Edit BigFix Client MSI

Here is an alternative approach to modifying the BigFix Client MSI. Rather than using the Microsoft ORCA tool, you can instead use the following python script. To get a better understanding of what it’s doing please first read @bradsexton81 post here: https://www.linkedin.com/pulse/bigfix-edit-client-msi-off-network-installs-custom-settings-sexton

import win32com.client
import shutil
 
# Path to your original MSI file
original_msi_path = "C:/ClientMSI/BigFixAgent.msi"

# Path for the new MSI file
new_msi_path = "C:/ClientMSI/BigFixAgent_Modified.msi"

# Copy the original MSI to a new location
shutil.copyfile(original_msi_path, new_msi_path)

# Open the copied MSI file
installer = win32com.client.Dispatch('WindowsInstaller.Installer')
db = installer.OpenDatabase(new_msi_path, 1)  # 1 is for transact mode

# Update Property
query_update = "UPDATE `Property` SET `Value`='http://YOUR-RELAY1:52311/bfmirror/downloads' WHERE `Property`='RELAY1'"
view = db.OpenView(query_update)
view.Execute(None)
view.Close()

# Insert into Registry - Registry6 
query_insert_6 = "INSERT INTO `Registry` (`Registry`, `Root`, `Key`, `Name`, `Value`, `Component_`) VALUES ('Registry6', 2, 'SOFTWARE\\BigFix\\EnterpriseClient\\Settings\\Client\\_BESClient_RelaySelect_FailoverRelay', 'value', 'http://YOUR-RELAY2:52311/bfmirror/downloads', 'BESClient.exe')"
view = db.OpenView(query_insert_6)
view.Execute(None)
view.Close()

# Insert into Registry - 7 - set password for DMZ relay
query_insert_7 = "INSERT INTO `Registry` (`Registry`, `Root`, `Key`, `Name`, `Value`, `Component_`) VALUES ('Registry7', 2, 'SOFTWARE\\BigFix\\EnterpriseClient\\Settings\\Client\\_BESClient_SecureRegistration', 'value', 'YOUR-PASSWORD', 'BESClient.exe')"
view = db.OpenView(query_insert_7)
view.Execute(None)
view.Close()

# Insert into Registry - Registry8 - enable command polling
query_insert_8 = "INSERT INTO `Registry` (`Registry`, `Root`, `Key`, `Name`, `Value`, `Component_`) VALUES ('Registry8', 2, 'SOFTWARE\\BigFix\\EnterpriseClient\\Settings\\Client\\_BESClient_Comm_CommandPollEnable', 'value', '1', 'BESClient.exe')"
view = db.OpenView(query_insert_8)
view.Execute(None)
view.Close()

# Insert into Registry - Registry9 - set command poll interval
query_insert_9 = "INSERT INTO `Registry` (`Registry`, `Root`, `Key`, `Name`, `Value`, `Component_`) VALUES ('Registry9', 2, 'SOFTWARE\\BigFix\\EnterpriseClient\\Settings\\Client\\_BESClient_Comm_CommandPollIntervalSeconds', 'value', '3600', 'BESClient.exe')"
view = db.OpenView(query_insert_9)
view.Execute(None)
view.Close()
 
# Commit changes to the new MSI file
db.Commit()

I would have never thought to look for a MSI module in Python.

While I am not a fan of modifying a MSI (prefer MST or specifying properties) I’ll for sure keep this in my back pocket and probably will give it a shot one day when the usecase comes up.

I took this concept a step further and wrote a python script that takes the path to the MSI and the path to a clientsettings.cfg file and it writes all the settings from the clientsettins.cfg into the MSI itself.

• tools/Python/bigfix_client_msi_clientsettings.py at master · jgstew/tools · GitHub

I tested this by installing the BigFix client with the modified MSI file on Windows 11 using BigFix Client 11.0.5 MSI and it worked. The settings appear in the windows registry and in the console when inspecting the test machine.

For windows, I wrote a batch script that generates the clientsettings.cfg on the fly. This way I can just use the clientsettings.cfg for the settings we need.

I do the same for the EXE installer, but that doesn’t work for the MSI installer, which requires the settings be embedded internally to it.

See here:

• tools/CMD/install_bigfix.bat at master · jgstew/tools · GitHub
• tools/powershell/install_bigfix.ps1 at master · jgstew/tools · GitHub
• tools/bash/install_bigfix.sh at master · jgstew/tools · GitHub

We have been using the BigFix Client Compiler since the beginning. It is not an MSI editor, but it packages all required components into a single executable for execution.

BigFix Agent Install Via MECM Task Sequence - Usage and Config / Platform - BigFix Forum

This doesn’t work for a deployment method that requires an MSI. This or the scripts I linked above are good options if you are using a deployment method that doesn’t require an MSI, but some do, and in those cases, editing the MSI is the best option for incorporating client settings as part of the install process since the MSI install process does not support any other option.

I converted this python script to powershell and tested it successfully:

• tools/powershell/bigfix_client_msi_clientsettings.ps1 at master · jgstew/tools · GitHub

The nice thing about powershell is there are no dependencies to install or configure unlike the python script.