Execute Multiple Policies on a Windows Machine Using API

This script will apply multiple policies from your organization to a system. Say you always apply the same five policies to a newly built system, you could use this to apply those policies with one click to your new system. This will install any policy available in your organization regardless of whether it is attached to the group the system is in or not.

Make sure you’re not attempting to apply a macOS/Linux worklet or required software to a Windows device.

Just set the following:

$apiKey = 'YOUR_API_KEY' - in your console, go to Settings->API and select the API key. Note that the API key is per admin user, so you and another admin in your console will have different API keys.

$orgID = 'YOUR_ORG_ID' & $serverID = 'YOUR_SERVER_ID' - put your Org ID & Server ID which can be found by looking at the URL on the device page and selecting the value after the “?s=” & “?o=”: [https://console.automox.com/device-detail?s=99999&o=1234]. In this example the Server ID is 99999 and the Org ID is 1234.

$policies - put your list of PolicyIDs here. For example, $policies = @(11111,22222,33333). The easiest way to find the policy IDs are to go to the page of each policy and grab the value after the “&pid=” : [https://console.automox.com/policy-custom-editor?frompage=system-management&pid=99999&o=1234]. In this example the policy ID is 99999.

$apiKey = 'YOUR_API_KEY'
$orgID = 'YOUR_ORG_ID'
$serverID = 'YOUR_SERVER_ID'

$policies = @(PolicyID1,PolicyID2,PolicyID3,PolicyID4,PolicyID5,etc...)

foreach ($policy in $policies) {

    $headers = @{ "Authorization" = "Bearer $apiKey" }

    $url = "https://console.automox.com/api/policies/$policy/action?o=$orgID&action=remediateServer&serverId=$serverID"

    Invoke-WebRequest -Method POST -Uri $url -Headers $headers

}
2 Likes

@Mrichards and @cfrieberg - you might find this one useful for your purposes, around installing multiple software titles on a newly imaged machine.

1 Like

ahh very interesting thanks @Nic and @Tony - we will review this
Would we have to update the serverID each time then? The idea helps overall but still not fully automated if that is the case

1 Like

So this will help a little, repurposed @JHagstrom’s script for API calls (I’m still an API noob) for us to be able to find the correct device ID. So you would basically attach this to a policy that would kick off all other policies that you wanted as a baseline. Next step would be to figure out how to incorporate this into a outgoing slack webhook or something similar so our helpdesk would be able to just one button press in slack to provision a workstation.

(According to Nic’s last Office hours, you can just go to the device page and mass click all the policies and they will queue up nicely). So thats also another route.

Also, I haven’t figured out a way to get a device’s ID without pulling the entire org’s data and doing a giant foreach loop. Feature request to embed that deviceID somewhere where we can call it locally?

###
#User defined Variables:
$apiKey = 'Your API key here'
$policies = @("array","of","policies")

###
#Start of code
$apiUrl = "https://console.automox.com/api/servers/"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $apiKey")

#Get all devices in the org to parse
$response = Invoke-RestMethod $apiUrl -Method 'GET' -Headers $headers -Body $body
$response | ConvertTo-Json
$currentMachineName = $env:COMPUTERNAME;
#Perform loop to figure out what our deviceID is and populate variables
foreach($server in $response)
{
	$name = $server.name;	
    if($currentMachineName -eq $name)
    {
		$serverid = $server.id
		$orgID = $server.organization_id
     }
}
foreach ($policy in $policies) {
    $headers = @{ "Authorization" = "Bearer $apiKey" }
    $url = "https://console.automox.com/api/policies/$policy/action?o=$orgID&action=remediateServer&serverId=$serverID"
    Invoke-WebRequest -Method POST -Uri $url -Headers $headers
}
3 Likes

I’ve been thinking this one over and I think the easiest way to get a list of server IDs for the list of new devices you are imaging is from exporting the devices page CSV.

You could filter the devices page either by Recently Added, or by group if you have all those new machines in a group ready to have software installed. When you export the CSV the first column has the device/server ID listed. Then you could modify the script to ingest that CSV and run the set of policies for all the listed devices. So basically an extra loop around the current script to pull in the first device ID, loop through all the policy API calls, then move to the next line in the CSV. Would that be feasible?