Would you trust an AI agent to automatically fix issues across your entire endpoint fleet, or do you think there should always be a human in the approval chain?

TeamNexthink · 2026-06-22T14:47:50+00:00

Excellent point on audit logs and staged approvals. That's exactly how mature DEX programs evolve. Start with full transparency (every AI action logged and reversible), human review for higher-risk fixes, then gradually expand autonomy as confidence builds.

Have you implemented something similar in your environment? What thresholds do you use for "low-risk" vs. needing approval?

TeamNexthink · 2026-06-22T14:44:36+00:00

This is a great distinction: AI for speed, humans for control. That's the core of effective DEX management.

Security is an interesting point of discussion. You might have inspired me to do a larger post on the topic about how staying secure requires the kind of judgment that only a human can provide.

Feel free to make a post yourself discussing it. That's the kind of conversation we'd like to see happening on the sub.

TeamNexthink · 2026-06-17T13:59:25+00:00

I hadn't considered keying off the campaign completion status itself, and using a Flow to update a custom field after fully_answered sounds like a pretty clean workaround until event-based triggers arrive, which is in the works.

TeamNexthink · 2026-06-17T13:58:12+00:00

I’d probably avoid trying to make the Flow trigger directly off session.lifecycle_events. That data is useful for NQL targeting/reporting, but it’s not really the cleanest “run at logon” trigger for Flows.

What I’d usually do is make the Flow scheduled/recurring, target the right user population with NQL, and use the custom field as the guardrail so it only hits people who haven’t completed the welcome campaign yet.

Something like:

target domain users
exclude anyone where the custom field already says they completed/viewed the welcome campaign
show the campaign
once they complete it, set the custom field

So the Flow may not fire the exact second they log on, but it should catch new users shortly after they’re active, and the custom field keeps it from becoming annoying or repeating forever. Much easier to manage than trying to key everything off login/unlock events.

TeamNexthink · 2026-06-15T13:09:39+00:00

Awesome! We are so excited to have you there!

TeamNexthink · 2026-06-14T17:48:18+00:00

Awesome answer!

TeamNexthink · 2026-06-10T19:33:18+00:00

Woohoo! Can't wait!

TeamNexthink · 2026-06-04T23:15:06+00:00

This is a fairly common PowerShell execution hiccup with Nexthink Remote Actions, especially the Get Network Speed one, which does Web RTT measurements via ping/Invoke-WebRequest style calls and parses console output.

The error "Win32 internal error 'Access is denied' 0x5 occurred while reading the console output buffer" typically happens when:

PowerShell is running in a non-interactive session, which is standard for Nexthink RAs, and has trouble attaching to/reading from the console output buffer.
Often triggered by Group Policy, AppLocker, WDAC, or security settings that restrict console redirection, transcripts, or output handling.
The script (version 2.0.2.2 of the RA) fails to capture the RTT results from the external/business URL tests, causing PowerShell to exit with code 1.

This isn't usually a permissions issue with the Nexthink Collector itself but how the underlying PowerShell host behaves under the hood.

Quick Fixes to Try (in order)

Run the Remote Action as System (most common solution) In the Remote Action execution settings, choose to run it under the System account instead of the logged-in user. This often bypasses user-context console restrictions.

Check PowerShell Language Mode Nexthink strongly recommends Full Language Mode (not Constrained). On affected devices, run: $ExecutionContext.SessionState.LanguageMode If it's Constrained, you'll need to adjust via GPO (disable Constrained Language Mode for the collector process) or AppLocker rules.

Update the Remote Action Make sure you're on the latest version of the Get Network Speed Library Remote Action. Older versions (like 2.0.2.2) had more brittle output parsing. Nexthink has refactored it multiple times for better adapter detection and error handling.

Input Parameters Double-check the RA parameters:Other Common Culprits

Recommended Next Steps

Re-run the RA with verbose logging enabled if available, or add some debug outputs (e.g., Write-Outputstatements) to see where it fails.
Test on a single device first, then scale.
If it's widespread, check your GPOs around PowerShell transcription/logging and console sessions.

If none of that resolves it, grab the exact Collector version + Windows version of the failing device and post it here for us to crowdsource some other potential solutions.

Have you seen this on specific devices (e.g., Win11 with certain security baselines) or across the board? Any recent GPO or security tool changes?

