Hello everyone,
I’d like to share a custom Geolocation reporting solution for Windows endpoints that helps identify endpoint location details (city, state, country) and presents them in a centralized, exportable report.
Overview
The solution provides endpoint geolocation visibility by combining local coordinate detection with an offline GeoIP database, ensuring accuracy while minimizing external dependencies.
It consists of three main components:
1. Endpoint Utility
-
A Python-based executable deployed to Windows endpoints.
-
Uses Win32 geolocation services to retrieve latitude and longitude coordinates.
-
Matches the coordinates against a locally cached MaxMind Geo database to resolve:
-
City
-
State / Region
-
Country
-
-
The resolved location data is then reported back to BigFix for centralized tracking.
Benefits:
-
No continuous internet dependency on endpoints
-
Faster lookups using a local database
-
Works well in restricted or corporate network environments
2. MaxMind Geo Database Cacher
-
Runs on the BigFix Root Server.
-
Periodically downloads the MaxMind Geo database.
-
Archives and distributes the database to:
-
BigFix Relay Servers
-
Managed Endpoints
-
-
Ensures all endpoints use a consistent and up-to-date Geo database for location identification.
Benefits:
-
Centralized database management
-
Reduced external traffic from endpoints
-
Controlled and auditable update process
3. Custom Web Report
-
A custom-built BigFix Web Report to display collected geolocation data.
-
Presents endpoint location information in a clear, user-friendly format.
-
Includes functionality to:
-
Filter endpoint data
-
Export reports to CSV for further analysis or compliance needs
-
Use Cases:
-
Asset visibility and regional distribution
-
Compliance and audit reporting
-
Incident response and regional impact analysis
Summary
This Geolocator solution provides an offline-friendly, scalable, and accurate method to track endpoint locations within BigFix-managed environments. By leveraging local Geo databases and centralized reporting, it offers reliable visibility without relying on third-party APIs at runtime.