SWARM – Help & User Guide

Secure Asset & Remote Management • Operator Reference

📚 New Staff? Start with the Onboarding Guide — step-by-step walkthrough of every workflow
What is SWARM?
Dashboard Layout
Quick Service Buttons
Automations Drawer
General Service
macOS General Service
Recurring Service
System Prep
macOS TeamViewer Push
Diagnostics
Remote Agent Uninstall
System Management
Search, Filters & Views
Exports & Reports
Settings & Admin
User Management
Publishing Agent Scripts
Operational Notes

What is SWARM?

SWARM (Secure Asset & Remote Management) is the operator console used to monitor endpoints, manage assets, launch diagnostics, and orchestrate General Service and System Prep workflows.

The platform is built around explicit operator actions. SWARM publishes queue files and settings, the endpoint agents poll for work, and progress flows back into SWARM for reporting, HaloPSA updates, and operator review.

Systems, diagnostics, and assets in one console
General Service and System Prep orchestration from the operator UI
HaloPSA-aware ticketing and progress-note workflows
Low-touch agent polling rather than always-on remote control

New to SWARM? Read the Onboarding Guide — it covers sign-in, the dashboard, every automation workflow, and admin tasks in one place.

SWARM is an internal operator tool. The instructions below are written against the current live product behavior, including the Automations drawer, recurring General Service scheduling, and the latest technician/customer-facing Halo note split.

Dashboard Layout

The main SWARM console is split into a left operational pane and a right details pane.

Header: branding, installer link, help link, live summary badge, theme toggle, refresh, current user, logout, and settings
Quick-service strip: coloured shortcut bubbles for Microsoft and other operator portals
Search/report row: view toggle, sorting, global search, clear button, and report exports
Left pane: Systems / Printers / Networks / Mobile tabs, summary pills, and the system list or card view
Right pane: system details, diagnostics controls, edit mode, and bottom-of-pane actions such as uninstall

General Service and System Prep selection currently depend on the Systems list view checkbox column. Card view remains useful for review, but not for service batching.

Quick Service Buttons

The quick-service strip near the top of the dashboard gives fast access to operator portals and tools.

Most quick-service buttons open their configured URL in a new browser tab.
The Microsoft button uses the local SWARM Browser Helper so admin.microsoft.com opens in a private browser window.
The order of the bubbles is controlled in Settings → Services.

Microsoft
PAX8
uSecure
BlackPoint
SentinelOne (PAX8)

Microsoft Quick Link

Click Microsoft.
SWARM attempts to hand off to the local swamhelper:// protocol handler.
If the helper is installed and current, Microsoft Admin opens privately.
If the helper is missing or outdated, SWARM prompts you to download or update it.

The Microsoft quick-service link is intentionally different from the other service links so operators can keep Microsoft admin work isolated in a private browser session.

Editing Service Buttons

Open Settings → Services.
Add, edit, or remove service rows.
Drag and drop rows to control the bubble order in the dashboard.

Automations Drawer

General Service, Recurring Service, and System Prep are now managed from the dedicated Automations side drawer rather than the old Settings → General workflow.

The drawer opens from the quick-service row and contains separate tabs for General Service, Recurring Service, and Sys Prep.
It reuses the current Systems list-view selection.
Saved defaults such as the reboot threshold and System Prep checklist are now stored from this drawer.
The Settings → General area now acts as a handoff into the drawer rather than hosting the automation controls directly.
A Hardening Report button at the bottom of the drawer opens a modal that summarises recent blocked-task classifications across General Service and System Prep runs. The report shows top blocker codes, recent examples, recommendation themes, and a ready-to-copy GPT developer prompt for feeding signals back into the engineering backlog.

General Service

General Service is SWARM’s managed maintenance workflow for endpoint review, cleanup, update work, and safe remediation.

SWARM creates and tracks one service run per endpoint.
The queue is published to service.txt.
The endpoint agent picks up the queue on its 5-minute control poll.
Progress events flow back into SWARM and can create HaloPSA updates server-side.
Only one active General Service run can exist per endpoint at a time.

General Service selection currently works from Systems list view only. Card view does not support batch service selection.

Queueing a General Service Run

Open the Systems tab and switch to List View.
Tick one or more systems in the selection column.
Open the Automations drawer and go to the General Service tab.
Confirm the selected system count.
Choose start now or set a specific scheduled time.
Optionally enable Reboot before service.
Optionally enable Reboot as needed to allow planned mid-service restart-and-resume behavior.
Click Queue General Service.

