Hi, I have created a bunch of custom baselines, tasks and computer groups. I’d like to give access to my colleagues that are also using the Bigfix console to deploy patches.
As of now, the “customs” are showing as jmlafreniere’s Operator site from my view and they just won’t show from my colleagues’ view.
The baselines, tasks were created by a non-master operator and aren’t visible for other non-master operator. I’ve looked everywhere but couldn’t find a way to add that permission.
You’ll want to create one (or more) custom sites (Tools > Manage Sites). Assign console operators to the custom site(s) with either read or write access as appropriate. Then make it a practice to publish custom tasks, fixlets, analyses, baselines, etc. to the appropriate custom site. If you want to migrate existing content, first export it (right-click export), then import (File > Import) setting the site for the imported item to the appropriate custom site (upper right hand corner).
One caveat I found is that you can not subscribe an automatic group to a custom site. So I had to manually select all computers from the group and subscribe them. This is of course suboptimal as I will have to refresh this on a regular basis.
Is there a way to subscribe and automatic group to a custom site?
So you set up an automatic group with a particular criteria for group membership. If you want every computer that meets this criteria, both now and in the future, to automatically be part of both that group and a custom site, simply create a new custom task, use the same criteria for relevance as you did for your automatic group, then go a custom site subscription in the action. See http://forum.bigfix.com/viewtopic.php?id=4488 for details. Then make your new task a policy action (no end date) so that future machines that meet your criteria will both join the group and custom site.
Something we implemented was putting in a registry key on every computer in a certain spot --> HKLM/Bigfix/Region
and then created a Retrieved Property for that regkey…
Then we created a policy action that read the property and subscribed the computer to a custom site with that same name.
We also have automatic groups that use the retrieved property, and we scope our admins by those groups
This worked really great because we have several different departments and all they need to see their respective clients is make sure the regkey is in place.
Hello, we were able to make the fixlets, tasks and baselines available to everybody that has access to the console by exporting them from a “personal” site to a new “public” site.
The only thing others can’t see are the “manual groups”. We are using manual groups for the multiple pilots we are conducting when upgrading the computers with the latest Microsoft patches. Is there a way to make everybody see these manual groups ? I can’t find a way to export/import or copy the manual groups to the public site.
Hello John, it is NOT possible to create a manual group other than choosing the wanted computer(s), right-click and selecting “Add to Manual Group” and then choosing a name. The group is then created under the “Manual” container and doesn’t show for the other operators. This is where my problem lies.
As a “temporary” solution, I have created an “Automatic Group” and selected “Group Membership” is member of “”. Then the automatic group is created under the correct site and is filled up with the member computers of the manual group. It is okay as a temporary solution, but if we want to modify the member list in the automatic group (that is seen by everybody), we’ll have to remember to modify the content of the manual group (that is NOT seen by other operators), so it is replicated to the automatic group.
Is there a common thread among the machines in your group so you could make your automatic group a relevance expression rather than point to a manual group?
If a commonality doesn’t already exist, why not create, say, a custom registry keys, etc. (pushed to members of your manual group). Then base your automatic group on relevance of whatever criteria you set. Then you can abandon the manual group.
No, there’s no common denominator for those machines. The group is a pilot group and the computers inside this group are the pilot computers so we test the patches on a few computers before rolling out in production.
It’s not a bad idea to create a custom registry key and push it to the members, but we swap the computers / users so often here it would be hard to keep up with the changes. That being said, I might give it a shot anyway !