BigFix IT Contest Winners

(imported topic written by Tabby91)

Congratulations to Stacy Lee from , winner from the West Coast and to Curt Hudson from representing the East. Ivy Towns from and Ernest Franzen from received honorable mentions and a $50.00 gift card for their entries.

Here are some of the ways you are using BigFix to make your lives a little easier. Thank you for your participation in the contest and for continually pushing our technology out in front. We have removed references to company names.

BigFix IT Contest Sample Entries:

Inventory and Config Management

Our company bought hundreds of network attached storage devices to be installed across the nation. These storage devices were designed to hold critical data to be used in the event of an investigation. The problem with these devices was that there was no remote management software available to be used with them. So we didn’t know that hardware was going bad until it was too late. The machine would crash and we would lose all of the critical data. Enter Bigfix! I was able to write a retrieved property that reads the event log and adds the computer to a particular automatic group. Now with a quick glance, I can determine which machines have failing hardware and get them fixed before the data is lost. The value of this BigFix feature alone cannot be quantified. It is an enormous help that has immeasurable benefits for the company and the nation (our customer). In fact, we are now in the process of using the retrieved property to replace some malfunctioning network monitoring software that we have in place for other machines. Rather than spending the money on support to attempt to get it fixed, we can use BigFix. We have also been able to use it for configuration management to ensure our machines are using the correct version of files and services. In the past, we wouldn’t know about the incorrect version until after we were told by our customer that something wasn’t working, which wasn’t good for our reputation. Now that we have BigFix, we are able to spot these configuration mistakes before any customer realizes something is wrong. This is great for the reputation of my manager, which is good for me. BigFix has paid for itself many times over and we haven’t yet discovered its full potential. There is always something new to learn with BigFix and always a way to solve any problem.

Virus/Trojan/Detection

We had 2 departments on campus compromised on separate occasion but hit very badly. In each case the departments were comprised with several worms/Trojans/viruses. We wrote up more 30 properties into analyses for each department to look for all the suspected infections the computers were hit with. The data was accessible though Web Reports (this was before BigFix has email capability in Web Reports) the Managers of the departments could see the number of infected machines and watch the progress as Desktop Support Personal fixed computers identified in BigFix.

License Compliance

We were working with Microsoft to identify how many computers were running Office to make sure we were in license compliance and also to work on upgrades to Office 2007. We created and Analyses to identify how many computers were running and what versions. Within an hour we had a majority of the computers check in and posted their results. To our surprise some users were still running Office 97. BigFix quickly helped us identify how many computers we had and licenses we need to purchase. Prior to BigFix this would have been a guess of how many people worked in ITS and a computer count of desktops, both greatly inaccurate.

IE 7 upgrade Panic

I had Executive Directors and others tracking me down in a panic when IE 7 was released through windows update. The fear was that a number of applications were web based and if desktops were upgraded to IE 7 Web Applications could break. They asked me “can BigFix help us with this situation?” I smiled and calmly said what would you like to do? We compromised and on a department by department basis we deployed the BigFix fixlet to Block the automatically delivery of IE 7. As well I setup analyses to check for IE versions running on Campus (I edited the result to only show me major IE versions by the first 3 characters since there were multiple IE 6 versions floating around.) I setup web reports and had the report emailed out daily (with the nice PIE chart) to the executives and other concerned people so they can see as the IE 7 numbers rise if there were any increase calls to help desk on Web Applications breaking.

Final note: I calmed down the frantic people and BigFix made me look like a HERO.The directors loved the email with the nice pie chart they thought it was the coolest thing.

