Curious, Has anyone found a way to automatically disable a BigFix Console operator account if the account has not been used in a predetermined period of time. Our use case is to find a automatic way to disable console operator accounts that have not logged into the console in 45 days.
I’m pretty sure we could whip up something for that in the REST API, but usually we’ve relay on disabling the unused accounts on the LDAP / Active Directory backbend instead.
Centralized authentication & access control is most of the reason for using LDAP in the first place?
Thanks for the quick reply. In this use case, the console operator may have moved to a different department, but is still a active employee so thier AD account would still be valid.
Again, there’s nothing built-in for this, and how much you wish to automate will depend a lot on your comfort level with the REST API and custom scripting.
As a starting point, you might set up a custom Web Report to report on these. From Explore Data → Custom, you could create a custom report with this tag to create a table of only the ‘old’ accounts:
<?relevance table "border=all" of (tr of concatenation of tds of ("name";"link"; "last login") & concatenation of trs of ( (td of name of it & td of link of it & td of (last login time of it as string | "none")) of bes users whose (now - last login time of it > 45 * day)) ) ?>
In the Preview, that generates a table that should look something like
You can save that as a Custom Report, and then configure it to run on a schedule. From the ‘Report List’, find your new custom report and in the ‘Scheduled’ column click ‘No’ to schedule the report
You can set up a daily schedule, check the box for ‘Only archive or send mail when the report changes’, and you’ll get a new message as each account hits its 45-day mark.
I do see a pretty serious limitation here, though - I don’t see any properties for ‘bes user’ we can use to see which accounts are already disabled in the Console. Please submit an ‘Idea’ for that, or I’ll end up submitting one myself (but it may take a while before I get 'round to it).
1 Like