Has anyone ever seen this situation? BigFix support says that it is unique to our environment.
Every installation of the BigFix client in our environment has had the local security permissions on the folder “C:\Program Files\BigFix Enterprise\BES Client” modified. Only local administrators and System has access to the folder. We are not modifying the install in anyway and are not changing the local folder permissions. Something is doing it but I have no idea what. If we didn’t do it and BigFix support says that the install didn’t do it, what could it be?
Even on a fresh install of the client, it is like that. Has anyone ever seen that before??
All our systems are set that way as well (xp, vista, win7, w2k3, w3k8). I can also say we did not and do not change the permissions on the folders. I would agree that the installer has to be doing this.
Support was incorrect. The BigFix Agent installer attempts to secure itself by only allowing Admins/System to access the folder to prevent someone from replacing the agent files (which would effectively give the that user admin control of the computer).
I don’t think the msi installer currently sets the same permissions, but I believe that will be fixed in the next version.
Is this causing you an issue?
Can you please send me your support case # and I will speak with the support technician?
This all came about when I was trying to run an actionscript that creates a .reg file, and then uses runascurrentuser to execute the file. The problem was that the current user could not navigate into the BES Client folder to get the .reg file.
I think my work around will have to be to move the .reg to somewhere else, run cacls on it to give everyone permissions, and then execute it.
The frustrating thing is that I see people in the forum doing exactley what I am doing without any issues, so I begin to wonder if their folder permissions are different from ours (even though, as you know, we did nothing to modify them).
Ah… Yes… You are correct and that would be an issue… It is possible that people used the MSI installer which does not make the same permissions changes in the current version (7.2)… but it certainly is an annoying inconsistency which should be fixed shortly…
Your solution of moving the file seems like a good workaround to me…
This all came about when I was trying to run an actionscript that creates a .reg file, and then uses runascurrentuser to execute the file. The problem was that the current user could not navigate into the BES Client folder to get the .reg file.
I think my work around will have to be to move the .reg to somewhere else, run cacls on it to give everyone permissions, and then execute it.
The frustrating thing is that I see people in the forum doing exactley what I am doing without any issues, so I begin to wonder if their folder permissions are different from ours (even though, as you know, we did nothing to modify them).
Yeah normally we have a software install folder somewhere layered down that has modify rights. We move everything there that has to be run as current user.
Use the “move” actionscript command prior to executing a command. This is always a good practice as running an executable from where it is downloaded to can cause issues with other actions being able to be run.