Otto background

Automox Worklets 101

Create, automate, and enforce any custom task you can imagine


Automox Worklets™ empower SecOps and ITOps to create, automate, and enforce any custom task they can imagine on endpoints. Based on PowerShell and Bash scripting, Worklets are reusable units of work that can be applied across Windows, Linux, and macOS devices irrespective of location or domain membership.


Whatever you can script, you can turn into a Worklet. And while the applications for Worklets are essentially limitless, they are particularly useful for simplifying endpoint management at scale by:

1. Applying configurations to devices that don’t connect to the corporate network or aren’t in Active Directory®

2. Removing the hassle of establishing permissions to the endpoint

3. Automating the remediation of new vulnerabilities that aren’t patchable


Worklets consist of two code blocks that have an if-then relationship. The first block is called “evaluation,” and the second is designated “remediation.” If the evaluation code block fails (returns non-zero), then the remediation block is run. Evaluation code executes every time an endpoint in an applicable group runs a scan. The remediation code runs according to the Worklet policy schedule after the evaluation code has flagged the device as needing remediation. No code or variables are preserved between the evaluation code block and the remediation code block. The code blocks run as System in the C:\ProgramData\amagent\.

To impact local user settings, you’ll need to request the list of local users and loop through them in your code. If you use the Execute Now button on a policy, then only the remediation code runs. The result of the remediation code shows in the Activity Log report. You can upload files that you can reference in your code, like an MSI installer.


Make sure you have a test group set up. Create your policy and select your operating system (OS). Determine when you want the remediation to run. Make sure you have an endpoint with the agent installed, and that it has completed its first scan. Save your policy and connect it to the test group. Scan the endpoint to trigger the evaluation code and see the result on the device page. For testing purposes, run the remediation code manually. For local Windows® testing of your PowerShell® code, make sure to allow PowerShell code to run: Set-ExecutionPolicy RemoteSigned (run as Admin). Any files uploaded can be referenced in your code in the current directory.


Go to the Automox Community Worklets page. Copy over the code blocks by hand. Look through the documentation or description to see if any variables need configuration for your environment. Do a test scan and test remediation to make sure it’s working. Keep an eye on it over time to ensure the activity logs continue to show success. If you make any improvements, please upload your version back to the community. Worklets are provided as-is, and there’s no guarantee that they’ll work in your particular environment.


Go to the Automox Community Worklets page. Go up to the New Topic button at the top right of the Community page. Once you get to the New Topic page, choose the Conversation option and add your Worklet below. Include a description of what your Worklet is and how it works. Call out any variables that need to be changed for other user environments. When you want to insert your code, go to the formatting options at the top of the text box and choose Code. Then add separate code boxes for both your evaluation and remediation codes.

  • Each Worklet will be reviewed by our Worklets team to make sure that the code is safe and viable.

  • Do not include any API keys or credentials in your code.

  • Use a placeholder to indicate where the downloader needs to put in their own API key or credentials.

  • Feel free to upload your code to a repository such as GitHub® and then link to that from your Worklet post.

  • All Worklets uploaded and downloaded are covered by our Terms of Service.


Here are a few things Automox Worklets are doing today. You can access our full repository of Worklets in the Automox Community.

  • Disable any vulnerable process. This RDP-disabling Worklet can be used as a mitigating control to protect impacted Windows systems from the BlueKeep vulnerability.
    See this Worklet in action

  • Mass rollback of unwanted patches. With a few clicks, an admin can deploy a Worklet that will detect the presence of, and subsequently remove, the unwanted patch from any defined group of endpoints.
    See this Worklet in action

  • Manage native OS controls. Enforcing controls such as BitLocker® are easy and can be automated with this simple policy. 
    See this Worklet in action

  • Support legacy OS with mass deployment. This Worklet allows you to quickly and simply deploy an emergency patch across legacy systems to ensure they are less of a risk for exploit. 
    See this Worklet in action


  • Write and test your code on a local machine first.

  • When migrating code over to a Worklet, you might need to adjust for running as System instead of as the logged-in user.

  • Check the results of your remediation code in the Activity Log report.

  • Test your code out on different versions of each OS. There may be changes in locations for settings or registry entries from one version to another.

  • Search for code online that might already do what you need, with a little tweaking.



Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS and third-party patch management, security configurations, and custom scripting across Windows, macOS , and Linux  from a single intuitive console. ITOps and SecOps can quickly gain control and share visibility of on-premises, remote, and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you’re currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Dive deeper into this topic