How can i create a custom “Analyses Relevance” that will allow me to view the running services, program installed together with their version and the windows patches that are install/not install on a particular client machine?
related to Bigfix Fixlet Authoring. There are some nice training guides available there as well as help files and a very nice QNA tool that I use to work through relevance.
Client Relevance Helpfile - I use this daily to review the definitions of the various questions that can be asked.
QNA fixlet debugger - invaluable when trying to get just the right answer to come back.
In order to create a new analysis from the console I would select Tools --> Create new Analysis.
Then for each of the fields you want to see information on I would create some amount of relevance in the fixlet debugger before inputting the relevance into the analysis.
Services - From the help file here are a few examples.
running services
//Returns a list of all the currently running services. expand environment string of ( image path of service
"AudioSrv”)
//Returns a path name for the Windows Audio service, such as C:\WINDOWS\System32\svchost.exe -k netsvcs. (DISPLAY name of it, security descriptor of it ) of service
“TapiSrv”
//Returns a value such as ‘Telephony, D:(A;OICI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;OICI;CCLCSWRPLO;;;BU)’.
Programs Installed - More examples from the help file, but if you have the inventory and license site on your infrastructure then I would suggest using that.
application
“qna.exe” of parent folder of application
“bigfix.exe” of the registry
//Using the application of folder creation method, this example locates the ‘sibling’ application qna.exe provided it exists in the same //folder in which the registered application ‘bigfix.exe’ is installed. exists application
“notepad.exe” of the windows folder
//Using the application of folder creation method, this example locates the notepad application provided it exists in the Windows folder. name of application
“print” of key
“HKEY_CLASSES_ROOT.gif” of registry
//Returns the name of the application currently responsible for printing gif files. name of application
“print” of key
“HKEY_CLASSES_ROOT\giffile” of the registry
//The same as above when the default value of the key HKEY_CLASSES_ROOT.gif contains giffile. These two examples demonstrate the method //used by Windows to maintain file associations in the registry. application of key
“HKEY_CLASSES_ROOT\mailto” of the registry
//This example returns the application responsible for handling mailto requests in your web browser. names of regapps
//Primarily used in QnA to obtain lists of applications installed under the “app path” key of the registry.
byte 0 of regapp
“bigfix.exe” = 77
//TRUE if the first byte in the specified file is ASCII 77. regapp
“IEXPLORE.EXE”
//Returns the application object associated with the named registry key. Checks to see if the executable exists and if so, returns the //application object. Case is ignored. exists running application whose (name of it as lowercase is
“winword.exe”)
//Returns TRUE if Microsoft Word is currently executing.
Windows Patches installed - I can’t help but thinking that this data is already gathered for you in the Bigfix console. I would also recommend reviewing Web reports as a good option for reporting on all of this information.