Question

What determines if the Remediation Code is executed?

  • 5 August 2022
  • 4 replies
  • 309 views

Badge

I have a Worklet that installs an application with the evaluation code below. When I run this in powershell on my computer, it returns a 0 because I do have the folder. But yet, the Remediation code runs and installs the application again. SO, my question is - If the Evaluation returns a 0, does that prevent the Remediation code from running at all (which is what I thought) or, do I need to check for 0 somehow in the Remediation code and Exit if 0?

 

If (Resolve-Path -Path "C:\BeyondTrust\*")
    {
        return 0
    } 
    else 
    { 
        return 1 
    }


4 replies

Hi mbailey218,

 

You are correct, if a script returns “Exit 0” we will mark the device as compliant and not run or queue Remediation. I have not used “return’ personally so I can not speak if that works as well, but Exit 0/Exit 1 has always worked for me. 

Generally we recommend using “Exit 0” and “Exit 1” as Kyle mentioned.
 

A couple of additional notes, if you are running the policy by executing it now; the evaluation is ignored. And only the remediation is executed. 
 

Also, you are using Resolve-Path in your logic, I’d recommend using a Test-Path, as it returns a boolean result. 

I tested with the code below and it worked as expected. First I started by scheduling the Worklet to run a few minutes in the future, 10 minutes, and did a scan on the device so it would know that the policy existed.

Evaluation Code:

if (Test-Path -Path "C:\BeyondTrust\Test.txt")
{

Add-Content -path "C:\BeyondTrust\Test.txt" -value "Folder Exist. Exit 0."
Exit 0
}
else
{
New-Item -ItemType Directory -Force -Path C:\BeyondTrust
New-Item -path C:\BeyondTrust\ -name Test.txt -type "file"
Add-Content -path "C:\BeyondTrust\Test.txt" -value "Created new file. Exit 1."
Exit 1
}

Remediation Code:
 

Add-Content -path C:\BeyondTrust\Test.txt -value "Evaluation continued to Remediation Code."
Exit 0

 

Reply