Reboot Options

Reboot before service uses the saved reboot-threshold-in-days setting to decide whether the pre-service reboot workflow is required.
Reboot as needed allows the launcher to perform planned restarts during the task flow and resume automatically after boot.
If a timed General Service run is missed and either reboot option is enabled, the endpoint now waits for the next matching scheduled time instead of starting immediately on the next boot.
If no reboot option is enabled, an overdue timed run can still start on the next boot/poll.

Run Lifecycle

Queued – the run is published and waiting to be picked up
Awaiting Window – the run is waiting for its scheduled time
Awaiting Reboot Confirmation – the pre-service reboot prompt is active
Postponed – a user postponed the reboot window
Rebooting – the endpoint is restarting for service
Awaiting Task Execution – reboot handling is complete and task execution is next
Running – the task flow is active
Completed / Failed / Cancelled / Timed Out – the run is closed

What Windows General Service Currently Covers

The current Windows task flow runs in this order. Power Plan Review runs first so AC sleep and hibernate are normalised before any long-running servicing step.

Power Plan Review (runs first — enforces High Performance / AC sleep baseline before servicing)
Pending Reboot Detection
SentinelOne Health Check
Windows Update Service Health Check
Windows Update Scan Readiness Review
Windows and Microsoft Update Remediation
WinGet Third-Party Update Remediation
HP Driver Update (HP endpoints only — HPIA Drivers category)
HP BIOS Update (HP endpoints only — requires AC power; suspends BitLocker for one reboot)
Disk Space Review
System File Integrity Check
Post-Patch Cleanup and Space Recovery
Temporary File Cleanup
Windows Update Cache Cleanup
Temporary Internet Files Cleanup
Browser Cache Cleanup
Temporary User Profile and Installer Cleanup
Storage TRIM Health Check
Notebook Battery Health Check (laptops only — reports full-charge vs design capacity)
Automatic Network Optimization
SysMain Optimization Scheduling
Windows Search Index Health Check
Event Log Review
Event Log Cleanup
User Account Inventory Review
Account Security Review

HP Image Assistant tasks are skipped automatically on non-HP endpoints. The HP BIOS task will not run on battery power, and will suspend BitLocker for the following reboot before executing.

HaloPSA Behavior

Queue creation makes a best-effort attempt to open the Halo ticket.
SWARM, not the endpoint, posts Halo progress notes and completion entries.
Task-level progress notes are technician-only.
The final customer-facing completion note now shows only positive completed outcomes.
If follow-up remains, SWARM posts a hidden technician note plus a technician review email labelled Pending Technician Checks.

Monitoring and Cancelling Runs

The General Service tab in the Automations drawer also acts as the run manager.

Use Refresh to reload current run data.
The list defaults to active runs, with an option to reveal recent closed runs.
If an active run stops reporting progress, SWARM posts technician-only warnings every 12 hours with the total disconnected time and countdown to the 72-hour terminator.
At 72 hours, SWARM finalises the Halo ticket with General Service terminated following disconnection timeout of x hours.
Use Cancel & Submit Ticket under an active job's Cancel button to trigger the same timeout finalisation before the automatic 72-hour tombstone.
Cancel actions republish service.txt immediately.
The next agent control poll removes cancelled or timeout-finalised work from the endpoint queue.

macOS General Service

macOS endpoints run a separate conservative General Service workflow. The Mac launcher (general-service.sh) covers review-only and safe maintenance tasks — it does not install OS updates, change firewall or remote-access state, delete user data, or manage MDM enrollment.

macOS General Service is queued the same way as Windows — select the endpoint in list view and use the Automations drawer.
Progress events and Halo updates follow the same lifecycle as Windows runs.
Tasks that are not applicable to the hardware (e.g. battery review on a desktop Mac) are skipped automatically.

What macOS General Service Currently Covers

Startup Disk Space Review
RAM Usage Review
CPU Load Review
Running Processes Inventory
Startup Items Review
Network Interface Review
Storage SMART Health Review (skipped if macOS reports no actionable startup-disk status)
Notebook Battery Health Review (skipped on desktop Macs)
DNS Cache Flush
Safe Cache Cleanup (conservative system temp locations only — no user browser or profile caches)
Local Account Inventory Review
Firewall and Remote Access Review (review only — does not change state)
System Log Review

macOS General Service is a review and light-maintenance workflow only. OS updates, third-party application updates, and macOS-level remediation are out of scope for the current launcher version.

Recurring Service

Recurring Service creates an ongoing company-level General Service schedule rather than a one-off queue item.

