Windows RemediationSources Monitoring
Last updated - 03 June, 2026
The Windows Remediation Monitoring package provides PowerShell-based remediation for Microsoft Windows and Windows Server environments, enabling you to automate corrective actions such as process and service control, cluster node maintenance, and system restarts.
These LogicModules use PowerShell remoting over WinRM to execute remediation, surface success or failure status, and provide operational insight into process and service health and cluster availability.
Remediation actions run over WinRM using the configured credentials and execute in the context of the specified Windows user.
As of April 2026, this package is compatible with Windows Server 2012 R2 through Windows Server 2025.
Requirements for Windows RemediationSources Monitoring
To use Windows remediation monitoring, you need the following:
- A LogicMonitor user with Manage permission for modules and resource permissions for “Remediation Source” settings.
- WinRM and remote PowerShell are reachable from your Collector
For more information, see Preferred Collector Management. - Remediation credentials are configured for Resource
For more information, see Resource and Instance Properties.
For cluster actions, ensure the following:
- You use a hostname (not an IP)
- Windows Failover Clustering PowerShell components are available on the target
Adding Resources into Windows RemediationSources Monitoring
Add Windows Resources into LogicMonitor. For more information, see Adding Resources.
Note: During setup, ensure WinRM and remote PowerShell are reachable from the Collector, remediation credentials are configured, and cluster targets use a hostname with required Failover Clustering PowerShell components available.
Windows RemediationSources Properties
Configure RemediationSources behavior using the following properties:
| Property | Description | Used By | Required |
|---|---|---|---|
remediation.process | The exact process to match on the host so the script can find and terminate or launch | Kill Windows Process, Launch Windows Process | Yes |
remediation.forcerestart | Force restart without confirmation. Default value is true. Values are true, false | Restart Windows Resource | No |
remediation.process.duplicate | Enables starting a second instance of the process when one is already running | Launch Windows Process | No |
remediation.winrm.user | Windows username for PowerShell remoting authentication. The user must have permissions to operate the task. Some tasks require administrative rights. In most cases this differs from wmi.user | Suspend Windows Server Cluster Node, Resume Windows Server Cluster Node, Restart Windows Resource, Launch Windows Process, Kill Windows Process, Windows Disk Cleanup | Yes |
remediation.winrm.pass | Windows password for PowerShell remoting authentication | Suspend Windows Server Cluster Node, Resume Windows Server Cluster Node, Restart Windows Resource, Launch Windows Process, Kill Windows Process, Windows Disk Cleanup | Yes |
remediation.forcekill | Force kill the process without confirmation. Passes -Force to Stop-Process, values are true, false | Kill Windows Process | No |
remediation.killall | Kill all matching processes instead of the first, values are true, false | Kill Windows Process | No |
winrm.usessl | Enables SSL WinRM connection | Suspend Windows Server Cluster Node, Resume Windows Server Cluster Node, Restart Windows Resource, Launch Windows Process, Kill Windows Process, Windows Disk Cleanup | No |
winrm.port | Custom WinRM port, default value is 5985 or 5986 | Suspend Windows Server Cluster Node, Resume Windows Server Cluster Node, Restart Windows Resource, Launch Windows Process, Kill Windows Process, Windows Disk Cleanup | No |
winrm.skiprevocationcheck | Skip certificate revocation check when using SSL, default value is false) | Suspend Windows Server Cluster Node, Resume Windows Server Cluster Node, Restart Windows Resource, Launch Windows Process, Kill Windows Process, Windows Disk Cleanup | No |
winrm.skipcacheck | Skip certificate authority check when using SSL , default value is false | Suspend Windows Server Cluster Node, Resume Windows Server Cluster Node, Restart Windows Resource, Launch Windows Process, Kill Windows Process, Windows Disk Cleanup | No |
winrm.skipcncheck | Skip common name check when using SSL, default value is false | Suspend Windows Server Cluster Node, Resume Windows Server Cluster Node, Restart Windows Resource, Launch Windows Process, Kill Windows Process, Windows Disk Cleanup | No |
remediation.windowstemp | Clean Windows temp folder (for exampleC:\Windows\Temp), default value is true | Windows Disk Cleanup | No |
remediation.usertemp | Clean user temp folder (for example,%TEMP%), default value is true | Windows Disk Cleanup | No |
remediation.tempolderthandays | Only delete temp files older than specified days, default value is 30 | Windows Disk Cleanup | No |
remediation.iecache | Clean Internet Explorer and Edge cache, default value is false | Windows Disk Cleanup | No |
remediation.recyclebin | Empty Recycle Bin, default value is false | Windows Disk Cleanup | No |
remediation.oldlogs | Remove old log files, default value is false | Windows Disk Cleanup | No |
remediation.logretentiondays | Age threshold for log file deletion in days, default value is false | Windows Disk Cleanup | No |
For more information, see Resource and Instance Properties.
Import LogicModules into Monitoring
Install all Windows RemediationSources LogicModules from the LogicMonitor Module Exchange. For more information, see the list of LogicModules in Package. If these LogicModules are already present, ensure you have the most recent version of each module.
Data collection automatically starts when the LogicModules are imported.
LogicModules in Package
LogicMonitor’s package for Windows RemediationSources Monitoring consists of the following LogicModules. For full coverage, import the following LogicModules into your platform:
| Display Name | Type | Description |
|---|---|---|
| Kill Windows Process | RemediationSource | Terminates a process or service on a Windows system |
| Launch Windows Process | RemediationSource | Launches a process or starts a Windows service |
| Restart Windows Device | RemediationSource | Restarts a Windows Resource via PowerShell remoting |
| Resume Windows Server Cluster Node | RemediationSource | Resumes a suspended node in a Windows Failover Cluster and brings it back online |
| Suspend Windows Server Cluster Node | RemediationSource | Drains and suspends a node in a Windows Failover Cluster |
| Microsoft Windows Disk Cleanup | RemediationSource | Performs disk cleanup operations on Windows systems by removing temporary files and clearing system temporary folders to free up disk space |
When setting static datapoint thresholds on the various metrics tracked by this package’s DataSources, LogicMonitor follows the technology owner’s best practice KPI recommendations.
Recommendation: If necessary, adjust these predefined thresholds to meet the unique needs of your environment. For more information on tuning datapoint thresholds, see Static Thresholds for Datapoints.
