Otto  background

How to Use Automox Worklets

The Worklet section within the Automox console is designed to be extremely flexible. This section allows users to evaluate and enforce anything you can script. It also allows you to upload files that can be used on targeted devices.

Learn about Worklets

Click play to get more context about Worklets

Script languages

The Evaluation and Remediation code languages are specific to the OS, and run in the version currently installed on the target machine.

Windows: PowerShell

Linux & OS X: Bash

  • It is possible to launch and run a script file in a different language in the remediation code by invoking the file from the native language script. This assumes that your target device is capable of running the uploaded script file.

Note: On 64-bit Windows, this runs in a 32-bit PowerShell session. You may need to plan around this for accessing 64-bit registry locations and filesystems. This is caused by 32-bit processes being redirected to 'Wow6432Node' or 'SysWoW64' in place of the native locations.

Evaluation code

The evaluation code is intended to test a condition, and return an exit code based on that condition.

The evaluation runs each time a device runs a scan and flags the device for remediation according to the exit code. If the exit code is 0, the evaluation is seen as successful and no remediation will take place. Any non-zero exit code flags the device for remediation when the policy’s scheduled time arrives.

It’s important to note that manually executing the policy triggers the Remediation code regardless of the flagged exit code.

Remediation code

The remediation code section is open-ended and can be used to do almost anything you can script. Whether that’s enforcing a configuration setting or installing an application or certificate, if you can script it, you can implement it

Any files you uploaded to the policy are downloaded when the remediation code runs, and can then be called/invoked by your script.

Uploading files

Any files you need to reference in your remediation script can be uploaded as part of the policy.

These files will download when the remediation runs and will be available in the script's current working directory.

Executing Worklets

Scheduled execution

As with all of the other policy types, Worklets can be scheduled to run by Month, Day-of-Week, and Week-of-Month. Use this to customize the schedule on which the remediation script will run non-compliant devices.

Manual execution

Manual Execution can be handled in two different ways, per device and per policy.

On the Device Details page, for every device in a Group that is associated with the policy there is an Associated Policies section where you will see the policy name and a ‘Run Policy’ button. This button will trigger the policy to run immediately on the selected device or devices.

On the System Management page, when clicking on a policy the page will display lines to its associated groups and a button labeled ‘Execute Policy Now’. This button will trigger the policy to run immediately on all devices in the associated groups.

Note: These methods trigger the remediation script regardless of the compliance status of the device. Use these methods with caution.

Start your free trial now.

Get started with Automox in no time.

Start your free trial now.

Get started with Automox in no time.

Dive deeper into this topic