Skip to main content

Following on from the first deep dive interview with @Mrichards, we have @jesumyip this time to tell us more about the creation process for his scheduled task worklet.



Nic: What was the impetus for creating this worklet?



Je Sum: I wanted to duplicate GPO behaviour. My goal was to eventually replace GPO in my organization with Automox. And one of the most troublesome behaviour to remove is when a group policy runs in the user context. It is difficult (not impossible, but a lot of code is required in the worklet) for the Automox agent to duplicate that behavior given that it runs in the SYSTEM context.



Nic: What difficulties or obstacles did you run into?



Je Sum: Trying to figure out how to work this using 100% Powershell only. I eventually realized it cannot be done - you need access to COM to complete the task.



Nic: What sorts of scheduled tasks are you automating using this worklet?



Je Sum: It is mostly registry changes now - for example, disabling macros in Office to avoid macro-related malware from spreading easily. Basically anything that requires access to HKCU of the registry hive. This was triggered by a global Emotet campaign around the second half of last year.



Nic: How did you get started writing scripts in Powershell?



Je Sum: That goes back many years. 🙂 I started working on computers with an Apple II+, learning BASIC and then moving on to 6502 assembly language. I eventually moved on to Pascal, C, C++, and VB on Windows. From there, it was easy to pick up VBScript (I never could get batch files to do the things I wanted to due to its limited functionality). And when Microsoft introduced, Powershell, I immediately fell in love (especially coming from what I used to work with C and C++).



Nic: What are your favorite scripting resources?



Je Sum: Google, Stackoverflow, and ss64.com.



Nic: What is your number one feature request or improvement idea for the Worklet system?



Automox has already implemented it - a worklet repository - built by Automox, community members, and Automox customers who are willing to share. There’s so much you can do with Powershell.





Thanks for taking the time to answer our questions @jesumyip! If anyone has any other questions they’d like to ask, feel free to reply below.

Be the first to reply!

Reply


Terms & ConditionsCookie settings