Exclude a list of machines

bkone · April 21, 2020, 12:50pm

I have a fixlet which deploys the NSClient to all our servers when they come online or are provisioned. I have a specific version but unfortunately don’t have time at the present to work on sending out an update to the client while still leaving the nsclient.ini file in tact. Some servers have some customization set. If it is an easy task that is the route I would like to go, but…

Here is the relevance:

(if(name of operating system starts with “Win”) then free space of drive of client > 46895446 else if ((mac of it) of operating system) then free space of filesystem of folder (pathname of client) > 46895446 else free space of filesystem of client > 46895446)

version of client >= “8.2”

windows of operating system AND (if( name of operating system starts with “Win” ) then platform id of operating system != 3 else true)

/* Relevance generated from file “NSCP-0.4.3.131-x64.msi” / (exists file “msiexec.exe” of system folder) AND (disjunction of (NOT exists keys “{31805EFA-AE48-466D-9FF2-9EDC2076532D}” whose ( value “DisplayVersion” of it as string as version >= “0.4.3.131” as version AND value “Language” of it as string = “1033”) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of ( x32 registry; (if exists x64 registry then x64 registry else nothing) ))) AND / Relevance for msi launch condition: ‘VersionNT64’ */ /**/ ( (x64 of operating system) ) AND true

I would like this to exclude serverA and serverB so I can apply an updated client. Would that be as simple as saying ComputerName does not equal serverA and/or serverB?

brolly33 · April 21, 2020, 1:23pm

yes, you could hard code the server avoidance piece in your Fixlet. with

q: not exists computer name whose (it as lowercase is contained by set of ("server1";"server2"))
A: False

or less fancy

q: NOT (computer name as lowercase = "Server1" OR computer name as lowercase = "Server2")

bkone · April 21, 2020, 3:15pm

Thanks. I was going to try that but didn’t think it could be that easy. Forgot I was using BigFix.

bkone · April 21, 2020, 4:05pm

I added this to the relevance of my fixlet but the older version still installed.

not exists computer name whose (it as lowercase is contained by set of (“server1”;“server2”))

It didn’t omit server2 and still showed as Relevant, installed this version and then showed Not Relevant in the logs.

brolly33 · April 21, 2020, 6:16pm

Editing a Fixlet can leave behind old results that are not resolved until the Endpoint gets the new copy of the Fixlet and evaluates it.

When you take action on the Fixlet, it should use the “current” revision of the relevance statements. (you can visually validate by looking in the BES Client folders on the endpoint for Action ###.fxf where ### is the ID of the action.