Follow these best practices for effective use of Worklets.
The following topics are described here:
Worklets will always run the Evaluation code - even if a policy doesn’t have an assigned schedule.
Using Device Targeting
Device targeting is recommended to ensure that a Worklet policy doesn't negatively impact an account compliance score.
Prerequisites: You have zone administrator or zone operator permissions.
Go to the Edit Worklet page of the policy.
-
Select Device Targeting and set the Attribute OS to match the operating system setting of the policy itself.
This device targeting setting ensures that the Worklet policy runs against devices with the same OS. Otherwise, the policy would count against the compliance score due to any Worklet failures when run against devices with different OSes.
Manually Running a Worklet
If you want to manually run a Worklet and want to include the evaluation code, using the Run Policy option requires some additional actions.
What to know: When you run a Worklet using the Run Policy option, the evaluation code is not executed. Only the remediation code is executed.
Recommendation: When you are developing and testing a Worklet and want to include the evaluation code, follow these steps:
Schedule the Worklet policy to run 10 minutes from the current time.
Perform a device scan on the testing device to make it aware of the Worklet policy change.
Monitor the results.
PowerShell Examples
Evaluation Code:
<#
.SYNOPSIS
Worklet to test evaluation code
OS Support: Windows 8/10/11
Required modules: NONE
.DESCRIPTION
This script does an evaluation test to check and see if a file exist on the endpoint. If it doesn't, it will create them.
.REQUIREMENTS
PowerShell 2.0
.EXAMPLE
.NOTES
Author :Robert Eickleberry
Modified By :
Prerequisite :PowerShell V2 and up over Win 8/10/11
Date :16 Aug 2022
#>
#variables to look for in evaluation
$file = "Test.txt"
$folder = "C:\Automox\"
#variables combined to create test path location
$location = "$folder$file"
#funcation to add date and time to file
function Get-TimeStamp {
return "[{0:MM/dd/yy} {0:HH:mm:ss}]" -f (Get-Date)
}
#checks if file exist
if (Test-Path -Path $location)
{
#if location exist, adds message
Add-Content -path $location -value "$folder and $file exist. Evaluation code - Using Exit 0. $(Get-TimeStamp)"
Exit 0
}
else
{
Exit 1
}
Remediation Code:
<#
.SYNOPSIS
Worklet to test remediation code
OS Support: Windows 8/10/11
Required modules: NONE
.DESCRIPTION
This script is does an evaluation test to check and see if a file exist on the endpoint.
.REQUIREMENTS
PowerShell 2.0
.EXAMPLE
.NOTES
Author :Robert Eickleberry
Modified By :
Prerequisite :PowerShell V2 and up over Win 8/10/11
Date :16 Aug 2022
#>
#variables to look for in remediation
$file = "Test.txt"
$folder = "C:\Automox\"
#variables combined to create test path location
$location = "$folder$file"
#funcation to add date and time to file
function Get-TimeStamp {
return "[{0:MM/dd/yy} {0:HH:mm:ss}]" -f (Get-Date)
}
#adds message to already existing file
#if location does not exist, creates folder and file
New-Item -ItemType Directory -Force -Path $folder
New-Item -path $folder -name $file -type "file"
#after folder and file is created, adds message
Add-Content -path $location -value "Created folder $folder and file $file via Remediation Code. $(Get-TimeStamp)"
Exit 0
Comments
0 comments
Article is closed for comments.