How an SMB IT Director Used Caisey Group Diagnostics to Find a Rogue Scheduled Task Across 12 Workstations in One Browser Tab — No Screen Shares, No RDP

You get the call: a client reports that their workstations are running fine most of the day, but every afternoon around 2 PM, performance drops noticeably. The slowdown lasts about 15 minutes and then disappears. It's been happening for three days. The client has 12 Windows workstations, all enrolled in your remote support tool. Your first instinct might be to remote into each machine, check Task Scheduler, and look for something running at that time. But that means 12 RDP sessions or 12 screen shares, each requiring user interaction, each leaving you with a messy collection of notes and no consistent audit trail.

There's a better way. With Caisey's group diagnostics, you can run the same command across all 12 machines from a single browser tab, see the results side-by-side, and keep a permanent record of every action. No screen sharing, no RDP, no jumping between windows. Here's how that workflow actually plays out.

The Setup: Enrolled Endpoints and Client Grouping

Before you can run a group diagnostic, the workstations need to be enrolled in Caisey. Enrollment is a one-time process—either via a silent installer pushed through your RMM or by sending a one-click link to the client. Once enrolled, each machine appears in the Caisey console with a machine card showing OS version, last seen time, and other context.

For this scenario, you've already grouped the 12 machines under the client's workspace. Caisey's client grouping is straightforward: you create a group, name it something like "Client ABC - Workstations", and drag the enrolled endpoints into it. Now you have a logical collection that you can target with commands, checks, or scripts.

The Hunt: Running a PowerShell Command Across the Group

With the group selected, you open the command bar in the Caisey console. You type a PowerShell command to list all scheduled tasks that are currently enabled and have a trigger set around 2 PM:

Get-ScheduledTask | Where-Object { $_.State -eq 'Ready' -and $_.Triggers -match '14:00' } | Format-Table TaskName, TaskPath, State

Before the command executes, Caisey's approval gate activates. The client's endpoint shows a prompt asking for consent to run this log inspection. The client approves, and the command is dispatched to all 12 machines simultaneously. The results stream back into the console within seconds.

Reading the Results: Side-by-Side Comparison

The output appears in a scrollable pane. Each workstation's result is labeled with its machine name. You scan down the list. On 10 of the 12 machines, you see only standard Windows tasks. But on two machines, a task named "UpdateHelper" appears, scheduled to run at 2:00 PM daily. The task path is buried under \Microsoft\Windows\Application Experience\. That's unusual.

You expand the details for those two machines. The task action points to a PowerShell script located in C:\Users\Public\Scripts\. You don't recognize the script, and it wasn't deployed by your team.

The Verification: Checking the Script Without Touching the Desktop

Instead of RDPing into those two machines, you run a second group command—this time targeting only the two affected workstations. You use Get-Content to read the script:

Get-Content "C:\Users\Public\Scripts\update.ps1"

The approval gate prompts again, but this time the client sees the exact file path and can make an informed decision. They approve. The script content appears: it's a simple loop that downloads a file from an external URL and runs it. That's the rogue behavior causing the 2 PM slowdown.

The Resolution: Disabling the Task and Documenting Everything

You disable the scheduled task on both machines with another group command:

Disable-ScheduledTask -TaskName "UpdateHelper"

Then you remove the script file. The entire sequence—from first command to final fix—is recorded in Caisey's durable session history. Every command, every output, every approval timestamp is stored. You can generate a public transcript share for the client's records or for your own compliance file.

Why This Workflow Beats RDP or Screen Sharing

If you had used RDP, you would have needed to log into each machine individually, navigate Task Scheduler, find the task, and repeat. That's 12 separate sessions, each with its own context. You'd have to manually compare notes. And if the client needed to approve each action, you'd be on the phone explaining what you're doing each time.

With Caisey, the entire operation happens in one browser tab. The group diagnostics feature lets you broadcast a command to any set of enrolled endpoints. The approval gate gives the client real-time visibility and consent without you needing to share your screen. And the durable session history means you can go back weeks later and show exactly what you did, when, and with whose permission.

The Audit Trail: More Than Just Logs

The session history isn't just a log file. It's a structured record that includes the command text, the output, the timestamp, the machine identity, and the approval event. If the client later asks, "Did you check all 12 machines?" you can point to the session record. If a compliance auditor wants to see who approved the script inspection, the record shows it. If you need to reproduce the fix on a new machine, you can replay the commands from the session history.

When to Use Group Diagnostics

Group diagnostics are ideal for scenarios where you need to run the same check across multiple endpoints and compare results. Common use cases include:

• Checking for a specific registry key across a fleet
• Verifying that a security policy has been applied uniformly
• Searching for known malware indicators
• Auditing installed software versions
• Running a quick health check before a maintenance window

The key is that the command must be idempotent and read-only (or at least low-risk). Caisey's approval gate adds a layer of safety: the client sees what you're about to run and can deny it if they're uncomfortable.

The Bottom Line

Finding a rogue scheduled task across 12 workstations doesn't require 12 RDP sessions or a dozen screen shares. With Caisey's group diagnostics, you can do it from one browser tab, with client consent built in, and with a permanent audit trail that proves exactly what happened. For SMB IT directors managing multiple endpoints, that's not just convenient—it's a fundamental shift in how remote troubleshooting works.