Getting started with the Script Library

You can use the Absolute Reach® Script Library (hereafter referred to as Script Library) in the Settings area to upload and manage scripts that you want to run on your devices.

For example, you may want to perform one or more of the following device management tasks using a script:

  • Change operating system configurations on a group of devices
  • Gather specific information from your devices in preparation for an audit
  • Perform a remedial action on a device to eliminate a potential threat

For more information, see the Absolute Remediate datasheet.

NOTE  If you want to collect user input that you can review in the Absolute console, we recommend that you use a Send Message request instead of a script. If you use a script, the Custom Device Fields may fail to be populated with the users' responses.

Absolute scripts

The Script Library contains a large collection of default scripts created by Absolute. You may want to run one or more of these scripts on your devices to perform common device management tasks. For a list of available scripts, see the Absolute Reach datasheet.

Absolute scripts have a script author of Absolute and show on the sidebar under Absolute. Absolute scripts may include a Script Variables area when you view them in the Script Library. When authorized users use an Absolute script to create a Script request, they can easily specify any required and optional parameter values in the fields in the Script Variable area.

Working with the Script Library

You can add new scripts to the Script Library and delete existing ones (excluding Absolute scripts). If you need to edit a script that you've uploaded, you need to delete the uploaded script, edit the script on your local machine, and upload the edited script.

When you upload a script, you can specify script configurations, which are saved with the script and applied when the script runs on a device.

Configuration

Options

Rights

Select one of the following options:

  • Run with system account rights: run the script using the rights associated with the local system account

    Ensure that you select this option if the PowerShell script references Absolute .dll files, as non-system accounts do not have access to these files.

  • Run with logged in user rights: run the script using the rights of the logged in user

    Ensure that you select this option if the PowerShell script requires access to the device user's data or input from the device user (such as acknowledgment of a license agreement).

Display Mode

Select one of the following options (if available):

  • Hidden: run the script in the background so it is not visible to the user
  • Maximized: show the Windows PowerShell dialog on the device
  • Minimized: minimize the Windows PowerShell dialog to the Windows taskbar

Run Condition

Select one of the following options:

  • No user is signed in: run the script only when no user is logged in
  • User is or isn't signed in: run the script regardless of whether a user is logged in
  • User is signed in: run the script only when a user is logged in

Maximum Run Time

Specify the maximum number of minutes (or hours) the script can run before it is terminated. The default setting is 120 minutes, but any value between 1 minute and 24 hours is supported.

To change this setting, enter a numerical value in the field. To change the unit of time to hours, click the Minutes field and select Hours.

Run 32-bit version

If you want to use the 32-bit version of PowerShell (x86) to run the script on 64-bit Windows devices, select the check box. If you leave the check box cleared, the 64-bit version of PowerShell is used to run the script on these devices.

Configuration

Options

Rights

Select one of the following options:

  • Run with system account rights: run the script using the rights associated with the local system account
  • Run with logged in user rights: run the script using the rights of the logged in user
Display Mode This field is unavailable for Bash Scripts
Run Condition This field is unavailable for Bash Scripts

Maximum Run Time

Specify the maximum number of minutes (or hours) the script can run before it is terminated. The default setting is 120 minutes, but any value between 1 minute and 24 hours is supported.

To change this setting, enter a numerical value in the field. To change the unit of time to hours, click the Minutes field and select Hours.

You can also specify command line parameters to apply when the script runs on a device.

After you've added scripts to the Script Library, authorized users can create a Script request to run the uploaded script on one or more of your Windows or Mac devices.

NOTE  Depending on the permissions associated with your user role, and the Absolute product licenses associated with your account, the Script Library may not be available.

Script requirements

Scripts added to the Script Library must meet the following requirements:

  • The script is in one of the following formats:
    • PowerShell script (.ps1): for Windows devices
    • Bash shell script (.sh): for Mac devices

  • The script doesn't exceed 1468 KB in size

Best practices

The following practices ensure that the script produces the desired results before you use Absolute Reach to deploy a script across your fleet of devices:

  • Add error handling to your script to help troubleshoot any issues that may arise. Script return codes show in Action History and Event History.
  • Before you upload a PowerShell script, review the PowerShell guidelines pertaining to the Absolute schema.
  • In the Absolute console, use the Run Script option to deploy the script on a small subset of test devices and observe the results.