Clean up Automox Licenses

  • 18 February 2021
  • 8 replies
  • 429 views

Userlevel 4
Badge

I am not sure if anyone has this need (or if this has been posted before), but here’s a little Powershell script you can run with a scheduled task to delete hosts that have not reported back to Automox after xxx days. I have this configured on a server and it helps me manage the Automox licenses automatically.


#Define API Key and URL to get initial Machine list
$apiKey = "<insert your API key here>"
$headers = @{"Authorization" = "Bearer $apiKey"}
$lengthPerPage = 100
$pageCounter = 0
$maxItems = 0
$maxDays = 30

do
{
$apiUrl = "https://console.automox.com/api/servers?l=$lengthPerPage&p=$pageCounter"
$response = Invoke-RestMethod $apiUrl -Method 'GET' -Headers $headers -Body $body
$a = $response | ConvertTo-Json
$maxItems = $response.results.count
$currentItem = 0

foreach($server in $response.results)
{
$lastCheckin = Get-Date
if ($server.last_disconnect_time)
{
$lastCheckin = [datetime]$server.last_disconnect_time
}
$span = New-TimeSpan -Start $lastCheckin
Write-Host $server.display_name $span.days "days last seen"

if ($span.Days -ge $maxDays)
{
$serverID = $server.id
$orgID = $server.organization_id

Write-Host $server.display_name ": initiating delete."
$delURI = "https://console.automox.com/api/servers/" + $serverID + "?o=$orgID"
Write-Output $delURI
Invoke-WebRequest -Method Delete -Uri $delURI -Headers $headers
}
}
$pageCounter++
} while ($maxItems -ne 0)

8 replies

Userlevel 3
Badge

That’s an interesting one - thanks.


I had always thought that if a disconnected device with the endpoint installed is removed from the console, it will claim a license when the device reconnects. It was a long time ago when I went over our allocation, so I could be wrong.

Userlevel 4
Badge

From my conversations with support, removing a device from the console will cause the agent to uninstall itself.

Userlevel 3
Badge

I must try that out. I know from past experience that I have went over my license allocation by turning on an old laptop that still had a client on it. That was in 2017 though, so things might have changed.

Userlevel 7

That’s changed - if you uninstall in the console while the endpoint is off, then next time that endpoint checks in the uninstall command will be pushed down to the endpoint rather than it re-registering in the console. If you’re still seeing this behavior with any of your endpoints let me know so we can get support investigating.

Userlevel 3
Badge

That’s interesting to know. As I had been caught out in the past, I have always been concerned about using my full allocation of licenses. It has not happened for years now, so I am sure from what you say it can’t happen now.

Nic,


I can open a ticket, but I’m interested if you know how we can determine the agent’s health (last check-in or last time patched) from the local registry? I know we can dig into the amagent.log file, but that does not allow us to scan the system with any of our tools to see the agent’s status. We us PDQ Inventory/Deploy for Automox deployments. In the past, I have had systems with Automox installed and the service running (we check for both), but their system was missing in the Automox console. If we had a registry value to key off of, we could scan for it and report on it.


Thanks

Userlevel 7

That’s an interesting problem. Did those machines ever show up in the console and have since vanished, or did they never show up at all after the initial install?


Just spitballing, but here’s some approaches I think might be feasible:



  1. Get a list of all systems that have the agent installed and the service running, and then do a diff on that list versus an export of all your endpoints showing in the console (make sure they’re both sorted alphabetically). You can do that export either using the API or just a csv export from Devices page. As long as you haven’t changed the device names within Automox, those should match the machine names.

  2. Slurp up all the amagent.log files and grep them for the last disconnected time. You’d have to use something other than Automox to grab all the log files though, since the machines you want aren’t showing in the console.

  3. Run this command on all the endpoints: amagent --checkcompat in the C:/Program Files/Automox/amagent.exe directory. This will return info about the endpoint including what org it is connected to. You can run that on one of the devices that isn’t connecting to see what it returns and then check for that on the result of the other runs.


Let me know if any of those sound feasible!

Sorry for the delay Nic. Thanks so much for the reply. I will give all three a shot and revert back.


Best,


Gabe

Reply