So below is an example of the full XML for one of my lab setup baselines that I’m using to test.
I don’t think I’ll be able to put together the full script for this today, but the basic algorithm would be
- Retrieve the Baseline XML via GET
- Create a MultipleActionGroup XML. Fill in the Title and Relevance (the Relevance being ‘true’ or whatever custom relevance you want to apply on the new action)
- Loop through the BaselineXML retrieving each
/BaselineComponentCollection/BaselineComponentGroup/BaselineComponentnode. - For each BaselineComponent found in the Baseline XML, create a new MemberAction node in the MultipleActionGroup XML. Title, Relevance, ActionScript, SuccessCriteria, and IncludeInGroupRelevance to apply in the MemberAction node should be retrieved from the BaselineComponent node in the source.
- After appending all the MemberAction nodes, supply whatever Settings and Target to use for the action. Then append the
<SourceFixletID>node & children to reference the source baseline.
POST the new MultipleActionGroup to /api/actions
<?xml version="1.0" encoding="UTF-8"?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
<MultipleActionGroup>
<Title>Lab Network Configuration</Title>
<Relevance>true</Relevance>
<MemberAction>
<Title>Configure Windows Firewall: Allow Inbound ICMP Ping</Title>
<Relevance><![CDATA[((((windows of operating system) AND (if exists property "in proxy agent context" then not in proxy agent context else true)) AND (version of operating system >= "6" as version)) AND ((not exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall" of registry AND firewall enabled of current profile of local policy of firewall) OR (exists key ("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\" & (if (current profile type of firewall = domain firewall profile type) then ("DomainProfile") else ("StandardProfile"))) whose (value "EnableFirewall" of it = 1) of registry))) AND (not allow inbound echo request of icmp settings of current profile of local policy of firewall)]]></Relevance>
<ActionScript MIMEType="application/x-Fixlet-Windows-Shell">
action uses wow64 redirection false
waithidden netsh.exe firewall set icmpsetting 8</ActionScript>
<SuccessCriteria Option="RunToCompletion"></SuccessCriteria>
<IncludeInGroupRelevance>false</IncludeInGroupRelevance>
</MemberAction>
<MemberAction>
<Title>Configure Windows Firewall: Allow Remote Desktop Services</Title>
<Relevance><![CDATA[((((windows of operating system) AND (if exists property "in proxy agent context" then not in proxy agent context else true)) AND (version of operating system >= "6" as version)) AND ((not exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall" of registry AND firewall enabled of current profile of local policy of firewall) OR (exists key ("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\" & (if (current profile type of firewall = domain firewall profile type) then ("DomainProfile") else ("StandardProfile"))) whose (value "EnableFirewall" of it = 1) of registry))) AND (not rule group currently enabled "remote desktop" of firewall)]]></Relevance>
<ActionScript MIMEType="application/x-Fixlet-Windows-Shell">
action uses wow64 redirection false
waithidden cmd /c netsh.exe advfirewall firewall set rule group="remote desktop" new enable=Yes</ActionScript>
<SuccessCriteria Option="RunToCompletion"></SuccessCriteria>
<IncludeInGroupRelevance>false</IncludeInGroupRelevance>
</MemberAction>
<Settings>
<PreActionShowUI>false</PreActionShowUI>
<HasRunningMessage>false</HasRunningMessage>
<HasTimeRange>false</HasTimeRange>
<HasStartTime>false</HasStartTime>
<HasEndTime>true</HasEndTime>
<EndDateTimeLocalOffset>P2D</EndDateTimeLocalOffset>
<HasDayOfWeekConstraint>false</HasDayOfWeekConstraint>
<UseUTCTime>false</UseUTCTime>
<ActiveUserRequirement>NoRequirement</ActiveUserRequirement>
<ActiveUserType>AllUsers</ActiveUserType>
<HasWhose>false</HasWhose>
<PreActionCacheDownload>false</PreActionCacheDownload>
<Reapply>false</Reapply>
<HasReapplyLimit>true</HasReapplyLimit>
<ReapplyLimit>3</ReapplyLimit>
<HasReapplyInterval>false</HasReapplyInterval>
<HasRetry>false</HasRetry>
<HasTemporalDistribution>false</HasTemporalDistribution>
<ContinueOnErrors>true</ContinueOnErrors>
<PostActionBehavior Behavior="Nothing"></PostActionBehavior>
<IsOffer>false</IsOffer>
</Settings>
<SettingsLocks>
<ActionUITitle>false</ActionUITitle>
<PreActionShowUI>false</PreActionShowUI>
<PreAction>
<Text>false</Text>
<AskToSaveWork>false</AskToSaveWork>
<ShowActionButton>false</ShowActionButton>
<ShowCancelButton>false</ShowCancelButton>
<DeadlineBehavior>false</DeadlineBehavior>
<ShowConfirmation>false</ShowConfirmation>
</PreAction>
<HasRunningMessage>false</HasRunningMessage>
<RunningMessage>
<Text>false</Text>
</RunningMessage>
<TimeRange>false</TimeRange>
<StartDateTimeOffset>false</StartDateTimeOffset>
<EndDateTimeOffset>false</EndDateTimeOffset>
<DayOfWeekConstraint>false</DayOfWeekConstraint>
<ActiveUserRequirement>false</ActiveUserRequirement>
<ActiveUserType>false</ActiveUserType>
<Whose>false</Whose>
<PreActionCacheDownload>false</PreActionCacheDownload>
<Reapply>false</Reapply>
<ReapplyLimit>false</ReapplyLimit>
<RetryCount>false</RetryCount>
<RetryWait>false</RetryWait>
<TemporalDistribution>false</TemporalDistribution>
<ContinueOnErrors>false</ContinueOnErrors>
<PostActionBehavior>
<Behavior>false</Behavior>
<AllowCancel>false</AllowCancel>
<Deadline>false</Deadline>
<Title>false</Title>
<Text>false</Text>
</PostActionBehavior>
<IsOffer>false</IsOffer>
<AnnounceOffer>false</AnnounceOffer>
<OfferCategory>false</OfferCategory>
<OfferDescriptionHTML>false</OfferDescriptionHTML>
</SettingsLocks>
<Target>
<ComputerName>endpoint-1</ComputerName>
</Target>
<SourceFixletID>
<!-- <GatherURL>http://BES-Dev-Root:52311/cgi-bin/bfgather.exe/CustomSite_Production</GatherURL> -->
<!-- <SiteID></SiteID> -->
<Sitename>Production</Sitename>
<FixletID>2272</FixletID>
</SourceFixletID>
</MultipleActionGroup>
</BES>