You're looking at the Yellow Pages for Community Worklets... find Worklets and share your own here!
Recently active
Hello,We’re encountering a problem where we are running a worklet to import a Group Policy object on a domain controller - the Automox worklet runs as System so has no domain permissions to be able to interact with Group Policy. Has anyone found a way to run a set of PowerShell commands within a worklet as a domain user with elevated privileges, eg. Domain Admin?Cheers,Mark.
Hi all, I’m looking for a script to uninstall Adobe Shockwave Player (regardless of the version) from Windows.
I was able to successfully use the “Enforce Bitlocker Encryption” worklet on a few test machines.However, I am curious if anyone knows a way to use Automox to suspend encryption in order to run updates or how to simply decrypt drives with a worklet.The idea of encrypting drives with a worklet is helpful, but manually suspending the encryption and decrypting the devices takes a lot of work.
Howdy! Here is a worklet to detect and disable weak and vulnerable algorithms in the sshd service. These algorithms are usually kept enabled for compatibility reasons but they’re usually safe to disable if your users have updated systems. Here is a good write-up on known weak and vulnerable algorithms. Evaluation: #!/bin/bash sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)" | grep "\(sha1\|rc4|arcfour|md5|blowfish|idea|3des|cast128|cbc\)" # return 0 if value exists; return non-zero if value does not exist [[ $? -eq 0 ]] && exit 1 exit 0 Remediation: #!/bin/bash # Add a definitive list of ciphers to the sshd config. This list was tested to work on a fresh install of Ubuntu 18.04 cat >> /etc/ssh/sshd_config <<EOL Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@ope
I’m trying to push to my users an update to an application called Newsboss.Typically if I just need to run an MSI then I use the override code provided when I load the file into the required software policy, and that has worked well so far. This time I get the response “failed to install software:” in the activity report. If I copy the override code to Powershell ISE and run it then it works as intended, so the code clearly works. What would Automox be doing differently than I am doing in Powershell ISE?
Building a worklet for password management and getting the error below. I created the secret etc. Calling the variable using $secretnamehere and the error is what we get. When I go back to check the Secret Value, click the eye it is empty...but I filled it in lol So is this by design?? Am i just totally n00bing this up lol!?! powershell.exe : Cannot bind argument to parameter 'String' because it is null.At C:\Program Files (x86)\Automox\execDir535623559\execcmd917210426.ps1:150 char:11+ ... return & "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\power ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertTo-SecureString], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertToSe cureStringCommandCOMMAND TIMED OUT.
The following worklet will enable FileVault on Macs and save the recovery key into Automox. To avoid requesting credentials from the user it has been set to enable at the next login. The recovery key will be written to a tag in Automox the next time the worklet runs following FileVault being enabled. Evaluation: #!/bin/bash # # Check if FileVault is enabled if ($(fdesetup isactive)); then echo "FileVault is enabled!" exit 0 fi exit 1 Remediation: #!/bin/bash #Created by Gary Langley #02/12/2020 # # Check if FileVault is enabled or current user is System if ( $(fdesetup isactive) && [ ! -f "/Users/Shared/Automox/filevault.plist" ] ); then echo "FileVault is already enabled!" exit 0 fi # Enable Filevault and get Recovery Key fdesetup enable -defer /Users/Shared/Automox/filevault.plist -forceatlogin 3 -dontaskatlogout # Use Python to parse JSON output from API and return values required for the PUT request python2 -c ' import urllib2 import json import socket import plis
I need a script to uninstall automox agent using GPO.
I hail you, Automox GodsNewbie here, working today with Automox. Day 1. So please bare with me.I am trying to run a policy for a weekly reboot, but am unable to. Would like to have your input.This is the script i got:# Get the last boot up time$lastBootUpTime = (Get-CimInstance -ClassName Win32_OperatingSystem).LastBootUpTime# Get the current date and time$currentDate = Get-Date# Calculate the time difference in days$daysSinceLastReboot = ($currentDate - $lastBootUpTime).Days# Check if the last reboot was more than 7 days agoif ($daysSinceLastReboot -gt 7) # If yes, exit to remediation{ exit 1}else{ exit 0} Force automatic restart after worklet completion is ticked, with the deferrals enabled, to run if the the machine is to have the rebootMy first thought was putting that script on the evaluation code, and a simple write output on the remediation code; no go.I have tried putting exit 1 on the evaluation code and the script on the remediation code; no go.I have tried removing the
We have several policies that are based on a weekly staggered layout by location and 4am deployment (and next check in). However, when we re-image a workstation and Automox gets automatically installed, we would have to wait until the next morning or next update cycle to get software and patches. I dont know if we can do anything like this now, but It would be nice when a new device checks in, is in the default group, or have a command switch to run, that it would automatically force run any associated policies before we deploy back to staff.
Hi ,i’m facing an issue with automox agent installation where its ends up with an error massage saying “Configuration failed “ Running Automox Agent compatibility check... - `C:\Program Files (x86)\Automox\amagent.exe --checkcompat` failed. Error checking compatibility: server returned HTTP status 420: No certificate attached to request. PostInstall_CompatibilityCheck: failed to configure access key Reporting agent installation error... Installation result reported to IRS: True Current Agent service status is STOPPED. failed.
Is there a way to Export non compatible errored devices inside automox? If yes could someone help?
Hi all, I”m looking for the software script to deploy Cisco Secure Client Umbrella module and the root certificate on Mac.
