Node.js · Express · Docker · nginx
ip-saas — Self-Hosted Public IP Lookup API
Objective
Design and deploy a lightweight, self-hosted public IP lookup service
with a clean web UI and multiple response formats. Eliminate dependency
on third-party IP APIs for internal tooling and provide a reliable,
privately-controlled endpoint for infrastructure automation.
System
Node.js · Express · Docker · nginx Reverse Proxy ·
JSON / Plain-Text / JSONP API Endpoints · DuckDNS · Let's Encrypt SSL
3
API response formats
Self-hosted
Zero third-party dependency
Live
Production deployment
Node.js · PostgreSQL · Docker · OIDC/SAML
uptime-saas — Self-Hosted Uptime Monitoring Dashboard
Objective
Build a full-featured, self-hosted uptime monitoring platform to replace
paid SaaS monitoring tools. Deliver 12 check types, Microsoft SSO,
PostgreSQL-backed results storage, email alerting, and a multi-environment
deployment model — entirely on self-managed infrastructure.
System
Node.js · Express · EJS · PostgreSQL · Docker · nginx ·
Microsoft Entra ID OIDC & SAML SSO · nodemailer ·
Worker Threads · DuckDNS · Let's Encrypt SSL
12
Check types
OIDC + SAML
Microsoft SSO modes
PostgreSQL
Persistent results backend
$0/mo
vs paid monitoring SaaS
PowerShell · Srvany · Active Directory
Automated Computer Object Retention & Cleanup
Objective
Establish a 90-day retention policy for computer objects in on-premises
Active Directory. Automatically remove stale and expired computer records
to maintain a clean, accurate device inventory and reduce compliance drift.
System
PowerShell Automation · Srvany Custom Windows Service ·
On-Premises Active Directory
~50
Computer objects removed/week
90 days
Retention policy
Microsoft Intune · Autopilot · Azure AD
Autopilot V1.5 & V2 — Zero-Touch Provisioning at Scale
Objective
Expand zero-touch provisioning by syncing existing devices into Autopilot
and establishing a procurement process where newly purchased devices arrive
pre-tagged with their Group Tag — ready to provision without any technician
intervention at the end-user site.
System
Microsoft Intune · Windows Autopilot · Dynamic Security Groups ·
Deployment Profiles · Enrollment Status Pages ·
Application Deployments · Domain Policies ·
Intune Connector for Active Directory · Procurement Group Tag Workflow
7
Group Tags created
~300
Devices deployed via Autopilot
~900
Devices Autopilot-ready if reset
Full stack
Profiles · ESP · Apps · GPO · Groups
Microsoft Intune · Autopilot
Autopilot V1 — Pre-Provisioning via Hardware Hash Tokens
Objective
Establish the initial Autopilot pre-provisioning process using hardware hash
token collection. Define the foundational Group Tag and category structure
to drive app deployment and provisioning policy assignment for all subsequent
Autopilot iterations.
System
Microsoft Intune · Windows Autopilot · Hardware Hash Token Collection ·
Group Tags · App Deployment Policies · Provisioning Profiles
~30
Autopilot devices deployed
Foundation
Group Tags & categories defined
V1 → V2
Iterated into full zero-touch
Aquera · Java · Power Automate
Automated User Lifecycle Management via Aquera
Objective
Fully automate the user lifecycle — from creation through to deletion and
archival — using Aquera with custom Java-based attribute mapping. Deliver
automated email notifications and dashboard metrics reporting throughout
the lifecycle to reduce IT dependency on manual provisioning.
System
Aquera Identity Sync · Custom Java Attribute Mapping ·
Power Automate Workflows · Email Notification Templates ·
Dashboard Metrics Reporting
~1,000
Users automated
Full cycle
Creation → archival
Employees & contractors
Account types covered
PowerShell · Srvany · Active Directory
Automated User Account Retention & Cleanup
Objective
Enforce a 90-day retention policy for disabled and expired user accounts
in on-premises Active Directory. Automatically move accounts into a
retention OU at expiry and permanently delete them after the retention
window — eliminating manual cleanup and reducing stale account risk.
System
PowerShell Automation · Srvany Custom Windows Service ·
On-Premises Active Directory · Retention OU Structure
~20
Accounts deleted/week
90 days
Retention policy
Automated
OU move at expiry
ESET PROTECT · Intune
Endpoint Security Management — Threat Response & Application Currency
Objective
Bring all 1,354 applications up to date from a fully outdated baseline and
maintain currency at near-100%. Establish scan compliance across all devices
and maintain active threat count at zero with a same-day remediation SLA.
System
ESET PROTECT · Application Management · Scheduled Scan Enforcement ·
Threat Remediation Workflows · Microsoft Intune
0 → 1,189
Apps brought current (of 1,354)
~165
Outdated apps — confirmed remote/offline devices
~30
Outdated devices at best (remote offline)
1,354 → ~203
Scans >7 days — confirmed remote/offline devices
<1 day
Threat remediation SLA
~10/week
Low-severity threats avg
0
Active threats maintained
DeskDirector · Power Automate
Ticketing System Migration to DeskDirector with Workflow Automation
Objective
Migrate from ConnectWise to DeskDirector as the primary ticketing platform.
