Follow these best practices for effective use of Worklets.
The following topics are described here:
Note: The Evaluation code is run every time a device is scanned, even if a policy or worklet doesn't have an assigned schedule.
Using Device Targeting
Device targeting is recommended to ensure that a Worklet policy doesn't negatively impact an account compliance score.
Prerequisites: You have the required administrative permissions to manage Worklets.
Go to the Edit Worklet page of the policy.
-
Select Device Targeting and set the Attribute OS to match the operating system setting of the policy itself.
This device targeting setting ensures that the Worklet policy runs against devices with the same OS. Otherwise, the policy would count against the compliance score due to any Worklet failures when run against devices with different OSes.
Manually Running a Worklet
If you want to manually run a Worklet and want to include the evaluation code, using the Run Policy option requires some additional actions.
What to know: When you run a Worklet using the Run Policy option, the evaluation code is not executed. Only the remediation code is executed.
Recommendation: When you are developing and testing a Worklet and want to include the evaluation code, follow these steps:
Schedule the Worklet policy to run 10 minutes from the current time.
Perform a device scan on the testing device to make it aware of the Worklet policy change.
Monitor the results.
PowerShell Examples
Evaluation Code:
<# .SYNOPSIS Worklet to test evaluation code OS Support: Windows 8/10/11 Required modules: NONE .DESCRIPTION This script does an evaluation test to check and see if a file exist on the endpoint. If it doesn't, it will create them. .REQUIREMENTS PowerShell 2.0 .EXAMPLE .NOTES Author :Robert Eickleberry Modified By : Prerequisite :PowerShell V2 and up over Win 8/10/11 Date :16 Aug 2022 #> #variables to look for in evaluation $file = "Test.txt" $folder = "C:\Automox\" #variables combined to create test path location $location = "$folder$file" #funcation to add date and time to file function Get-TimeStamp { return "[{0:MM/dd/yy} {0:HH:mm:ss}]" -f (Get-Date) } #checks if file exist if (Test-Path -Path $location) { #if location exist, adds message Add-Content -path $location -value "$folder and $file exist. Evaluation code - Using Exit 0. $(Get-TimeStamp)" Exit 0 } else { Exit 1 }
Remediation Code:
<# .SYNOPSIS Worklet to test remediation code OS Support: Windows 8/10/11 Required modules: NONE .DESCRIPTION This script is does an evaluation test to check and see if a file exist on the endpoint. .REQUIREMENTS PowerShell 2.0 .EXAMPLE .NOTES Author :Robert Eickleberry Modified By : Prerequisite :PowerShell V2 and up over Win 8/10/11 Date :16 Aug 2022 #> #variables to look for in remediation $file = "Test.txt" $folder = "C:\Automox\" #variables combined to create test path location $location = "$folder$file" #funcation to add date and time to file function Get-TimeStamp { return "[{0:MM/dd/yy} {0:HH:mm:ss}]" -f (Get-Date) } #adds message to already existing file #if location does not exist, creates folder and file New-Item -ItemType Directory -Force -Path $folder New-Item -path $folder -name $file -type "file" #after folder and file is created, adds message Add-Content -path $location -value "Created folder $folder and file $file via Remediation Code. $(Get-TimeStamp)" Exit 0