Upgrade Your Agents That Didn't Auto-Upgrade to the Latest Version

Sometimes the auto-update process can fail for an agent and when it does, it gets stuck at the older version as newer versions are released. This worklet seeks out those older agents and attempts to upgrade them. If the agent is very old or not functioning properly, this worklet may not work. I’ve only been able to test on systems going back to v1.0.25, but I’m betting it can get older ones upgraded as long as the agent is functional.

If you’re unsure of the status of your agent versions, you can run this agent health report which will give you all of the agent versions on your devices along with some other information on them you might find handy:

Note: In testing I’ve seen devices that can appear as “Pending Update” for up to 15 minutes. Please allow time for the device to appear back in a “Ready” state.

Evaluation:

<#
.SYNOPSIS
    Upgrades agents to the latest version if they somehow didn't auto-upgrade on their own
    OS Support: Windows 7 / Server 2008 R2 and above
    Powershell: 2.0 and above
    Run Type: Evaluation

.DESCRIPTION
    This worklet is designed to look for agents that weren't able to auto-update to the latest version and attempts to update them.
    If an older version of the agent is found making it non-compliant, the evaluation script will close with an
    exit code of '1' to trigger remediation.

.REQUIREMENTS    
    $currVer needs to be set to the latest version in the format "1.0.xx".  The version can be identified in the name of the install file.

.NOTES
    Author: twiese
    Date: June 23, 2021
#>

$currVer = "1.0.31"

$product = Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object { $_.DisplayName -EQ "Automox Agent" }
If ($product.DisplayVersion -lt $currVer) {
  Exit 1
}
else
{
  Exit 0
}

Remediation:

<#
.SYNOPSIS
    Upgrades agents to the latest version if they somehow didn't auto-upgrade on their own
    OS Support: Windows 7 / Server 2008 R2 and above
    Powershell: 2.0 and above
    Run Type: Remediation

.DESCRIPTION
    This worklet is designed to look for agents that weren't able to auto-update to the latest version and attempts to update them.
    If an older version of the agent is found, this remediation script will update the agent to the latest version which
    is specified at the beginning of this script.

.REQUIREMENTS
    $installMSI needs to be set to the name of the installer file uploaded to the worklet.
    $accessKey needs to be set to the organization's access key
    Automox install file needs to be uploaded to the worklet

.NOTES
    Author: twiese
    Date: June 23, 2021
#>

############### Set variables ################
#
# Make equal to agent file uploaded to worklet
$installMSI = "Automox_Installer-1.0.31.msi"
#
# Set organization access key
$accessKey = 'ORG_ACCESS_KEY'
#
##############################################

# Set install location and arguments for installer
$installPath = "$env:windir\Temp"
$arguments = "/I $installPath\$installMSI ACCESSKEY=$accessKey /qn /norestart"

# Copy the file attached to worklet to the system
Copy-Item $installMSI -destination $installPath

# Creates scheduled task to run as SYSTEM and deletes task when done
$taskName = "AX Agent Upgrade"
$runAsaccount = "SYSTEM"

$ShedService = New-Object -comobject 'Schedule.Service'
$ShedService.Connect()

$task = $ShedService.NewTask(0)
$task.RegistrationInfo.Description = $taskName
$task.Settings.Enabled = $true
$task.Settings.AllowDemandStart = $true
$task.Settings.DisallowStartIfOnBatteries = $false
$task.Principal.RunLevel = 1

$trigger = $task.triggers.Create(7)
$trigger.Enabled = $true

$action = $Task.Actions.Create(0)
$action.Path = "msiexec.exe"
$action.Arguments = $arguments
$taskFolder = $ShedService.GetFolder("\")
Write-Output "Initializing Install... "
$taskFolder.RegisterTaskDefinition($taskName, $task , 6, "$runAsaccount", $null, 4) | Out-Null

# Check status until task has completed
DO
{
    (Get-ScheduledTask -TaskName $taskName).State | Out-Null
}
Until ((Get-ScheduledTask -TaskName $taskName).State -eq "Ready")

# Cleanup by deleting task and install file
Unregister-ScheduledTask $taskName -Confirm:$false
Remove-Item "$installPath\$installMSI"
Write-Output "Upgrade Process Completed"
1 Like

So, I’ve taken the remediation portion of this script to try to install a troublesome MSI file that wont work through the normal Automox worklet scripting. Basically all i changed was $installMSI to match the MSI file that I uploaded to the worklet and changed $taskName to my own task name and changed the $runAsaccount to a local admin account. I ran the script on a test device and it copied the MSI to the Windows\Temp but it did not create a scheduled task or proceed to install. It appears to have hung after the copy and the exec directory in the amgent directory still has the PS script and MSI file.

Any ideas?