Worklet is unexpectedly showing as "Pending Update"
Occasionally, a worklet may show a "Pending Update" status in the Automox console even after it has been successfully executed. This status is indicated by a clock icon and can occur with worklets that make registry changes or other similar operations.
Root Cause
The "Pending Update" status is determined by the Evaluation Code in the worklet. This code checks the device's compliance status (compliant, non-compliant, or pending). For example, if the evaluation code ends with exit of non-zero, it tells Automox that the device requires remediation, even if the changes have already been applied.
Solution
To resolve this, modify the Evaluation Code in the worklet to verify whether the necessary changes have already taken effect. Below is a sample script using an if-else statement:
if (Test-Path "C:\Windows\Logs\RegistrySSLTLSc.txt") {
exit 0
} else {
exit 1
}
Explanation
- The script checks for the presence of a specific file (RegistrySSLTLSc.txt) as an indicator of compliance.
- If the file exists, the script exits with exit 0, marking the device as compliant.
- If the file does not exist, the script exits with non-zero exit code (often an exit 1), indicating that remediation is needed.
Steps to Implement
- Open the Automox console and navigate to the worklet showing the "Pending Update" status.
- Edit the Evaluation Code section with the modified script above.
- Save the changes and monitor the device to confirm the updated status.
Additional Troubleshooting
- Ensure that the remediation script in the worklet creates or modifies the necessary registry keys or files correctly.
- If the status persists, review the device logs to verify that the Evaluation Code runs as expected.
Best Practices
- Use descriptive comments in your evaluation scripts to explain their purpose.
- Test the Evaluation Code on a sample device before deploying it broadly.
- Regularly audit your worklets to ensure compliance checks align with the intended remediation actions.