Determining How Long An Endpoint Has Met A Condition

(imported topic written by Matt.Johnson)

We use TEM to monitor several aspects of our workstations. One if these variables is encryption status. What I am trying to do is show how long the device has been out of compliance (not encrypted). We already have properties in place that can determine encryption status. I am just looking for a way to either:

A) Timestamp when it’s initially determined as out of compliance

or

B) Create a counter key in the registry that will be incrementally increased each day.

I would greatly appreciate any assistance you can provide. I’m at a loss here.

Thank you!

Matt Johnson

(imported comment written by jgstew)

the best option i can think of is to have a fixlet or task as an open action that would set something on the endpoint when it first sees the condition, then report on how long it has been set. You could use a client setting for this. If a system has never been encrypted then the date of the start of non compliance would be OS install date.

Historical reporting is a weakness of bigfix, though technically some of the historical data would be in SQL somewhere.