Hi @Morgan!
I recommend trying the steps documented in this KB article: https://help.automox.com/hc/en-us/articles/7454299464340-M1-Secure-Token-Issues-on-Agent-39
The most important part is removing the Automox Service account first, uninstalling the agent, reinstalling, and then re-adding the Automox Service account with the Secure Token Access.
Our Solutions Consultant team also put together a script that can help with automating the process. If you decide to use the script, be sure to input your Automox ACCESSKEY in the script variable.
#!/bin/bash
ACCESSKEY=""
AutomoxLoc="/usr/local/bin/amagent"
LatestAgentCheck=$("${AutomoxLoc}" --help 2>&1 | grep -o "1.42.22")
AXServiceAccount=$(dscl . list /Users 2>&1 | grep -o _automoxserviceaccount)
CurrentUser=$(stat -f %Su /dev/console)
AdminUser=$(id -Gn $CurrentUser | grep -w -o "admin" | head -1)
function errMessage() {
echo "$1" >&2
}
function installLatestAgent() {
curl -sS "https://console.automox.com/downloadInstaller?accesskey=$ACCESSKEY" | sudo bash
}
function removeAgent() {
sudo /usr/local/bin/amagent --deregister
sudo launchctl unload /Library/LaunchDaemons/com.automox.agent.plist
sudo rm -f /usr/local/bin/amagent
sudo rm -rf "/Library/Application Support/Automox/"
}
function removeServiceAccount() {
if [[ ! -d "${AXServiceAccount}" ]]; then
echo "Automox Service Acccount found, attempting removal..."
sudo dscl . delete /Users/_automoxserviceaccount
sleep 5
fi
}
function checkAdminStatus() {
if [[ "${AdminUser}" != "admin" ]]; then
errMessage "Current user is not an admin, exiting script as SecureToken passing will not be feasible with this method."
exit 1
fi
}
function enableSecureToken () {
sudo /usr/local/bin/amagent --automox-service-account enable
sleep 1
sudo /usr/local/bin/amagent --automox-user-prompt enable
sleep 2
}
function checkAgentInstall () {
if [[ ! -d "${AutomoxLoc}" ]];
then
echo "Latest Agent Installed successfully, agent version is $LatestAgentCheck."
else
errMessage "Latest agent did not get installed successfully, exiting script."
exit 1
fi
}
function checkSecureTokenStatus () {
AXSecureToken=$(sysadminctl -secureTokenStatus _automoxserviceaccount 2>&1 | grep -o "ENABLED")
if [[ "${AXSecureToken}" == "ENABLED" ]]; then
echo "Secure Token is enabled on the Automox Service Account. Script completed successfully."
exit 0
else
errMessage "Secure Token did not get passed successfully to the Automox Service Account."
exit 1
fi
}
checkAdminStatus
if [[ ! -d "${AutomoxLoc}" ]]; then
echo "Automox installed, starting uninstall process."
removeAgent
removeServiceAccount
fi
installLatestAgent
enableSecureToken
checkAgentInstall
checkSecureTokenStatus
Note that both methods (the KB article steps and/or the bash script) will require you to run them locally on the device with an administrator account, or be deployed through an MDM. You will not be able to utilize these methods through a worklet.
If you are continuing to experience issues, please open up a Support ticket with our team so they can further assist: https://help.automox.com/
Have a great day!