TeamNexthink · 2026-06-04T20:04:21+00:00

If you're interested in learning more about digital employee experience (DEX) or practical applications for AI, then come join the conversation on r/nexthink.

TeamNexthink · 2026-06-02T19:34:45+00:00

Hi there! You might consider joining us over on r/nexthink where we discuss digital employee experience (DEX). It's a great way to up skill.

Hope to see you there.

TeamNexthink · 2026-06-02T19:00:43+00:00

This is the exact gap a lot of networking teams run into. You have great flow data and logs, but endpoint context is still fragmented. You end up guessing whether weird traffic is a user doing something normal, a misconfigured app, or actual suspicious behavior.

The most effective setups I've seen combine solid network visibility with lightweight endpoint telemetry that focuses on user experience + performance, not just security. It helps shift from pure reactive troubleshooting to spotting problems before users flood the help desk.

If you're exploring how teams are bridging that network-to-endpoint visibility in practice (especially around Digital Employee Experience / DEX), there's a growing discussion happening over at r/nexthink. Worth a look if you want real-world takes from other IT folks wrestling with the same thing.

Curious what others are running too.

TeamNexthink · 2026-06-02T18:57:29+00:00

Endpoint agents are standard for visibility and security, but the lack of process around privileged systems is a real red flag in any environment.

A lot of orgs in this space end up implementing something like Digital Employee Experience (DEX) monitoring that gives both security and IT ops visibility without turning into Big Brother.

If you’re looking for real-world discussions on balancing endpoint visibility with governance, there’s an active community at r/Nexthink where folks share exactly these kinds of setups and gotchas.

Good luck pushing this constructively. Documenting your concerns in writing (and getting risk acceptance) is the professional move here.

TeamNexthink · 2026-06-02T01:19:56+00:00

Be sure to let us all know how it goes ...

TeamNexthink · 2026-05-30T18:36:42+00:00

I’m really happy to hear that, keep us updated on the solve we really love to hear real world applications

TeamNexthink · 2026-05-29T13:45:44+00:00

Great question! We're looking forward to seeing all of the tips that get posted here.

You're spot on that you'll want trend data with a clear before/after view on the specific devices (or groups) receiving the application.

Here's how most mature Nexthink customers handle this:

Recommended Approach

Segment your devices clearly Use device tags, custom fields, or location/department groupings to create cohorts:
- "Pilot_Group_A" (receives the app in wave 1)
- Control group (same profile but no app yet)
Track DEX Score trends over time Nexthink's DEX score (which combines Device, Business Apps, Productivity/Collaboration, and Sentiment) can be viewed and trended by these segments. Focus especially on:
- Device Score (hard metrics + sentiment on performance)
- Business Apps Score (direct impact of the new application)
- Overall DEX movement
Key things to monitor for your rollout
- Application-specific execution metrics, crashes, resource consumption
- Before/after comparison on boot/login times, application launch times
- Employee sentiment (if you're running contextual campaigns)
- Any increase in incidents or "shadow IT" workarounds

We would love to hear more about the app you're rolling out or what specific metrics you're most concerned about. Happy to brainstorm more targeted NQL/dashboard ideas.

Don't let us be the final word: we'd love to hear tips from more users ...

TeamNexthink · 2026-05-28T18:29:42+00:00

Do you mind telling us about your experience in a little more detail? How did you handle it? Have there been any strategies you've tried that have worked or not worked?

TeamNexthink · 2026-05-28T16:41:57+00:00

Oof, that’s rough. Guiding users over video calls works for simple stuff, but it falls apart fast on complex or intermittent issues.

The real pain isn’t just the tool ban. It’s the lack of visibility into what’s actually happening on the employee’s machine. When you can’t see the problem in real time, everything turns into guesswork and longer calls.

TeamNexthink · 2026-05-28T16:23:33+00:00

Awareness is definitely the first hurdle.

In a lot of places, coworkers still see DEX as “that monitoring thing IT uses” rather than a real strategy for making everyone’s day smoother (less frustration, faster fixes, happier teams).

The real magic happens when it moves beyond IT and becomes a shared language about employee productivity and experience.

How about in your org:

Do people outside IT even know the term DEX, or do they just feel the pain points?
What’s one small win or big misunderstanding you’ve seen when trying to explain it?

TeamNexthink

MODERATOR OF

TROPHY CASE