(imported comment written by jgstew)
The use of Secure Parameters require that the Root server & targeted client are v9 or greater. I do not know if the relays must also be v9 or above or not, but I presume so.
This will not work well in Baselines, and you must target machines directly. You cannot target “All Computers” or an Automatic Group, but you can manually select all computers that are currently in an Automatic Group. The reason that this does not work is due to the fact that the secure parameter is encrypted at the time of “Take Action” for each client and never passed as clear text anywhere until it reaches the destination client. The Secure Parameters will not show up in log files, or in the console, so they break the strict auditing of BigFix/TEM/IEM, which would be an issue if you had actionscript that was “waithidden {parameter “secret” of action}” because a “bad actor” admin could do anything without it being logged or audited. Even with the examples provided, you might be able to enter a password, end it with a semicolon, then add any command you want to run on the client. (I have not verified this theoretical issue)
Examples of changing passwords on the local system using secure parameters:
http://bigfix.me/fixlet/details/3666
http://bigfix.me/fixlet/details/3667
The “secret” to “secure parameters” is the following embedded in the description of the task/fixlet:
<p>
<label for="secret">Secure Parameter:</label>
<input id="secret" type="password" name="secret" />
<script>
document.body.ontakeaction = function() {
var theSecret = document.getElementById("secret").value;
if (theSecret==null || theSecret=="")
{
alert("Hey, you forgot to enter a secure parameter! Please enter one on the Description tab before taking the action.");
}
else
{
TakeSecureFixletAction( Relevance('id of current fixlet'), Relevance('id of current bes site'),"Action1", {}, { secret: theSecret } );
}
return false;
}
</script>
</p>