I am trying to modify the Restart the Automox Notifications worklet to restart notifications for Sentinel one. In the notifications panel the Sentinel One notifications are listed as SentinelAgent. I have modified the Evaluation code to be for Sentinel Agent#!/bin/bash# capture logged in userCONSOLE_USER=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }')if [[ -n "$CONSOLE_USER" ]]; then CONSOLE_USER_GUI=$(dscl . read /Users/"$CONSOLE_USER" UniqueID | awk '{print $2}')fi# detect for Sentinel AgentNotifier serviceif launchctl asuser $CONSOLE_USER_GUI launchctl list | grep com.sentinelagent.notifier; then exit 1fiexit 0And the Remediation code#!/bin/bash# capture logged in userCONSOLE_USER=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }')if [[ -n "$CONSOLE_USER" ]]; then CONSOLE_USER_GUI=$(dscl . read /Users/"$CONSOLE_USER" UniqueID | awk '{print $2}')fi# Booto
Using the built in worklet(required software) to deploy our required software but it is now failing every install. Proper named .msi uploaded in payload etc. Here is the code and any insight would be awesome. thanks! exit (Start-Process -FilePath 'msiexec.exe' -ArgumentList ('/qn', '/i', '"Win-Full-8_3_x64.msi"') -Wait -Passthru).ExitCode
Looking about a feature update with end user notifications for updates. We currently push the update notifications to the users. Is there a way they can be notified of what is going to update and also the progress of those updates and once they are completed?
Has anyone had any success deploying the PaperCut Client via Automox? I have tried every angle I can think of and they all time out, or say it was successful but nothing was installed! From PC’s knowledge base it can be deployed via GPO or “ automated software deployment ” I am just banging my head here lol
Has anyone created a worklet to change the root password on Linux machines? Can Secrets be leveraged maybe to have this automated on a 90-120 days basis maybe?
we are missing some critical patches from the previous month and upon checking automox console I do see some systems didnt get the patch applied as expected. is there a way identify the systems with missing Kbs and then apply that to them?
As per the title, I need to copy a file that has [ ] in the filename. When trying to upload, it complains that they’re illegal characters? I guess the workaround would be to upload it without the square brackets, then include a PS command to rename it once it’s been copied down? Any other workarounds (or a fix?) ThanksDanny
Hello,I'm trying to create a worklet to deploy LanguageTool on my Windows x64 fleet. However, in the feedback, it says that the installation went well but ultimately fails. Can you help me fix the code?Evaluation Code ########################################## --! Evaluate Compliance !--if (Get-Win32App | Where-Object { $_.Name -eq $appName }) { Write-Output "$appName is already installed. Now exiting." exit 0}# Si LanguageTool n'est pas détecté, le worklet déclenchera l'installationelse { Write-Output "$appName was not detected." installLanguageTool -AppName $appName -AppInstallerType $appInstallerType -AppURL $appURL -IsSilent}Remediation Code # Set temporary folder path$tempFolderPath = Join-Path -Path $env:TEMP -ChildPath "automox"Write-Output "Creating temporary folder at $tempFolderPath"New-Item -ItemType Directory -Force -Path $tempFolderPath | Out-Null# Download Language Tool setup executable$url = "https://languagetool.org/download/windows-app/LanguageTool-latest.
Hey Folks, We were told that automox team has this road map on agent tamper protection last year, Where are we on this do we have any ETA when this will be implemented.This would be very useful and does not let end users tamper or play with the agents when they are provided with admin rights.
This is an older CVE that was reissued by Microsoft January 21 2022. There is no patch for this vulnerability. It affects all current and previous versions of Windows OS. And is considered “opt-in” with no plans to enforce stricter verification. This is listed in the CISA known exploited vulnerabilities catalog. Updated reissue:CVE-2013-3900 - Security Update Guide - Microsoft - WinVerifyTrust Signature Validation Vulnerability Other:https://nvd.nist.gov/vuln/detail/CVE-2013-3900https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-098 Evaluation Code:#Clears all errors prior to running script$Error.Clear()#All values tested$Value1 = Test-Path -Path "HKLM:\\SOFTWARE\Microsoft\Cryptography\Wintrust\Config"$Value2 = Test-Path -Path "HKLM:\\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Wintrust\Config"$Value3 = Get-ItemPropertyValue -Path "HKLM:\\SOFTWARE\Microsoft\Cryptography\Wintrust\Config" -Name "EnableCertPaddingCheck"$Value4 = Get-ItemPropertyValue -Path "HKLM
Hi all, im trying to fetch those system update packages from endpoints. im doing this via this worklet here , for some reason its not showing output in Automox console. can anyone suggest what am i doing wrong here.. i also have same problem for other command Test-PendingReboot -detailed to when i try to verify if endpoint is waiting for a reboot or not.. i also checked out this too and ive tried both standard output stream PowerShell: Write-Output/Write-Host but none of it worked.. just getting an empty box in log summary. Any help would be highly appreciated. Thanks # Check if the PSWindowsUpdate module is installed, if not, install itif (-not (Get-Module -Name PSWindowsUpdate -ListAvailable)) { Install-Module -Name PSWindowsUpdate -Force -AllowClobber -Scope CurrentUser -Repository PSGallery}# Import the PSWindowsUpdate moduleImport-Module PSWindowsUpdate# Get a list of available updates$updates = Get-WindowsUpdate# Iterate through each updateforeach ($update in $updates) {
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.