Install from Network Folder

(imported topic written by SystemAdmin)

We are trying to install software from a network folder using BigFix. I have read threads that are similar to what we are trying to do, but nothing that completely answers the question. Apologies if this is a topic that has been addressed elsewhere.

Fixlet is written…

download http://localserver/folder/subfolder/filename.exe

continue if … etc.

We basically took this structure from existing fixlets. The server itself is not serving HTTP (that I know of).

Can files be deployed this way, with the BigFix server fetching from a local server like it would any other source, or do we have to manually cache the installation files on the server? Can we use a standard network path? (ex. \localserver\folder\subfolder\filename.exe)

If the file has to be manually cached, is there a way to cache files permanently? In the past, we have found that our manually cached files get pushed from the cache over time.

Thanks.

(imported comment written by BenKus)

Hey Mike,

Couples notes for you:

  • The “download” command is only for HTTP (and sometimes FTP) sites.
  • You can run a file from a share as long as the agent has access to the share (but remember that the agent runs as the SYSTEM account so it won’t normally have access to the share unless you use null session shares (http://support.bigfix.com/bes/misc/null_session_share.html) or unless you assign privileges to computers instead of users).
  • Running files from shares doesn’t use any BigFix caching, it just executes the files as if you ran them from the commandline.
  • Here is info about how our caching scheme works: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=232
  • You can use the BigFix Software Deployment Wizard to upload files to the BigFix Server if you don’t have another HTTP server to store the files.

Ben

(imported comment written by SystemAdmin)

All good info.

If the file is already cached on the server (either by moving it manually or using the Deployment Wizard), what command would be used instead of “download”? Or would it be a “download” command, only pointing to the sha1 on the BES server instead of the network folder location?

(imported comment written by BenKus)

Hey Mike,

If you use the prefetch syntax:

prefetch sha1.exe sha1:9370b0019a942400cfebfbdf15c107bbecdc8b0a size:79360 http://EXAMPLEURL/REPLACEME.exe

Then the server will first check to see if the file is in the local cache and if not it will re-download it from the source. If you use the software deployment wizard, it should upload the file to the server and create the url for you to use (it is a url in the uploads folder so that if the server ends up kicking the file from the sha1 cache, it will be re-downloaded and put back in the sha1 cache)…

Ben

(imported comment written by SystemAdmin)

Ok. We have done this successfully in the past. Either we just got lucky, or something about my fixlet is incorrect.

prefetch vse870.msi sha1:3b23a618bfc3d878709842a2eb93087e5ddac503 size:46565888 http://localserver/MANUAL_BES_CACHING_REQUIRED/mcafee/8.7/VirusScan 8.7/vse870.msi

wait “{pathname of system folder & “\msiexec”}” /i “{pathname of client folder of current site}__Download\vse870.msi” /qn /norestart

run “{pathname of client folder of site “BESSupport” & “\RunQuiet.exe”}” “{pathname of client folder of site “BESSupport” & “\qchain.exe”}”

Log on the client shows:

DownloadsAvailable: checking for ‘http://relayserver:52311/bfmirror/downloads/9183/0

DownloadsAvailable: false (action id 9183)

We used the sha1 utility on the msi, copied it to the sha1 folder on the primary BES server, and used the output to build the prefetch statement.

(imported comment written by BenKus)

In the action summary in the console does it say “Download – Cached successfully”?

Ben

(imported comment written by SystemAdmin)

I revisited this project this morning to check the above, and the fixlet worked. I didn’t change anything, though. Does it take awhile for files manually added to the sha1 folder to propagate to other relays? I’m baffled as to why it worked today, but not last week.