Build out custom intake forms and Power Automate workflows to automate ticket
routing, task assignment, and status changes — replacing manual processes
for hiring, termination, daily reporting, and error alerting.
System
DeskDirector · Custom Intake Forms · Power Automate ·
Automated Hiring & Termination Workflows ·
Daily System Reporting · Error Alerting
Automated
Hiring workflows
Automated
Termination workflows
Daily
Automated system reports
Real-time
Error alerting
Azure AD · Intune · Entra Connect
MDM GPO Migration & Hybrid Identity Setup via Entra Connect
Objective
Sync on-premises users and devices to Azure AD and Microsoft Intune as the
foundation for cloud-managed endpoint management. Migrate existing GPO policies
to MDM-equivalent Intune configuration profiles to prepare the estate for
zero-touch Autopilot deployment.
System
Microsoft Entra Connect (Azure AD Connect) · Microsoft Intune ·
Hybrid Azure AD Join · MDM Policy Migration · Group Policy Objects
~750
Hybrid user accounts synced
~750
Hybrid devices registered
Windows Configuration Designer · PowerShell · Registry
USB Provisioning Packages — Automated Mass Endpoint Configuration
Objective
Build a USB-based provisioning system using Windows Configuration Designer
to fully automate endpoint setup without technician interaction. PowerShell
runs on startup with registry-based auto-login between reboots — cycling
through application installation and configuration passes until the device
is fully provisioned, then disabling the automation account automatically.
System
Windows Configuration Designer · PowerShell Startup Automation ·
Registry Auto-Login Between Reboots · 4 Purpose-Built Provisioning Packages ·
USB Deployment · Automated Account Disable on Completion
~15,000
Endpoints provisioned
4
Provisioning packages designed
1 USB
Trigger to fully configure
0
Manual login cycles required
ConnectWise Automate · GPO
ConnectWise Automate Agent Deployment via GPO
Objective
Replace the Samanage remote management agent with ConnectWise Automate to
support RMM scripting, automated patch management, and software deployment
at scale across all locations.
System
ConnectWise Automate · Group Policy Object Deployment ·
On-Premises Active Directory · MSI Agent Packaging
~650
Endpoints deployed
~40
Locations covered
PowerShell · Srvany · Active Directory
Proactive Password Expiry Notification — Custom PowerShell Service
Objective
Reduce reactive password reset tickets by at least 30% by notifying users
proactively before their password expires. Replace ad-hoc help desk calls
with an automated, multi-touch email sequence requiring zero IT involvement.
System
Custom PowerShell Script · Srvany Custom Windows Service (auto-start) ·
On-Premises Active Directory · Automated Email Notifications at 14, 7, and 1 day
25 → 6
Reset tickets/week
76%
Ticket reduction
~10
Users notified/week
3-touch
14 · 7 · 1 day notices
Samanage · Ticket Management
High-Volume Ticket Management & Project Tracking
Objective
Establish structured ticket triage and project tracking discipline to reduce
open ticket backlog and deliver new hire and termination projects with
consistent turnaround. Maintain visibility across multi-layered projects
spanning access provisioning, credentials, and hardware.
System
Samanage Ticket Tracking · Project Templates ·
New Hire & Termination Workflows · Multi-layer Ticket Chaining
~160
Tickets closed/week
~32
Tickets closed/day
~10
New hire/term projects/week
PowerShell · Windows
Automated Endpoint Provisioning via PowerShell
Objective
Eliminate manual, image-based endpoint preparation by building a PowerShell
provisioning framework that resets and fully prepares Windows endpoints
without physical reimaging — reducing preparation time from hours to a
repeatable automated process.
System
PowerShell Scripting · Windows Configuration Automation ·
No-Image Provisioning Framework
~40
Endpoints provisioned/day
~10
Endpoints in active rotation
0
Manual imaging required
Samanage · GPO
Samanage Remote Management Agent Deployment via GPO
Objective
Deploy Samanage remote management agents to all endpoints to enable centralised
device visibility and integrate hardware inventory with the new ticketing system.
Eliminate manual asset tracking and enable remote IT support capabilities.
System
Samanage Remote Management · Group Policy Object Deployment ·
On-Premises Active Directory · Asset Inventory Integration
~200
Endpoints deployed
GPO
Zero-touch delivery method
Active Directory · Group Policy
Active Directory OU Restructure — Department & Location Organisation
Objective
Design and implement a structured Organisational Unit hierarchy in on-premises
Active Directory, separating user and computer objects by department and location.
Introduce Shadow Groups for dynamic OU-to-Group synchronisation to replace
manual group membership management.
System
On-Premises Active Directory · OU Hierarchy Design ·
Group Policy Objects · Shadow Groups (Dynamic OU-to-Group Sync) ·
Active Directory Users & Computers
~8
Departments structured
~10
Locations organised
~200
User objects organised
Dynamic
Group sync via Shadow Groups
* Placeholders (—) indicate metrics to be added. Replace with your actual figures
to complete each case study. Additional case studies can be added by duplicating
a .cs-card block.
