Skip to main content

You know how there is a checkbox in the worklet schedule for "If a device misses a configured patch time, it will patch the next time the device checks in” ?



What constitutes a “checks in” event? If I reboot my computer, and then the machine starts up again and the Automox agent connects back to the Automox cloud, does that count as a “checks in” event?

Hi Jesumyip,


For this it’s actually more to do with a system being offline or not communicating with Automox at the time of the patch/policy run window. So if you have a worklet set to run at 8am and the system is offline until 9am, as long as that system saw that policy before it went offline, it will run when it connects to Automox at 9am.



From the sounds of what you are describing it appears that the system you have this worklet scheduled for is online when it was supposed to run the worklet. This is not the same thing for the missed patch window. It is probably likely that this system did not scan after the worklets were assigned to the group this system was in or before this system was assigned to a group before they were supposed to run.



To prevent this kind of situation I would have the system manually run a scan after it’s attached to a group with the policies or when you make a change to any of the policies you wish for the system to run if the policy needs to run sooner than 24 hours.


Aah! Thank you for the clarification. So it sounds like I will need to trigger a manual scan from within the system itself e.g. something like this - 

 


My situation is this: i have newly provisioned a system, and I am waiting for it to enforce all the required software policies from Automox.



It sounds like I either have to trigger this manually (either from the system itself via API call to Automox, or from the Automox console) or wait at least 24 hours for the next patch window. Is that understanding correct?



Also, when you say “that system saw that policy” - how often does the system poll the Automox cloud to check which policies apply to it?


I have another question. Is there a way for me to call the automox API with a filter criteria based on hostname (or some other identifier which I can pull out of the host itself using Powershell)? I don’t want to have to download the entire list and then filter that to find the device. I also don’t want to write logic to specify length and page number for the JSON return (if possible).


For the first question, the scan’s are based on the group they are in. So it is anywhere between 6-24 hours unless it’s manually executed. You can trigger a scan through the API or you can do it through the Devices page or on an individual device in the Device Details page.



For this, there is not at least not natively. You would need to script that out in something to be able to handle it but I do believe you would need to pull the full list of say systems, find the name of the system and pull the ID and pass it along to the other parts of the script to hand off to our API.


For the software install policies, this script might be able to help. It allows you to trigger a bunch of policies for a device, with the idea of running all the installer policies or worklets:
 

 


This script will apply multiple policies from your organization to a system. Say you always apply the same five policies to a newly built system, you could use this to apply those policies with one click to your new system. This will install any policy available in your organization regardless of whether it is attached to the group the system is in or not.
Make sure you’re not attempting to apply a macOS/Linux worklet or required software to a Windows device.
Just set the following:
$apiKey…

 

 

 

 




One shortcut to this is to filter the Devices page for just the devices you want (such as Recently Added) and then export that to CSV. The first column of the CSV is the device ID, so that’s a quick and dirty way to get all the device IDs for a bunch of devices in Automox.


Thank you so much ❤ everyone who responded!


So I’ve put together a script that fliters only the “Default Group” to get a list of devices. This will return me a smaller subset than the entire org. My goal is for this to apply only to machines that are newly imaged.



My next question is: how do I trigger the machine to evaluate all policies that apply to that group? I’ve seen https://docs.automox.com/api/endpoints/issue-a-command-to-a-device. But I don’t see a command that does this. Do I have to manually enumerate all policies (via script) that apply to a group then do this https://docs.automox.com/api/policies/start-policy-for-immediate-remediation#policies-id-action for each of the policies?


Reply