You can control the Automox agent installation using the command line. The following topics are described here:
- Operating System Install Locations
- Command Line Help
- Setting the Zone Access Key
- Assigning a Group to a Device
- Deregistering a Device
- Checking for Device Compatibility with Automox
- Redirect Agent Output to stdout of a Console
- Setting the Directory for Executing Scripts
- Reinstalling the Automox Agent
Operating System Install Locations
Based on the operating system, the Automox agent installs to these locations:
macOS
/usr/local/bin/amagent
Windows
C:\Program Files (x86)\Automox\amagent.exe
Linux
/opt/amagent/amagent
Command Line Help
--help
Basic help information for command line options can be found by executing the following:
amagent --help amagent -h
Setting the Zone Access Key
--setKey
The access key binds the agent and device to a specific zone (formerly called organization) in the Automox console. This command can be used to move a device from one zone to another, or to change the zone if an incorrect access key was provided during installation.
Follow these steps:
-
Deregister the device and set the new access key. See Managing Keys for information about access keys.
<path to amagent>/amagent --setkey <NEW_ZONE_ACCESS_KEY>
Restart the Automox agent.
Linux:
sudo service amagent restart
macOS:
sudo launchctl kickstart -k system/com.automox.agent
Windows:
net stop amagent net start amagent
Assigning a Group to a Device
--setgrp
This command defines the Automox group that this agent should be placed in when it first connects with the Automox platform. This allows you to easily add the device to a group and is a no-touch way to specify the policies you want to add to the device. When using the --setgrp
flag, you must predefine the Default Group/ to the group name that you are providing to the setgrp command. When specifying groups, remember to separate them with a forward-slash / character.
Follow these steps:
To set the device group to the Engineering group, issue the following command:
amagent --setgrp 'Default Group/Engineering'
(macOS and Linux)amagent --setgrp "Default Group/Engineering"
(Windows)Deregister the agent:
amagent --deregister
Restart the Automox Agent:
Linux:
sudo service amagent restart
macOS:
sudo launchctl kickstart -k system/com.automox.agent
Windows:
net stop amagent net start amagent
Deregistering a Device
--deregister
When the Automox agent runs for the first time, it establishes an identity with the Automox servers using public-key cryptographic methods. If you ever need to reset the agent and have it re-register as a new device, you can deregister the agent.
Checking for Device Compatibility with Automox
After a device is connected, Automox runs a compatibility check to ensure that we can successfully manage the device. Each operating system has its own compatibility checklist. For more details about what is passing or failing on the compatibility check, click the Review Checklist link to view the Compatibility Checklist in the Device Details page in the Automox console. To perform this check directly from the device via the agent command line, issue this command:
For Agent Versions 1.43.142 and Earlier
amagent --checkcompat
For Agent Versions 1.44.5 and Later
amagent selftest
Redirect Agent Output to stdout of a Console
This command runs the agent in the current console. Logging is piped to stdout.
Note: Before running with this command, it is recommended that the agent service is disabled.
amagent -c
Setting the Directory for Executing Scripts
The Automox agent uses scripts to execute most of its functions including scanning and patching. These scripts execute from a fixed directory on the local device. By default this is set to the following locations:
Windows: C:\ProgramData\amagent\
macOS: /Library/Application Support/Automox/
Linux: /var/lib/amagent
If you prefer these actions to run from a different default path, that can be set using an agent command on the device (--setexecdir
). The next time the Automox agent service is restarted, it will use the newly specified location for running its scripts. Some endpoint security applications block scripts that don't originate from a designated location. So the most common reason to modify this setting is to move it to a trusted or preferred directory for your security software.
Note: For macOS, do not set the execdir to any directory or subdirectory of a user’s Desktop, Downloads, or Documents folder. Temporary directories created for executing commands are not cleaned up if they are in an OS protected special location. See also Control access to your files and folders on Mac.
Output from amagent --help
:
automox@ubuntu:/opt/amagent$ ./amagent --help amagent 1.0-28 (go1.12.4) Copyright (c) 2019 Automox, Inc.usage: [--setkey <accesskey>] Sets the access key [--setgrp <groupname>] Sets the initial group name [--setexecdir <directory>] Sets the temporary directory to execute scripts from [--deregister] Deregisters this server from Automox [--checkcompat] Checks the compatibiltiy and connectivity with Automox server # Only versions 1.43.142 and earlier [selftest] Checks the compatibiltiy and connectivity with Automox server # Only versions 1.44.5 and later [-c] Runs the agent in the current console. Logging is piped to stdout. # (It is recommend to disable the agent service before running with this command) [-h | --help] Displays this message
Note: To restore the default, you can set the original directory path in the same manner as a new one.
Reinstalling the Automox Agent
To reinstall the Automox agent, ensure that the agent has first been deregistered and then removed.
Deregister the agent as described here in Deregistering the Agent.
Remove the agent. See Removing the Automox Agent.
Follow the instructions in Installing the Automox Agent for your device.