Enable Agent Tray

What the Agent Tray restorer does

This Automox Worklet™ restores the visible Automox Agent Tray on Windows endpoints where the tray was previously suppressed. The evaluation script looks for amagent-ui.exe in the two standard install locations, ${env:ProgramFiles(x86)}\Automox\amagent-ui.exe and ${env:ProgramFiles}\Automox\amagent-ui.exe, using Test-Path. When the executable is found, the Worklet resolves the Automox directory with Split-Path and checks Join-Path $automoxDir 'amagent-ui-disable' for the sentinel file that suppresses the tray UI.

If the tray executable is missing, evaluation exits 0 and remediation is skipped. If the tray is installed and the disable file exists, evaluation exits 2 and remediation runs. The remediation script calls Enable-AmagentTray, which re-resolves the Automox directory, verifies it with [System.IO.Directory]::Exists, and deletes the disable file with Remove-Item -Path $disableFilePath -Force. The tray icon then reappears on the next agent service restart or interactive user logon, without a reboot.

The Worklet is idempotent. If the disable file is absent on a second run, the Worklet writes "Disable file does not exist, tray already enabled" and returns success without touching the file system. That property lets you bind this Worklet to a recurring policy and use it as a drift guard for any fleet where a prior policy or admin action may suppress the tray again.

Why restore the Agent Tray on every Windows endpoint

When the Automox Agent Tray is suppressed, end users lose the only on-endpoint signal that patches are queued, that a reboot window is approaching, or that the agent has not checked in. Helpdesk tickets shift from "the icon shows pending" to "my laptop just rebooted itself and I don't know why," and field technicians lose the quickest local diagnostic they have. Restoring the tray surfaces patch status, the next scheduled maintenance window, and the last agent sync time directly in the Windows notification area, which cuts triage time on every endpoint where the tray was inadvertently hidden by a build script, a legacy image, or a one-off Disable Agent Tray run.

The amagent-ui-disable file gets dropped by legacy gold images, a one-off Disable Agent Tray Worklet run from a previous owner of the policy, or a build script that copies it from a template directory. Schedule this restorer against the Windows workstation and server groups where the tray should be visible, and the next evaluation will catch and remove the sentinel file without touching endpoints that already pass the check.

How Agent Tray restoration works

1. Evaluation phase: The Worklet iterates the candidate paths ${env:ProgramFiles(x86)}\Automox\amagent-ui.exe and ${env:ProgramFiles}\Automox\amagent-ui.exe and runs Test-Path against each. The first match wins and Split-Path -Parent resolves the Automox installation directory. The script then runs Test-Path on Join-Path $automoxDir 'amagent-ui-disable'. If the executable is absent the script writes "Automox Agent Tray not found. Skipping remediation." and exits 0. If the executable is present and the disable file exists the script writes "Agent Tray is currently disabled. Remediation will enable it." and exits 2 so Automox schedules remediation. If the disable file is absent the script writes "Agent Tray is already enabled. No action needed." and exits 0.

2. Remediation phase: Enable-AmagentTray re-resolves $automoxDir against ProgramFiles(x86) first, then ProgramFiles, and confirms the directory with [System.IO.Directory]::Exists($automoxDir). The function joins the path to amagent-ui-disable, calls Test-Path, and on a hit runs Remove-Item -Path $disableFilePath -Force inside a try/catch. The function returns $true on success and the script exits 0; any caught exception logs to Write-Error and exits 2. The tray icon reappears on the next amagent service restart or the next interactive user logon. No reboot is required.

Agent Tray restoration requirements

• Windows 10, Windows 11, or Windows Server 2016 and later

• PowerShell 5.1 or higher available to the Automox agent context

• Automox Agent installed with the tray component so amagent-ui.exe is present under C:\Program Files\Automox or C:\Program Files (x86)\Automox

• Local SYSTEM or administrative rights to remove amagent-ui-disable from the Automox installation directory (the default Automox agent context already meets this)

• No conflicting GPO, MDM, or build script that re-writes amagent-ui-disable after this Worklet runs; if one exists, retire it before scheduling this policy

Expected Agent Tray state after restoration

After remediation, the amagent-ui-disable sentinel file is absent from the Automox installation directory and the tray icon reappears in the Windows notification area on the next amagent service restart or interactive user logon. Clicking the icon exposes the current sync status, the last evaluation time, queued patches, and the next scheduled maintenance window. Subsequent policy runs report the endpoint as compliant and exit 0 without touching the file system, because evaluation finds the disable file already gone.

Validate from PowerShell with Test-Path "${env:ProgramFiles(x86)}\Automox\amagent-ui-disable" and Test-Path "${env:ProgramFiles}\Automox\amagent-ui-disable"; both should return False. Confirm the UI process with Get-Process -Name amagent-ui -ErrorAction SilentlyContinue once a user session is active. The Automox console activity log records the run with exit code 0 on success and the line "Removed disable file:" followed by the resolved path; on systems where the tray was already enabled the log line reads "Disable file does not exist, tray already enabled." Exit code 2 from remediation indicates the Enable-AmagentTray function caught an exception while removing the file and the disable file may still be present; rerun the policy after resolving the underlying permission or path issue.