I created a task, which creates a specific file. Now I need to get that file to a different server, specified by the user or to the server where the user is currently logged on (from where the action was executed), whichever is easier and less demanding to the BF server. The action script so far looks like this:
action parameter query "homeserver" with description "State server where request file shall be stored." with default ""
parameter "dnsname" = "{dns name}"
parameter "hostname" = "{computer name}"
delete __createfile
createfile until EOF
[NewRequest]
Subject="CN={parameter "dnsname"}"
Exportable=TRUE
KeyLength=2048
KeySpec=1
KeyUsage=0xf0
MachineKeySet=TRUE
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1
OID=1.3.6.1.5.5.7.3.2
EOF
delete __Download\REQconfig.inf
move __createfile __Download\REQconfig.inf
delete "__Download\{parameter "hostname"}.req"
waithidden cmd /c certreq -new -f __Download\REQconfig.inf __Download\{parameter "hostname"}.req
Up to this point the task works as intended, but I don’t know how to get the file to a different server. Can the copy command be used to copy a file to another server? What’s the syntax then? I can’t use waithidden cmd /c xcopy… because that wouldn’t work on DMZ servers and I basically don’t need to use the task anywhere else.
And the main issue is you aren’t a “user” running the action in general so you don’t have credentials to connect to a remote machine in any fashion so this starts getting interesting.
Well on a command line I would use the xcopy command, but that doesn’t work in DMZ, so I can’t use it in the action script. What I need is to download the file that is created by the certreq command to a server where I’m logged on. In the future I want to send it by mail using a powershell command, but that’s not technically possible yet. another possibility could be, that the file created is just a text file, so it could be possible to just read the content and paste it to some file created on the server I want to store it on. How would that be done?
Might consider using the Override command to specify a user account that will have permissions on the remote machine and then use the copy command to copy the file?
override dos
hidden=true
RunAs=Domain\User
Completion=job
password=required
dos copy "c:\tempLocalFolder\localfile.txt" "\\RemoteServer\c$\Remotefolder\Remotefile.txt"
Problem is, that this would need a direct connection between the two servers and that wouldn’t work in most cases, since this task will be used either on DMZ servers or on non-domain servers, where the conectivity is problematic as well. I need to use the BigFix’s connection between server’s client and BF server.
Bigfix isn’t the right solution for your problem (wow, that’s a rare thing for me to say!).
It might be possible in theory, but would be complex, overengineered, and expensive for you to develop. And I might add that if Bigfix did operate that way, well…it probably wouldn’t be allowed through your DMZ either.
Upload and Archive Manager can get files from the client to the root server.
Download Manager can get files from the Root Server (possibly via Internet download) to the client (once the URL, size, and sha256 hash of the file are known).
The part in between - receiving the file in the UploadManager directory, moving it to a location where the client can download it, calculating the path, size, and sha256, and then creating a new action for the client to download it – that’ the part you’d need to write.
So basically I can use upload and archive manager to get the file to the BES root server and from there to the server I want (that’s already outside DMZ, so simple wait cmd /c xcopy would work)? So create a baseline with one task to create the file, second the upload manager and third to copy the file from root server wherever I want?
Download manager is just another name for the prefetch or download command in action script.
Almost every Fixlet uses this to get files down from the root server.
The action to upload happens on computer A, the file move on computer B (root server) and the subsequent download on computer C, so a baseline will not work, but server automation might.
For the middle part, moving the files on the BigFix root server
from \BigFix Enterprise\BES Server\UploadManagerData\BufferDir\sha1\#\########
into \BigFix Enterprise\BES Server\wwwrootbes\Uploads
Maybe… Repeating action targeting BigFix server that a) uses xcopy with recursion to copy the new file in the Upload manager area into the wwrootbes area along with a naming convention to make them unique in the wwwrootbes area… b) in the same action, use relevance to calculate the sha256 and size and generate the full URL that would be needed in your subsequent download command… and then, c) action performs a REST API call to generate a custom action on ComputerB, passing the calculated prefetch command…
(As Jason mentioned, complex, overengineered, time consuming)
if BigFix runs under system there is a workaround by using task scheduler - you can create a scheduled task via schtasks command and make it run under some other user or serviceid which has network access. I am using this often