Can BigFix identify computers under Extended Support?

straffin · May 10, 2023, 7:00pm

Can BigFix’s native inspectors/properties identify computers that have been subscribed to Extended Support arrangements, like Microsoft’s Extended Security Updates (ESU) or Ubuntu’s Expanded Security Maintenance (ESM) in Ubuntu Pro? Does that sort of thing show up in OS version numbers or anything? Or will I need to write an analysis that looks for registry keys and apt sources?

JasonWalker · May 10, 2023, 7:58pm

For Windows, you can check the installed ESU license keys (and there’s an Analysis in the Windows ESU sites that reflect this).

I’d have to defer to someone else on the Linux machines, but I’d expect we can at least see the subscribed repos, if there’s not a better method to check.

atlauren · May 11, 2023, 1:58pm

If memory serves, you can get Windows licensing data out of WMI. When we were tracking this, we instead used an action to send the license output//status to a file, then harvesting that in an analysis.

jgstew · May 11, 2023, 2:08pm

There is an analysis here:

https://bigfix.me/analysis/details/2998636

There are older related content here:

FatScottishGuy · May 11, 2023, 2:34pm

Examples for Windows 2008

string value of select "OfflineInstallationId from SoftwareLicensingProduct WHERE (PartialProductKey is not null) and (Name LIKE 'Windows(R)%25' or Name LIKE 'Windows Server(R)%25') and (Name LIKE '%25ESU-Year1%25')" of wmi | "No ESU License"

string value of select "OfflineInstallationId from SoftwareLicensingProduct WHERE (PartialProductKey is not null) and (Name LIKE 'Windows(R)%25' or Name LIKE 'Windows Server(R)%25') and (Name LIKE '%25ESU-Year2%25')" of wmi | "No ESU License"

string value of select "OfflineInstallationId from SoftwareLicensingProduct WHERE (PartialProductKey is not null) and (Name LIKE 'Windows(R)%25' or Name LIKE 'Windows Server(R)%25') and (Name LIKE '%25ESU-Year3%25')" of wmi | "No ESU License"

This will confirm if there is a Year 1, Year 2 or Year 3 ESU

FatScottishGuy · May 11, 2023, 2:52pm

For Ubuntu it looks like this would work

exists file "/etc/update-manager/release" whose (exists line whose (it starts with "deb http://archive.canonical.com/$(lsb_release -cs)-esm") of it)

straffin · May 11, 2023, 3:48pm

Thanks all! This should get me what I need.

atlauren · May 11, 2023, 4:50pm

It looks like we’re doing:

waithidden cmd /c {pathname of system x32 folder}\cscript.exe {pathname of system x32 folder}\slmgr.vbs /dli >>  \path\to\file

…and then parsing out the Name, Description, and License fields in an analysis.