Automox Script Overview: Remove Devices That Have Been Disconnected Longer Than X Days

A

common request we get is to remove old devices from the console, especially ones that might have been re-imaged. Currently you can do this on the Devices page by sorting by Last Disconnected Date and selecting devices to remove. However, this can become unwieldy if you have pages and pages of devices to remove.

This script automates the removal using an API call to check the last disconnected date and remove any devices older than the number of days you specify in the code.

There are four areas in the code you’ll need to update to get the script to function:

  • $orgID = 'YOUR_ORG_ID' - put your Org ID, which can be found by looking at the URL of your console and selecting the value after the “?o=”: https://console.automox.com/dashboard?o=999999. In this example URL, the Org ID is the 999999 portion.
  • $apiKey = 'YOUR_API_KEY' - in your console, go to Settings->API and select the API key. Note that the API key is per admin user, so you and another admin in your console will have different API keys.
  • $maxDays = 120 - any device that has been disconnected for more than 120 days will be deleted from the console. You can adjust this to the number of days you prefer.
  • $logPath = 'C:\temp\' - set this to the folder of your choosing

Once you’ve made those four changes, you can run the script below on any Windows device using Powershell.

Note: This script will automatically remove devices from your console and this is not a reversible operation. Any device that you remove unintentionally using this script will have to have the agent reinstalled to return it to your console.

If you wish to run the script in a test mode to see what will be deleted, you can uncomment this line:

#echo "device: $serverName `t last disconnected date: $lastCheckin `t days disconnected: $span.Days"

and comment out the line that does the deletion:

$delResponse = Invoke-WebRequest -UseBasicParsing -Method Delete -Uri $delURI

That will show you a list of all your devices with the date of last disconnect and number of days since that disconnect, and which devices would have been deleted by the script.

To run this script, use the remediation code script located here in the original posting on the Automox community.

About Automox Automated Patch Management

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

More posts like this:

CybersecurityWindowsWorklets