Can BigFix identify computers under Extended Support?

straffin 2023-05-10 19:00:18 UTC #1

Can BigFix’s native inspectors/properties identify computers that have been subscribed to Extended Support arrangements, like Microsoft’s Extended Security Updates (ESU) or Ubuntu’s Expanded Security Maintenance (ESM) in Ubuntu Pro? Does that sort of thing show up in OS version numbers or anything? Or will I need to write an analysis that looks for registry keys and apt sources?

JasonWalker 2023-05-10 19:58:23 UTC #2

For Windows, you can check the installed ESU license keys (and there’s an Analysis in the Windows ESU sites that reflect this).

I’d have to defer to someone else on the Linux machines, but I’d expect we can at least see the subscribed repos, if there’s not a better method to check.

atlauren 2023-05-11 13:58:16 UTC #3

If memory serves, you can get Windows licensing data out of WMI. When we were tracking this, we instead used an action to send the license output//status to a file, then harvesting that in an analysis.

jgstew 2023-05-11 14:08:18 UTC #4

There is an analysis here:

https://bigfix.me/analysis/details/2998636

There are older related content here:

FatScottishGuy 2023-05-11 14:34:08 UTC #5

Examples for Windows 2008

string value of select "OfflineInstallationId from SoftwareLicensingProduct WHERE (PartialProductKey is not null) and (Name LIKE 'Windows(R)%25' or Name LIKE 'Windows Server(R)%25') and (Name LIKE '%25ESU-Year1%25')" of wmi | "No ESU License"

This will confirm if there is a Year 1, Year 2 or Year 3 ESU

FatScottishGuy 2023-05-11 14:52:03 UTC #6

For Ubuntu it looks like this would work

exists file "/etc/update-manager/release" whose (exists line whose (it starts with "deb http://archive.canonical.com/$(lsb_release -cs)-esm") of it)

straffin 2023-05-11 15:48:08 UTC #7

Thanks all! This should get me what I need.

atlauren 2023-05-11 16:50:23 UTC #8

It looks like we’re doing:

waithidden cmd /c {pathname of system x32 folder}\cscript.exe {pathname of system x32 folder}\slmgr.vbs /dli >>  \path\to\file

…and then parsing out the Name, Description, and License fields in an analysis.