Spy Sweeper corrupting XP registry

ITS Desktop services were seeing a rise in XP machines becoming unbootable. Webroot had informed us that certain versions on their Spy Sweeper product

could

corrupt the registry on XP computers. This correlated in the rise of unbootable XP machines. This became a hot topic on many groups and needed a course of action. Through consultation with Information Security Office (ISO) we decided this was critical and would interrupt work for many users if desktops become unbootable. We authored a property to check for XP machines with the suspect Spy Sweeper version. Within 1 hour I had results of 1000+ machines across campus. Shortly after the analyses was deployed I received and email from a Console Operator in the Medical School asking if we would write a analyses to look for SpySweeper and XP, I replied back immediately and said it’s already DONE !!. Login to your console and see the results for your department. The console operator was forever thankful. We sent email out our other 136 console operators to inform them of the analyses and results are available to view. I have also created a web reports to email out to the ISO so they can track remediation progress.

Filemaker Pro upgrade painful

I went to a department that had several users using an older filemaker pro version. The upgrade process was incremental so they would have to install 3 upgrades to get to the latest version. The IT person for that department wanted know if BigFix could help. I helped author a custom fixlet with the Dept. IT person and show them how to get the relevance check for application versions to true/false the fixlet. From that fixlet template the Dept was be able to make the subsequent fixlets to make to deploy the remaining upgrade. They additionally used the fixlet later own to push out a host based firewall to their 300+ computers. This Dept loves BF so much the only time they get logged off is when I have to boot them to patch and reboot the main BES Server.

Developer forgot to remove some text from a custom application

We have an application developed in house called PC-Leland. This app sits on desktops and authenticates users into our Kerberos realm. Every so often new version comes out so there is testing, then deployment. Well the final version of the app went out campus wide but the developer forgot to remove some code that says this version is BETA and will expire. It actually didn’t. The question came can BigFix help …….

GRIN

We created 2 fixlets; first one went and renamed the “pcleland app.exe” to “pcleland.old” on the local desktop then copied down the new fixed version to the same directory. The application sat in memory so renaming it would have no affect till restarted. The 2nd fixlet looked for the existence of “pcleland.old” and then became relevant and deleted it.

Asset Fields

I was asked if there was a way BigFix has an editable field for the Dept to enter asset tag information. At first I didn’t think there would be a way to do this but then realized I could create a custom setting field. NMO cannot create new settings but can edit existing ones. We created a custom policy action to add this custom field with a blank value to all new machines in the dept. The relevance checks for the existence of the field and if it doesn’t exist it goes ahead and creates it. The NMO can now go in anytime to populate the fields with the Asset Tag info. The love it because they can call up the info in a table form in their analyses and can see reports in real time.

Patching like no other

Here at we use BigFix primarily for installing Microsoft Security Patches to Microsoft Server systems. To date, we have over 5000 systems installed with BigFix, which is rather small compared to some of your other installations. We do, however, have over 225 BigFix Operators that are spread out across over 80 sites in over 40 countries on 6 continents. Our largest site manages over 1500 systems while our smallest sites manage only 1 or 2. Lately, we have been using BigFix to rapidly locate systems infected with various WORMS and Viruses. Creating the Retrieved Properties and corresponding Analyses to find the files or registry entries left behind by a WORM or VIRUS is extremely simple and BigFix is very fast at returning the results. It helps us target the most critical systems first for remediation.

We also use BigFix to verify our Backup Software Configuration files are correct and up-to-date. We even used BigFix Custom Tasks to deploy DST updates for Oracle and JRE Clients. All of this may be very typical of your other customers. We find BigFix invaluable and it is now a critical tool for managing our systems.

Sox Compliance

We had a SOX compliance request from management to restrict members of the Local Administrators group on our productions servers. We were trying to figure out how to comply, but still give the application owners access when they needed to perform maintenance or upgrades. I suggested using Bigfix and its scheduling feature to create tasks to add and then later remove the application owners from the local administrator’s group.

I built a task using Bigfix and its parameter ability to run a simple DOS command "DOS Net Localgroup Administrators “{parameter “UserID” of action}” /ADD. I created a similar one using the /DELETE function to remove the client. I tested the functionality and was able to show the auditors how we can comply to the request and they approved it.

Now, the application owner’s open a request with the server’s name and the starting and ending access times. We then schedule the task against the server for the times requested and sit back and what Bigfix work its magic.