Schedule script within script/remediation/api

We are attempting to create a role detection harness to apply some specific script based monitors when an asset is detected with said role.

The detection part has been simple by doing said detection and setting a custom field to true on the asset.

We’re struggling to find an automated way to create a script schedule when this custom field is checked. We’ve examined both searches and remediation - neither of which can do what we’re after.

It also doesn’t appear that we can create them via the API.

Has anyone figured out a way to do this?

1 Like

Perhaps you can do something similar to how I have our weekly reboots set. You run it on all, but have it exit if it doesn’t apply. Here’s my script you can possibly adapt. The checks for the field is either yes or no, and I believe 1 and 0 work as well.

I considered that solution but we’ve got hundreds of monitors to implement and I figured that would pollute the vast majority of agents.

We’re also considering instrumenting the windows task scheduler but only as a last resort.

I don’t think there’s an easy way to do this. Scheduled scripts are either on individual assets or in policies. You could audit, then create policy folders based on the roles and apply specific policies to those folders that would have your monitors. A saved asset search would allow you to filter and apply scripts, but these are not dynamic groups, so the schedule gets applied directly to the assets and no way to bulk remove either. Dynamic groups with search filters is what you really need for automating this.

Unfortunately AFAIK there is no way to do what you want. You’re certainly not the only one that wants it. We’ve been asking for dynamic/filter/search based assignment of things since Syncro has existed but when they had the chance to do it with revamping policies, they chose not to, so I don’t see it happening anytime soon. You have to use policies and apply them manually to device types and/or have scripts exit out if they don’t apply to a device. I use a combination of both. I don’t think there’s any way to have a script detect what policies/script schedules are assigned to it either as that information doesn’t seem to be stored on the device.

You won’t really be able to trigger script runs based on a record action, like setting a custom field value to or from X. That said, if you know a subset of your assets will always be firing those scripts, you could schedule the script globally (against all assets), pull the value of that custom field into the script (which we do support today), and then just conditionally run the script based on said value.

I actually got this functionality to work. We have a script that runs once a week and checks or unchecks an Asset Custom Field. Then we have a scheduled PowerShell script that runs every 15mins and references the Custom Asset Field against an If Else statement which, if True, send an Alert with a unique message in the body. Then we have Auto Remediation kick in and run a script that checks the service/process/whatever else you want.

That is a horribly kludgy, inefficient solution, but I guess it works LOL. If I’m following, basically you’re running one script all the time that conditionally kicks off other scripts instead of all the scripts all of the time (but probably more often than they need to be cause you can’t schedule them)? Just think how much overhead Syncro wastes with all this kludgy stuff we have to do to make things work the way they should!

Yeah working it through Automated Remediation with custom alerts and having that trigger out other scripts can be extremely powerful. Good stuff.