Dynamic Groups Worklet Workaround API Script (runs multiple RSP & worklet policies against a list of devices)

This script will let you run an arbitrary number of required software policies or worklets against a list of devices exported from the Devices page, in essence giving you a workaround to implement a dynamic group functionality.

  1. Go to your devices page and filter for the devices you’d like to run the policies against.
  2. Click the select all box to select all of those devices.
  3. Click Export which will save a csv file that contains one line per device, named automox-devices.csv.
  4. Replace YOUR_API_Key with a valid API key from your console.
  5. Replace YOUR_ORG_ID with the orgID for your console (you can get this from the browser URL for your console: look for the o=1234 portion and that 1234 is your orgID).
  6. Replace PolicyID1,PolicyID2,PolicyID3,PolicyID4,PolicyID5,etc… with a list of the policies you want to run, each one separated by a comma. To find the PolicyIDs, edit the policy you wish to include and look for the pid=123456 in the URL. That 123456 is the Policy ID that you’ll put in the list. Repeat this for all the policies that you want to run against the list of devices exported in step 3. The final result should look like:
    $policies = @(123456,654321,394934)
  7. Save your script as dynamicgroup.ps1 and make sure that the script and automox-devices.csv file are in the same directory.
  8. Open up a command shell, navigate to the directory that the script and export csv file are in, and run the script with the following command:
    powershell .\dynamicgroup.ps1
  9. The output returned will be the result of each API call, looping through all of the policies for each device in the automox-devices.csv file.
  10. Look in the Activity Log to see the results of the policies or worklets run against the list of devices.
  11. Once you have your script setup, repeat steps 1-3 and step 8 to run the same policies or worklets against a new set of devices. Note that each subsequent export will save as automox-devices (1).csv if you don’t remove the previous automox-devices.csv file, so make sure to get rid of your previous export file, or rename it).
  12. Final note: this script just executes the policies without checking the policy state on that device, or running the evaluation code in a worklet. It just executes the policy with no evaluation checks and no notifications. There are no checks to validate the OS version or to reboot after a patching policy if necessary. These API scripts don’t include any of the guardrails included when you run similar operations through the console.
$apiKey = 'YOUR_API_KEY'
$orgID = 'YOUR_ORG_ID'

$policies = @(PolicyID1,PolicyID2,PolicyID3,PolicyID4,PolicyID5,etc...)

$file = Import-Csv "automox-devices.csv" 
foreach ($line in $file)
	foreach ($policy in $policies) {
    		$headers = @{ "Authorization" = "Bearer $apiKey" }
		    $url = "https://console.automox.com/api/policies/$policy/action?o=$orgID&action=remediateServer&serverId=$serverID"

    		Invoke-WebRequest -Method POST -Uri $url -Headers $headers -UseBasicParsing

If you run into any issues or problems getting this to work, please let me know in the replies and I’ll help you troubleshoot.

1 Like