Getting Started with WDK!
Summary
Below, we'll dive into an example of how WDK can be implemented to reduce the complexity and time investment required to perform a common workplace automation task: uninstalling an application. In our example, we'll be removing Mozilla Firefox.
Prerequisites
If you'd like to replicate this behavior in your own Automox environment, please ensure the following prerequisites are met:
- The device(s) targeted meet the Automox system requirements .
- The device(s) targeted have Mozilla Firefox installed.
- You have an Automox Console account with the appropriate permissions to create, read & execute Worklet policies ( Patch Operator and higher ).
Creating the Policy
- Head to the Automox Console and sign in with an account holding the required permissions outlined in the Prerequisites section.
- Create the base Worklet policy, providing the name and targeting options for both operating system and Automox device group(s). For further guidance on creating a Worklet policy, please refer to Creating a Worklet .
-
For our example, we'll be creating a Worklet that can be
manually
run to perform a Firefox uninstall. Considering this, our
evaluation
code can simply be
exit 0
. -
For our
remediation
code, we'll implement the
Get-Win32App
andRemove-Win32App
WDK functions to locate the app and attempt the removal:
# define our application name
$appName = 'Firefox'
# get matching apps
# using the -IncludeUsers parameter allows us
# to also retrieve matching installs from each
# user's profile
$apps = Get-Win32App -IncludeUsers | Where-Object { $_.Name -match $appName }
# enumerate the collected apps
foreach ( $app in $apps )
{
# evaluate if we CAN uninstall the app
# in some cases, software manufacturers
# do not provide the required arguments
# to SILENTLY remove the application
if ( $app.CanQuietUninstall )
{
# uninstall the application
$app | Remove-Win32App
}
else
{
# generate activity log output if we
# cannot uninstall the application
out "$( $app.Name ) cannot be quietly uninstalled."
}
}
- Create the policy by selecting the Create Policy button at the bottom of the page.
Testing the Policy
Now that we have our shiny new policy created. It's time to test it!
To do this:
- Navigate to Devices and select a device you'd like to perform this uninstall for.
- Scroll down to the Associated Policies area, and select Run on this Device to the right of your newly created Uninstall Firefox policy.
- Now let's head over to the Activity Log and review the output.
Reading the Output
Let's take a look at our Activity Log output. Select Reports from the top navigation menu then select Activity Log from the Reports page.
In the Activity Log, we'll now see some output generated:
Mozilla Firefox (x64 en-US) cannot be quietly uninstalled.
Unfortunately, it looks like in this case Firefox cannot be uninstalled without some additional input. Let's insert the silent uninstall switch, via Remove-Win32App
's -AdditionalArgs
switch.
Providing the Silent Switch
Heading back to our Uninstall Firefox policy page. Let's tweak the Remediation code to perform this install silently. Since we're now providing known arguments to perform the removal, we're able to significantly shorten our code:
# define our application name
$appName = 'Firefox'
# locate and remove mozilla firefox, silently
Get-Win32App -IncludeUsers | Where-Object { $_.Name -match 'Firefox' } | Remove-Win32App -AdditionalArgs '/S'
Rerunning the Policy
Now let's head back to the device page where we performed the manual policy run in Testing the Policy. Run the policy again via the Run on this Device button.
Reading the Output .. Again!
Now once more, let's review our Activity Log output. We now see the uninstall result has been output as follows:
Name ExitCode UninstallerPath UninstallerArgs
---- -------- --------------- ---------------
Mozilla Firefox (x64 en-US) 0 C:\Program Files\Mozilla Firefox\uninstall\helper.exe /S
The column ExitCode
value of 0
indicates our uninstall was successful - Firefox is no more!
Next Steps
This document is intended to be a simple example to demonstrate WDK capability. This simple policy could be enriched to, for example:
- Detect in the Evaluation script if the application is installed. Through this we can establish a state of "compliance" around our policy.
-
Consider the
ExitCode
value returned from ourRemote-Win32App
function, thus comparing to ensure our uninstall was successful.