Remote Endpoint Execution¶
A workflow Automation step can run a PowerShell script directly on a managed endpoint — a user's workstation or any device registered to the client — without a technician opening a remote session by hand.
You pick the target machine; ZAI works out the best way to reach it, dispatches the script, and captures the result.
In development
Remote endpoint execution is part of an upcoming release and is still being finalised. The behaviour below describes how it's designed to work — details may change before it ships.
Overview¶
When a workflow reaches an Automation step set up for remote execution, ZAI:
- Shows the workflow runner a live list of available endpoints for the client.
- The runner picks the target machine.
- ZAI dispatches the script over ScreenConnect or the Windows Agent (Azure IoT Hub) — whichever transport reaches that machine.
- The output, errors, and success/failure status are captured and made available to later steps.
Prerequisites¶
- At least one managed endpoint registered to the client — a ScreenConnect Access session or a Windows Agent enrolled via IoT Hub.
- An approved PowerShell automation to run.
- ScreenConnect configured in ZAI with access to the correct session group (an administrator setup task).
Note
The ScreenConnect session group ZAI queries is set per environment by your administrator. Only machines in that group appear in the endpoint list for ScreenConnect sessions.
How endpoint discovery works¶
When the runner reaches a remote execution step, ZAI builds the endpoint list by:
- Querying ScreenConnect for Access sessions belonging to the client.
- Querying IoT Hub for Windows Agents enrolled for that client.
- Merging the two into one list, deduplicated by machine name (a machine seen in both appears once).
Each entry shows the machine name, online/offline status, the logged-in user (if any), and the transport it's reachable on.
Only online machines can run commands
Offline endpoints still appear in the list so you can see what's registered, but they can't be targeted. If the machine you need is offline, the step fails with a clear message.
Transport selection and fallback¶
You don't choose a transport yourself — the list shows how each machine is reachable, and ZAI uses the right one automatically.
| Transport | How it works |
|---|---|
| ScreenConnect | ZAI uses the existing Access session to run the script in the background. |
| Windows Agent (IoT Hub) | ZAI sends the command to the enrolled agent over Azure IoT Hub; the agent runs it locally and reports back. |
A ScreenConnect session is preferred when available; the Windows Agent is the fallback.
Viewing the result¶
After the step completes, its result — output, error output, and exit status — is stored against the workflow run, viewable in Workflow History. Later steps can branch on whether the script succeeded, or pass a value it returned to a subsequent action.
Troubleshooting¶
The endpoint list is empty. Confirm the client has at least one ScreenConnect Access session or an enrolled Windows Agent. Check that the configured ScreenConnect session group includes the client's machines.
The step fails with "no reachable endpoint found". The machine went offline after the list was opened. Re-run and pick a machine that's currently online.
The step fails with an "insufficient permission" error. ZAI's ScreenConnect account doesn't have permission to run commands in that session group. Your administrator needs to grant the ZAI service account the appropriate role in ScreenConnect.
The automation has no script. The automation was saved without script content. Open it in the Automation Wizard, add the script, and resubmit for approval.
Where to next¶
-
Workflow Designer
Configure step parameters, connect steps, and test your workflow.
-
Automation Wizard
Create and approve the PowerShell script the step will run.
-
Workflow History
Inspect the output and result of each remote execution step.