Open the Automations drawer and switch to Recurring Service.
Select a company, recurrence interval, optional next-run time, and reboot policy.
SWARM builds a live company system list and stores only the excluded systems, not a fixed endpoint snapshot.
New systems added to that company later are included automatically unless they are excluded.
When a recurring schedule becomes due, SWARM materializes normal endpoint runs and preserves the schedule time in those runs.

System Prep

System Prep is SWARM’s Windows onboarding and setup workflow. It is managed separately from General Service, but can automatically hand off into a follow-up General Service baseline run when prep completes successfully.

Full System Prep is Windows-only. For macOS endpoints, use the macOS TeamViewer Push workflow instead.

Open the Automations drawer and switch to Sys Prep.
Select one or more systems in the Systems list view first.
Choose the prep checklist options and the PDF client (Foxit by default, Adobe optional).
Queueing publishes the prep queue to prep.txt.
The Windows agent polls prep.txt every 5 minutes, downloads the signed prep launcher, and executes the selected tasks.

SWARM opens a Halo ticket for the prep run at queue time.
Selected prep tasks post technician-only Halo entries.
Successful prep completion posts one visible non-billable customer-facing entry.
SWARM then automatically queues the follow-up General Service run into the same Halo ticket.

macOS TeamViewer Push

TeamViewer Host can be pushed to macOS endpoints directly from SWARM_DOT_SENTINEL. This is the primary remote-access deployment workflow for Mac machines — full System Prep is not available on macOS.

Select a macOS endpoint in the Systems list view.
Open the details pane and click Push TeamViewer.
SWARM queues the push and publishes it to prep.txt.
The Mac agent downloads and installs TeamViewer Host from the IN2Tech custom TeamViewer permalink.
After installation, the agent prompts the logged-in customer to manually approve Screen Recording, Accessibility, and Full Disk Access in System Settings.
SWARM posts System Prep lifecycle events and a Halo completion entry for the run.

The customer must be logged in and present at the Mac when a TeamViewer push is queued. The three macOS privacy permission prompts cannot be pre-approved remotely — they require physical user interaction.

TeamViewer push is blocked if a General Service or System Prep run is already active on the same endpoint.
Windows endpoints continue to use the standard System Prep workflow for TeamViewer deployment.

Running Diagnostics

Diagnostics are operator-requested and agent-driven. They are not pushed instantly to the endpoint.

Select a system in the right-hand details workflow.
Click Run Diagnostics.
Choose the duration and start the run.
SWARM publishes the request immediately.
The endpoint picks it up on the next agent run.
The first data packet usually arrives around 2 minutes later, then continues at 2-minute intervals until complete.

Resetting and Clearing Diagnostics

Reset Diagnostics removes existing diagnostic results and returns the panel to a clean state.
Clear Diagnostics resets a run that became stuck because the final completion packet never arrived.
Diagnostics do not resume automatically after an interruption such as a shutdown or reboot.

Diagnostics are explicit and agent-driven by design. There is no “run now” push path that bypasses the normal agent cycle.

Remote Agent Uninstall

The uninstall action at the bottom of the details pane schedules agent removal from the endpoint.

There is a short cool-off period where the request can still be cancelled.
SWARM publishes the uninstall request to the hosted uninstall control file.
The agent performs the uninstall on its next run after the request becomes eligible.
Endpoint tasks, files, and agent components are removed.
The endpoint disappears from the console after uninstall and ingest state clears.

System Management

Endpoint Capability Strip

The details pane shows a compact capability strip below the system header. It classifies what automation workflows are available for the selected endpoint based on its detected platform and current state.

Available — the workflow can be queued normally.
Review — the workflow may be queued but has limitations (e.g. unknown platform identity).
Unavailable — the workflow is blocked for this endpoint type, with a reason shown on hover.

Covered capabilities: Diagnostics, General Service, System Prep, and TeamViewer Push. Use this strip to confirm at a glance whether macOS-specific restrictions apply before queueing work.

Last General Service Date

The General tab in the details pane shows a Last General Service date. This is set automatically when a General Service or System Prep run posts a successful completion event. It reflects the Australia/Sydney completion date and is not editable.

Editing System Details

Select a system and click Edit in the details pane.
Editable fields include company, description, notes, tags, and health exclusions.
The company field uses the shared SWARM company registry rather than free-text entry.
Saving exits edit mode and refresh resumes normally afterward.

Deleting a System

Deleting a system from the console does not uninstall the agent. If the agent checks in again later, the system can reappear.

