Creating Custom Patch Windows

Hello, I am fairly new to using BigFix and have been tasked with evaluating how it applies patches compared to our current WSUS setup.

I came across the below article [1] which explains creating custom patch windows. I have created the settings that I want along with an analysis that will determine if a server is within its patch window. My problem is that after creating a Baseline with the patches that I want, my “Patch Window Open” property created by the locally activated analysis does not show in the “Run only when” constraint drop down in the take action window.

I believe the problem is that my account on our BigFix server is a non master operator account and in order for the “Patch Window Open” property to be available in the drop down, it needs to be a globally available property, correct?

I’m just getting my head wrapped around how BigFix does things and my searching hasn’t provided me with the answer to the above question.

Thanks.

[1] https://www.linkedin.com/pulse/bigfix-tips-tricks-part-4-dynamic-patch-maintenance-using-consuegra

EDIT: In case anyone runs across this…

I had someone with a Master Operator account create the Global Property that I needed and was able to use it as I needed as a “Run only when” constraint. So far, running my baseline once against a group of servers in multiple patch windows has worked beautifully.

Greetings @jpope and welcome to BigFix. I would strongly encourage you to attend the BigFix Days virtual conference that starts tomorrow. Also, the following links should be helpful as well.

1. Getting Started with BigFix
2. BigFix Tech Advisor YouTube channel
3. BigFix Foundation Series YouTube playlist
4. @bradsexton81 articles on LinkedIn
5. Maintenance Windows Dashboard

I would also recommend looking at the Patch Policy feature within the WebUI.

6. Get Started with Patch Policy
7. Patch Policy Overview

One final suggestion, when you’re Googling for anything BigFix make sure to prefix your search with “hcl bigfix” then the search item. For example, hcl bigfix maintenance window gets you links to the HCL BigFix documenation.

That’s some great info from Casey. One thing I’d add is that yes, you are correct, the property you use for an Action Constraint must be a Global Property.

Otherwise you could follow the Maintenance Window Wizard but you must “enforce maintenance window with lock/unlock”. I prefer to create, but not enforce, a maintenance window so instead I’d create a Global Property. That allows for some actions (patches & maintenance) to follow the Maintenance window, while others (BFI scans, health checks) can run outside the window.

Thanks, looks to be some good info there, some I’ve reviewed already, some I haven’t.

Thank you, I figured as much as it needing to be a Global Property.

And I’d like to stay away from the built in Maintenance Windows with locking as my focus is only on patching where other admins in my organization have focus elsewhere. Also, we have just under 20 update start times across two days every month just in our Development/Test environment. As I’ve been scaling up the number of servers I’m updating via BigFix the past few months, the method in the article I linked seems to me the most straight forward way to go about it.