I would like to know how to setup BigFix clients (our Windows servers) so that the CA antivirus signatures get updated on locked machines. We would like to have the BigFix client on all our Windows servers so that we can use the BigFix antivirus product; but we want to keep these machines locked so that patches cannot be inadvertently applied.
Not allowing any updates is definitely the intended behavior of the locking scheme, but luckily we thought ahead on this and we do allow you to exempt actions from specific sites.
Go to your BES Admin Tool.
Click “Edit Masthead” on the second tab
Add an “action lock exemption”. For BigFix Antivirus from CA, you will use the url:
I like this idea and would like to see some added functionality.
How would you add more than one URL, can this be a pick list or drop down instead?
Instead of adding a whole site in as an exception as this seems to be mean all fixlets are allowed to be deployed regardless of lock status.
How about I create a custom site and I can import in any content I need pushed out to locked machine. This seems to narrow the scope down a bit to what is allowed and make this the exception site.