Use Edit → Delete System to remove the record from the console only.

Health Exclusions

Use exclusions only for conditions the team intentionally accepts and does not plan to remediate. Do not use exclusions simply to clear a system from red or amber.

Antivirus
Uptime
CPU
Memory
Disk

Search, Filters & Views

SWARM search is powerful and intuitive. You can combine words and phrases to narrow results quickly.

Multiple plain words use AND logic.
Quoted phrases search exact text, for example "Windows 11 Pro".
The word or can be used to build alternate matches.
The same search bar also works across the non-system asset tabs using substring matching across their configured columns.

Systems can be viewed in list or card mode. Bulk General Service and System Prep selection currently exists only in list view.

Exports & Reports

Use the Reports menu to export the currently relevant data from the operator console.

CSV exports are available for systems and status-based views.
SWARM also supports XLSX exports, including multi-sheet details exports that can include systems plus printer, network, and mobile asset sheets.
Visible/filtered console state drives the export content, so filter first if you want a company-specific output.
Admin users can also configure and trigger the daily HTML executive report from the Admin settings area.

Settings & Admin

Settings are split across operator and admin concerns.

Theme tab: theme, multi-column threshold, auto-refresh, and refresh interval
Services: quick-service link configuration and ordering
Health/thresholds: offline, CPU, RAM, disk, antivirus overrides, and related health controls
Automations drawer: General Service, Recurring Service, and System Prep defaults and queueing
Admin: users, Graph settings, daily HTML report, Halo company sync/remap, and lookups

User Management

Admins manage users from the Admin settings area.

Add or remove users
Promote or demote admin access
Reset passwords or use the login-page reset path where applicable
SWARM supports Microsoft Entra-first sign-in, with the local-password path retained as a rollback feature flag

Publishing Agent Scripts

Windows scripts that run on endpoints must be signed and published with the matching workflow for that script.

Run the Windows publisher scripts from an elevated Administrator PowerShell prompt.
Use the publisher that matches the file you changed.

publish-swam-agent.ps1 – Windows SWARM agent
publish-general-service.ps1 – Windows General Service launcher
publish-prep.ps1 – Windows System Prep launcher
publish-swam-diagnostic.ps1 – Windows diagnostics script
publish-swam-uninstall.ps1 – Windows uninstall script

These Windows publisher scripts must be run from an elevated Administrator PowerShell prompt. Non-elevated runs can fail against the machine-store signing certificate even when the certificate is installed correctly.

General Service Launcher

Use publish-general-service.ps1 whenever agent/general-service.ps1 changes.
The publisher signs the launcher and regenerates general-service.ps1.sha256 plus general-service-version.txt.
Publish the launcher before rolling out a Windows agent change that depends on a newer General Service launcher version.

Windows Agent

Use publish-swam-agent.ps1 when agent/swam-agent.ps1 changes.

The script bumps $AgentVersion, signs the agent, regenerates swam-agent.ps1.sha256, and updates agent/version.txt.
Because the Windows agent controls queue pickup and launcher download, publish it before relying on new poller behavior.

macOS Publish Paths

The current Mac-native publish workflow is run from the MacBook Pro, not from the Windows signing workstation.

Use the Mac publisher/build scripts from the MacBook Pro for macOS agent and installer work.
The normal script publication path for Mac endpoints remains the signed shell-script workflow.
For notarized installer packages, use the package-specific build/notarization workflow from the MacBook Pro.

Operational Notes

Agents act on explicit server-published instructions only.
General Service and System Prep are queue-based and poll-driven, not instant push actions.
Windows General Service and System Prep depend on signed launcher/hash/version publication being kept current.
macOS General Service and TeamViewer Push use a separate signed shell-script workflow published from the MacBook Pro — not the Windows signing workstation.
Full System Prep (Windows onboarding) is Windows-only. macOS onboarding uses the TeamViewer Push workflow only.
macOS TeamViewer Push requires the customer to be present at the machine to approve three privacy permissions. Queue it only when the customer is available.
HP Image Assistant tasks (Driver, BIOS) run only on HP endpoints and are skipped automatically everywhere else. The BIOS task requires AC power and suspends BitLocker for one reboot.
Card-view parity for non-system asset tabs and Systems selection is still incomplete in some areas by design.
The endpoint capability strip in the details pane reflects backend-derived platform data. For endpoints with unknown platform identity, some workflows show as Review rather than Available until a full ingest payload is received.
If operator behavior and this guide disagree, review the current architecture and workstate docs before assuming the UI is wrong.