How to prevent Relay from being auto-selected?

Is there a way to block a relay from being selected by auto-selection? We’ve just added a relay to a protected enclave where the only BigFix communications allowed through the firewall are between the relay and the primary server. However, it looks like some computers outside the enclave are being assigned to this relay by the auto selection process. How do I keep that from happening, so that clients are only ever directly assigned to the relay?

Is Relay Affiliation the answer? Seems like I would have to set the enclave relay and clients in an affiliation group and tell everything else to use “*”? Would rather not have to configure all of the other clients in the system to prevent this auto selection from happening.

(Also posted to slack…)

Yes there is a client setting you can apply to the Relay for that…

_BESRelay_Selection_AutoSelectableRelay
A value of “0” makes the BigFix relay unavailable for auto selection after the next actionsite propagation. A value of “1” allows the BigFix relay to be used by BigFix clients for auto selection.

Does that go under BigFix\EnterpriseClient\Settings\Client ?

And will clients that have selected it autoUNselect it, or do they need to be told to forget it somehow?

Yes, and Yes

Goes under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix\EnterpriseClient\Settings\Client

…and Clients that have selected the given Relay will unselect it on their next Relay Select interval.

The docs say that “A value of “0” makes the BigFix relay unavailable for auto selection after the next actionsite propagation.” When is/what controls the timing of “the next actionsite propogation”? I’ve set the setting on the relay, but clients keep picking it…

If you are MO, you can just create a blank action and send it to a single client

Does the updated setting on the Relay appear in the Console? After that, the Root Server should automatically update the actionsite.