Windows - Configuration - Copy File From Payload

What the Copy File from Payload Worklet does

This Automox Worklet™ copies files from the Worklet's payload storage to a destination directory you specify on Windows endpoints. You can upload any file–configuration files, scripts, MSI installers, or data files–and the Worklet automatically distributes it to multiple endpoints.

The Worklet uses PowerShell's Copy-Item cmdlet to transfer files from the Worklet's working directory to your specified target path. If the destination directory doesn't exist, the Worklet automatically creates it before copying the file, verifying reliable file placement even in new directory structures.

Why distribute files through Automox Worklets

Software deployments often require supporting files like configuration files, license keys, custom scripts, or data files that must exist on the endpoint before an application can run. Manually copying these files to hundreds or thousands of endpoints wastes hours of administrative time and introduces errors when technicians miss endpoints or copy files to wrong locations.

Group Policy Preferences can deploy files but requires Active Directory infrastructure, creates unnecessary dependencies, and lacks the flexibility to target specific endpoint groups or execute only under certain conditions. GPO-based file deployment also struggles with large files or binary payloads that exceed GPO size limits.

Some applications cannot pull configuration files from network shares due to permission restrictions, timing issues during boot, or network connectivity requirements that are not met when the application starts. These applications need their configuration files copied to specific local paths before they launch.

Security tools, monitoring agents, and custom scripts often require certificate files, authentication tokens, or encrypted configuration files deployed to predefined locations. These files contain sensitive data that should be distributed through secure, auditable channels rather than network shares where permissions and access logging are difficult to control.

How payload file distribution works

1. Evaluation phase: The Worklet checks if the target file already exists at the specified filepath. If the file is present, evaluation returns success (exit code 0) and remediation is skipped, preventing unnecessary file overwrites. If the file is absent, evaluation returns failure (exit code 1) to trigger remediation.

2. Remediation phase: The Worklet verifies the destination directory exists, creating it with New-Item if necessary, then copies the payload file from the Worklet's working directory to the target location using Copy-Item with the Force parameter to overwrite any existing file.

File distribution requirements

• Windows 7 or later (workstations) or Windows Server 2008 R2 or later

• PowerShell 3.0 or later (usually pre-installed on supported Windows versions)

• File uploaded to Worklet payload before deployment–the file must be present in the Worklet configuration

• Write permissions to the destination directory path or the parent directory if the Worklet needs to create it

• Configure the $filename and $filepath variables in the Worklet script to match your target file name and destination directory

Expected file distribution state

The payload file is copied from the Automox Worklet payload folder to the destination path you specified in the Worklet parameters. The file exists on the endpoint's local storage with the same name and contents as the original payload file you uploaded.

Applications can now access the file at the specified location. Configuration files are in place before applications start. License keys, certificates, and authentication tokens are available when software needs them. Scripts and executables are staged in their required directories ready for execution.

The file persists on the endpoint until you delete it manually or with another Worklet. The file permissions match the default permissions for the destination folder, or you can specify custom permissions as part of your deployment process.

You can verify the file deployment by checking the destination path on the endpoint. The file's creation timestamp shows when the Worklet ran, and the file size matches the original payload file uploaded to Automox.

How to validate copy file from payload changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for copy file from payload.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Test-Path, Write-Output.

4. Validate remediation effects from script operations such as Test-Path, Write-Output, Copy-Item, then rerun evaluation for compliance.