Action Lock Exemptions

system · January 13, 2010, 12:04am

(imported topic written by SystemAdmin)

I would like to add a custom site to the “Action Lock Exemptions” in the masthead. What is the proper syntax for doing that?

I created the site (sanitized for this forum): “Site X”

I added the following (sanitized for this forum), which I pulled out of the http://127.0.0.1:52311/cgi-bin/bfenterprise/besgathermirrornew.exe

http://bigfix:52311/cgi-bin/bfgather.exe/CustomSite_Site_X

I tested and the action is coming up with locked

BenKus · January 13, 2010, 12:00pm

(imported comment written by BenKus)

Hey Kevin,

Unfortunately, I don’t think you can use lock exemptions on custom sites… you might try using this trick instead:

http://forum.bigfix.com/viewtopic.php?id=746

Ben

system · January 13, 2010, 6:42pm

(imported comment written by SystemAdmin)

Hello Ben,

To implement something like that would not work for us. What we have is a few hundred locked Unix/Linux machines that never want to be patched, although we want these machines to run policy actions (relay affiliation, dynamic bandwidth throttling… and many others). If I setup that registry key for my Windows account, all of my actions are going to execute against locked machines. Our corporate policy will not allow us to create a generic Windows account used for login purposes, so we can set this like that. Essentially this setting is per user, while I need it per site. Is there any other way around this? Why can’t we use lock exemptions on custom sites?

Thank you,

Kevin

BenKus · January 14, 2010, 1:52am

(imported comment written by BenKus)

Hi Kevin,

I spoke with some of our developers and they think that custom site lock exemptions actually will work…

If the custom site name was “bob”, the url should look like:

http://servername:52311/cgi-bin/bfgather.exe/CustomSite_bob

Ben

system · January 14, 2010, 9:24pm

(imported comment written by SystemAdmin)

Hello Ben,

As you see from my first post, this is what I tried. That didn’t work. I used the dns name we have configured Bigfix with instead of the servername. Would that make a difference? We pulled this value from the “Gather Status Report”.

Can you duplicate this on your side?

Thanks,

Kevin

BenKus · January 15, 2010, 9:58am

(imported comment written by BenKus)

Hey Kevin,

You should use the dns name from the masthead… We did test this and it worked…

Are you using “Efficient mime” (which is what we tested)?

Ben

system · January 15, 2010, 9:28pm

(imported comment written by SystemAdmin)

Hello Ben,

We have efficient MIME set. I tried this again with no success. Here is what I am doing.

Create a site called LockOverrideContent
Subscribe one client to the LockOverrideContent site
Create a copy of the Force client to run AutoSelection task and place it in the LockOverrideContent site
Open the admin tool and edit the masthead (Action Lock Exemptions), with the entry I get from the Gather Status Report: http://dnsname:52311/cgi-bin/bfgather.exe/CustomSite_LockOverrideContent
Make sure my client has the latest actionsite.afxm and the http://dnsname:52311/cgi-bin/bfgather.exe/CustomSite_LockOverrideContent entry is in there.
Lock the client that I subscribed to the LockOverrideContent site
Issue an action from the Force client to run AutoSelection in the LockOverrideContent site
Status = Locked

Any ideas?

system · January 19, 2010, 7:27pm

(imported comment written by SystemAdmin)

Any word on this?

BenKus · January 20, 2010, 3:29am

(imported comment written by BenKus)

Hey Kevin,

Do you mind attaching the Action XX.fxf file from your __BESData\actionsite folder where XX is the number of the action you took?

Ben

system · January 27, 2010, 7:21pm

(imported comment written by SystemAdmin)

Hello Ben,

Sorry, as you know we have been dealing with some other problems lately, and I was traveling. I am emailing this to you now.

Thank you,

Kevin

BenKus · January 28, 2010, 7:26am

(imported comment written by BenKus)

Hey Kevin,

We looked into this more and unfortunately we do not believe that custom sites will work with lock exemptions in the version you are using. When we ran the tests previously, we were using a newer development build, which had some changes in this area that we didn’t realize.

Sorry for the confusion… I am trying to think of another way to make this work for you, but I can’t think of anything except the console lock exemption that you said was not a good idea.

Ben

system · January 28, 2010, 9:06am

(imported comment written by SystemAdmin)

Hello Ben,

The console lock exemption is not going to work for us.

Is this change on the roadmap, if so when can we expect to see it?

Is there anyway that I can create content in the BES Support site, which goes around the locks?

Thank you,

Kevin

BenKus · January 30, 2010, 5:02am

(imported comment written by BenKus)

Kevin,

I think the best thing to do will be to contact BigFix Professional Services and we can publish your Fixlet in a Fixlet site that you can add as a lock exemption.

Thanks,

Ben