scheduled.

    My goal is that a device will check in, then perform an immediate scan and either perform initial setup or just run automatic update and reboot immediately after.  I would execute some prompts so the tech that imaged the machine has an idea of what is happening and a post message indicating that the process is complete.

    I know that there are other tools and "add ons" that can be purchased but at this time I am jus interested in finding out if this can be done via a mixture of agent procedures and policies to try to get this working as I envision.

    The steps as I see would be

    Agent first checks in- Run Procedure from Alert- Pop up message indicating this machine needs to perform updates, do not reboot or disconnect until process complete

    Trigger new procedure to perform Patch Scan

    Trigger initial update or automatic update

    post update message- updates complete resume normal operations

    Policy can be set to associate patch policy group but may not be necessary, I cannot see a reliable way to schedule the scan and patch via policy as they are very restricted to run at specific times and cannot be cancelled after running once.

  • Here is a technique that is definitely not supported that I've used to accomplish similar tasks. Create a new procedure called 'Run Patch Scan'. That procedure should have one step, ExecuteProcedure(). Pick any procedure at all, it doesn't matter, just so it executes a procedure. Then export and then delete the 'Run Patch Scan' procedure. This will give you an XML file.

    Now go to the database and find the scriptId for the patch scan system procedure (SELECT * FROM scriptIdTab WHERE scriptName LIKE 'Patch Scan'). You should double check the Procedure Log for the exact system procedure name; you can do a 'run now' on a patch scan and see the name of the procedure.

    Open the XML file you exported and replace the scriptId with the system procedure you found in the database. Finally, import that procedure. Never edit this procedure in the UI again.

    Using that technique, you can call system procedures on-demand from your other procedures. Once you have this done, you can schedule a procedure to run on Monitor -> Alerts -> New Agent Checkin.

  • This is a KEY item that cannot be defined by policy, unfortunately. The simple solution is to define the New Agent Check-in monitor (and update it each time you add a client or machine group) and associate it with a procedure. Navigate to Monitor/Alerts - New Agent Check In

    Most of what you're looking to do can easily be done, although patch scans and other patch configuration should be a separate policy, not a procedure.

    We do workstation updates once weekly in a 2-hour window, and servers once monthly in a specific 6-hour change window.


  • Hi Mikey,

    U know u can create a procedure to do seperate procedures within?

    Kind Regards,


  • You can do this directly with Monitor / Agent Monitoring / Alerts - New Agent Installed. Set it to run a procedure.

    Done, Zero cost. Minimal effort.


  • You might also want to add to the procedure a step that checks it's ORG name as I have seen many times scripts run on new agent installs whilst it is still in the unnamed Org and the script was designed to only run when in a Valid ORG

    OR use a Policy to run a script "once" and link the policy to a View that Excludes the Unnamed ORG

  • I have a basic procedure setup for new agent check in.. It installs apps like Chrome, FF, Silverlight, Cisco Webex, and some other apps and shortcuts. It basically preps the machine for general usage

  • We don't allow the use of generic installers, and don't use the dl.asp page either. Every installer is available by allowing access to the System / Orgs  - Machine Groups tab. Install directly to the correct machine group with zero effort. No need to create "packages" - they're all there automatically.

    our engineers pull the appropriate workstation or server installer if they go on-site for a deployment, or sign in directly to VSA from the agent and run the installer directly.


  • Thanks all for the suggestions and it is interesting to find the approach that everyone takes to get to the same place.  I would have thought that the module would have embedded something for this purpose as all companies have similar needs but different wants/setups etc.  What I mean a standard here is a new pc, add/remove and configure vs a lot of the procedure and policy breakdown.  I know that they cant automate everything for us but just wishful thinking.

    I have moved on from Patch Management and have started setting up machines in Software Management.  What I have done for now is set a procedure to run after the agent checks in for the first time and then I have setup a policy to perform the Force Update immediately.

    This will at least allow me to have a machine fully patched.  Our image cycle pre-installs standard software and adds them to the domain so the patch compliance was the biggest concern.