Hello everyone. I work for a large organization and have been tasked with trying to identify which users are using which license key for Adobe Acrobat. There have been a several purchases over the years, using different Adobe accounts.
I’ve encountered many issues such as:
Acrobat sometimes doesn’t remove the .swidtag upon uninstalling.
Acrobat is sometimes licensed under a CreativeCloud .swidtag file.
When computers have had differing versions/licenses installed over the years, it can get quite complicated to tell what’s going on.
Here’s where I couId use some help. I need to poll relevant info out of all of Adobe’s .swidtag files on the computer.
I need to then evaluate Criteria A against all of those files, and if any file matches Criteria A, then report Result A, and not report the status of any other .swidtag files. If no file matches Criteria A, then move on to Criteria B/Result B. If no file matches Criteria B, then move on to Criteria C, and on and on.
WHERE I NEED HELP
My current analysis runs every file through the Criteria chain, meaning that I get multiple results if I have multiple .swidtag files. I only want one result.
EDIT: Code block
(if exists it whose
(item 0 of it ... and item 1 of it ... and item 2 of it ... and item 3 of it ...)
then "LICENSED: ACCT #" else
if exists it whose
(item 0 of it ... and item 1 of it ... and item 2 of it ... and item 3 of it ...)
then "LICENSED: ACCT #" else
etc.....
)
of
(/*Item 0*/ version of regapp "acrobat.exe",
/*Item 1*/ name of it as lowercase,
/*Item 2*/ node value of child node of selects "/swid:software_identification_tag/swid:license_linkage/swid:activation_status" of xml documents of it,
/*Item 3*/ node value of child node of selects "/swid:software_identification_tag/swid:serial_number" of xml documents of it)
of files whose ((it contains "acrobat" or it contains "creative") of (name of it as lowercase)) of folders "C:\ProgramData\regid.1986-12.com.adobe")
You should build analysis properties to get the raw data you need, and potentially to separately pull only the latest tag for each, but then a lot of that correlation you should instead do in session relevance for reporting. You can do some correlation type work in regular relevance if you must, but get the raw data first.
This is good stuff @jgstew. It will take me some time to go through all of that and adapt for my needs. https://bigfix.me/analysis/details/2994777 seems most relevant and largely mirrors what I’m looking at. Of the cache.db files I’ve looked at, none of them have encrypted serials. Nor do the Oobe logs.
Also, you’re probably right about going the session relevance route as my current analysis is expensive for BESClients.
However, I think I’m going to be facing the same issues in session relevance. I still need to take a plural result and output a singular result where
if (any one or more results of a plural result) matches RelevanceA, then output ResultA and stop evaluation
else if (any of plural result) matches RelevanceB, then output ResultB and stop evaluation
else if ...
EDIT: Maybe something like this? Though I think it will still give me multiple results.
if NOT exists it whose (RelevanceA) then (
if NOT exists it whose (RelevanceB) then (
if NOT exists it whose (RelevanceC) then (
... )
else ResultC)
else ResultB)
else ResultA) of (plural object)
I learned about the “tuple string items” inspector. Then it was a matter of turning each tuple of the plural result into a single string, and then concatenating the strings. So now my relevance looks like this:
(if exists (tuple string items of it) whose
(tuple string item 0 of it ... and tuple string item 1 of it ... and tuple string item 2 of it ... and tuple string item 3 of it ...)
then "LICENSED: ACCT #" else
if exists (tuple string items of it) whose
(tuple string item 0 of it ... and tuple string item 1 of it ... and tuple string item 2 of it ... and tuple string item 3 of it ...)
then "LICENSED: ACCT #" else
etc.....
)
of
(concatenation ", " of
( "( " & Item0Relevance as string & ", " &
Item1Relevance as string & ", " &
Item2Relevance as string & ", " &
Item3Relevance as string & " )") of files of folder "...")