@AlanM Seems like for this particular case it works in Fixlet debugger with Local Client Evaluator only. So it fails in the Action debugger, which doesn’t have a Local Client Evaluator.
The Fixlet Debugger doesn’t have a “Local Client Evaluator” for the Action debugger phase so yes it wouldn’t work in FD in an action.
1 Like
Just wanted to follow up for anyone who is looking to have a “patch catch-up” site. This does work. You just have to run it in the console on a client to test it. (as others have noted) Just thought it would be helpful to sum it up.
if {not exists relevant fixlet whose (exists header whose (name of it ="X-Fixlet-Type" and value of it = "Baseline") of it) of site whose (name of it is "Patch Remediation")}
regset "[HKEY_LOCAL_MACHINE\SOFTWARE\key]" "test"="1"
else
regset "[HKEY_LOCAL_MACHINE\SOFTWARE\key]" "test"="2"
endif
There is some additional code to do a date diff you should also add. You would need to add it in when you run your key to put it in patch remediation. So when you do your check:
if {not exists relevant fixlet whose (exists header whose (name of it ="X-Fixlet-Type" and value of it = "Baseline") of it) of site whose (name of it is "Patch Remediation")}
if {now - (value "patchDate" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\key" of (registry;x64 registry) as time) > 15*minute}
regset "[HKEY_LOCAL_MACHINE\SOFTWARE\key]" "patch"="1"
regset "[HKEY_LOCAL_MACHINE\SOFTWARE\key]" "patchDateDone"="{now}"
endif
endif
For me, the “patch=1” pulls it out of the remediation site. There is another fixlet that lowers the CPU and sets patch to 0. that puts it in our patch current site.
I know our Sales Engineer is working on a papers on how to fully accomplish this as a process, but it’s not complete.
2 Likes
I found a small “gotcha” in this and perhaps someone can help me with this because I’m hoping to use this same concept for a site-to-site movement for post imaging software deployment. This:
not exists relevant fixlet whose (exists header whose (name of it ="X-Fixlet-Type" and value of it = "Baseline") of it) of site whose (name of it is "Patch Remediation")
Looks for RELEVANT fixlets, period. Not just relevant fixlets that have actions associated to you (the machine). So there may be a baseline that has not been made active yet, or we may even only want to target to a specific group and not others (but would still be relevant if you assigned an action). This needs an additional “… and whose fixlets are assigned to me” sort of thing.
Just checking that this is the case when evaluated by the client. And thinking out loud here … maybe factor in the report (the result of an evaluation by the client) and look for the one from the machine in question.
Fixlet relevance isn’t linked with there being an action. Once the agents subscribed to a site with the fixlet it will evaluate it.
To clarify the client relevance you have is specific to the machine (see below).
So is it that the site contains fixlets (baselines) that are relevant but will not ever be targeted to the computer ? You need to exclude these fixlets from your decision ?
I’ve one baseline in the site, two computers, the baseline has one fixlet. Baseline applicable on both computers.
Q: not exists relevant fixlet whose (exists header whose (name of it = "X-Fixlet-Type" and value of it = "Baseline") of it)of site whose (name of it is "MyCustomSite")
A: False
T: 0.053 ms
Take action on one of the computers. Baseline is now only relevant on the other computer. QNA gives this on the computer that’s applied the baseline
Q: not exists relevant fixlet whose (exists header whose (name of it = "X-Fixlet-Type" and value of it = "Baseline") of it)of site whose (name of it is "MyCustomSite")
A: True
T: 0.053 ms