Reclaim Disk Space from Stale Automox Exec Folders

What the stale-exec-folder cleaner does

This Automox Worklet™ identifies and removes old temporary execution folders that the Automox agent leaves behind on Windows endpoints after a command run completes. The Worklet scans the agent's working directory for exec folders whose modified timestamp is older than a configurable cutoff (default seven days), then removes them with Remove-Item. After remediation, the working directory contains only the artifacts the agent still needs.

The Worklet reads a single parameter, MaxAgeDays, which controls the deletion threshold. Endpoints with stricter retention requirements can lower it to one or two days; endpoints that need a longer audit trail of past runs can raise it to thirty or sixty. The script enumerates folders with Get-ChildItem -Directory and filters by LastWriteTime so the timestamp reflects the actual completion of the run, not just the original folder creation time.

Because the evaluation phase counts the matching folders before removing anything, the Worklet reports a clear before-and-after metric in the Automox activity log: how many folders existed, how many matched the age filter, and how much disk space was reclaimed. That output makes the cleanup auditable and gives operations a measurable signal that the policy is doing useful work each time it runs.

Why clean up stale Automox exec folders

Every Automox command that runs on a Windows endpoint stages its working files in a temporary exec folder. On a healthy endpoint, those folders get reused or cleared on the next run. On a long-lived Windows server with hundreds of policy executions per month, or on a laptop that runs a heavy patching schedule, the folders accumulate. The agent does not aggressively garbage-collect them because some operations write artifacts that operations teams want to keep for a few days after the run completes.

The Automox agent creates a fresh exec folder under C:\ProgramData\amagent\exec\ for every command it runs, and a forgotten Windows file server with a year of productive policy history can accumulate gigabytes of these directories without anyone noticing. Schedule this Worklet on a monthly cadence against the Windows workstation and server policy so stale exec folders older than the configured retention window are enumerated and removed on every pass. A disk-full alert on a quiet file server stops being the first signal that the agent has been doing its job. Pair the cleanup with a free-disk-space monitoring Worklet for a complete maintenance loop.

How the exec-folder cleanup works

1. Evaluation phase: The Worklet runs Get-ChildItem against the Automox agent's exec parent directory and filters with Where-Object { $_.LastWriteTime -lt (Get-Date).AddDays(-$MaxAgeDays) }. It counts the matching folders, sums their total size with Measure-Object, and reports the candidate set to Write-Output. If at least one folder matches, the endpoint is flagged for remediation. Endpoints with no stale folders are reported compliant and skipped.

2. Remediation phase: The remediation script iterates the matched folder list and runs Remove-Item -Recurse -Force on each, catching exceptions so a single locked file does not abort the whole pass. The script then re-counts the remaining folders, computes the reclaimed disk space, and writes a final summary line to Write-Output. Exit 0 if all targeted folders were removed cleanly; non-zero with the offending paths in stderr if any deletion failed.

Exec-folder cleanup requirements

• Windows 10, Windows 11, or Windows Server 2016 and later with PowerShell 5.1 or PowerShell 7 available

• Local administrator privileges on the target endpoint (the default Automox agent context satisfies this)

• The MaxAgeDays parameter set to a value that matches your runbook retention rule (default 7, tighter values supported)

• Awareness that running this Worklet removes the on-disk artifacts of past command runs; if operations needs those artifacts for forensic review, increase MaxAgeDays before scheduling the policy

• Backup or SIEM export of any exec-folder content you want to keep beyond the threshold; the Worklet does not archive before deleting

Expected state after the cleanup runs

After remediation, the Automox agent's exec parent directory contains only folders newer than MaxAgeDays. The activity log records the number of folders removed and the disk space reclaimed. Subsequent policy runs report the endpoint as compliant unless new stale folders have aged past the threshold, at which point the cycle repeats and the next run keeps the directory pruned.

Validate the Worklet's behavior on a single Windows endpoint first by running Get-ChildItem against the exec parent directory before and after the policy, then comparing folder counts and total disk usage. For audit evidence, capture the Worklet's Write-Output summary line and store it with the policy run identifier. A regression where folder counts climb again over time is normal as new runs land; the Worklet is designed to run on a recurring schedule (weekly is a common choice) rather than as a one-time cleanup.