Hi All.
I’m new in BigFix, I just know how to create basic Fixlets and tasks.
Well, is there a way to create a fixlet and task that runs each time when a new server appears in bigfix?
If it is possible, please let me know how.
Can this be do it creatin a new Baseline and add all the necessary Fixlets or task to it?
Thanks in advance and have a nice week,
Angel Biurrun Cabrero.
You can indeed set up an endless action to deploy a baseline (just make sure it doesn’t expire and will reapply whenever relevant). The only question is how do you want to trigger it to deploy to new servers? Obviously you have to have the BES client installed first. But do you want it to run against any Windows Server OS instance it sees? A particular OU? Some other trigger or constraint?
Hi @Sophia.
Thanks for your Answer.
Answering your questions:
The only question is how do you want to trigger it to deploy to new servers? I want to trigger when a new server installed BES client and come a part of the BigFix inventari. The idea is that trigger activate automatically and the baseline run by itself, without user action.
Do you want it to run against any Windows Server OS instance it sees?
Yes, I need to install another agents after BES client. WS2012 (all versions), WS2016, WS2019 and WS2022.
I will apreciate all the help that you can give me.
Have a nice week,
All you need to do is, define what you want to apply. Then create as many fixlets as you need. In parallel you also need to define how do you want to verify those settings to include and exclude through relevance, along with confirming which devices you want it applied to and which ones do not.
For me. I have around 3 baselines that apply to all new servers that join. One applys to all servers regardless, and then verifies the settings in relevance. I then have two more baselines that apply, one for DMZ, and one for everyting else.
So it’s pretty simple, you create a baseline with whatever fixlets/tasks in the order you want them to install. Make sure they all have actions selected (usually default action). You’ll also want to make sure that the relevance for each component is something that changes on a successful install. If you have a task that just runs on a given condition you can find that potentially looping and that’s bad mmk.
Once the baseline is created, deploy it with no expiration and set is reapply whenever relevant. Target dynamically by property > by retrieved properties > by OS type > server (assuming you don’t have non-Windows servers, but it’s also pretty safe because any good fixlet/task does its own OS check before running). If you don’t have ‘by OS type’ you’ll need to go to ‘computers’ and right click on the headings bar and search for ‘OS type’ which should be in the ‘BES Inventory and License’ site. If you don’t have that module you can create the analysis property from scratch. There’s a couple ways to do that which you’re probably better looking up a guide on creating properties, but the relevance for it is:
if (name of operating system as lowercase starts with "win") then (if (name of operating system = "Win95" OR name of operating system = "Win98" or name of operating system = "WinME") then "Workstation" else (if (value "ProductType" of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions" of registry = "WinNT") then "Workstation" else "Server")) else "Unknown - " & name of operating system
Bear in mind that if you update the baseline you will have to stop the action and set it up again.