I want to implement a particular scenario. Could someone please let me know whether it is possible? If yes, how?
We want every workstation to be having a particular set of applications, say for example 10 standard applications should be installed on all workstation. In case any of these application is uninstalled or missing we want to have a pop up in workstation mentioning that this application is missing. (And may be an option for them to take action (?) - this is secondary.)
Also there should be an alert to administrator daily, so that he can initiate an action to deploy those missing applications.
Add the tasks for each application to the baseline (assuming you have functional relevance for each Task to detect the missing application).
Then deploy the Baseline Action with a Popup message to the user.
In order to perform the notification function, you could add a Task to the top of the baseline that sends an email, but flag the task to not be used for the Baselne Relevance. That way it is only executed if another component in the baseline triggers the baseline execution.
I agree with @TimRice. Create a Baseline containing all of the software you want installed, and take an Action against all of your workstations, with the “Make this action an Offer” option checked. The user will get a pop-up if the Baseline is relevant, and if they take action the missing application would be installed. You should probably use the “Reapply whenever this becomes Relevant again” if you think one of the software packages might be uninstalled later and you want to offer to reinstall it.
For Notifications, once you have configured the Baseline, you could use Web Reports to list applicable computers of the Baseline. You could have Web Reports email you whenever the Baseline becomes Relevant for any of your clients. In that way you would receive a notification even if the user never accepts the offer.
I Hope the following procedure will help you to solve your queries and here below I mentioned how I generate reports for same scenario. If any suggestion on this method please let me know @TimRice@JasonWalker that will more helpful for me to improve on this.
STEP 1:
Run the following relevance in the Fixlet Debugger on the server or on one of the computers where the console is installed.
unique values of ((if (exists value “DisplayName” of it AND exists value “DisplayName” of it as string) then (value “DisplayName” of it as string) else ( “” )) ) of keys whose (exists value “UninstallString” of it AND not exists value “SystemComponent” of it AND (it does not contain “Hotfix” AND it does not contain “Security Update for” AND it does not contain “Update for” AND it does not contain “Security Update for Windows” AND it does not contain “Update for Windows” AND it does not contain “Security Update for Microsoft” AND (length of it > 0) AND (number of substrings " " of it < length of it)) of (value “DisplayName” of it as string)) of keys “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of (if x64 of operating system then (x32 registry; x64 registry) else registry)
STEP 2:
The above relevance will give an output like below:
7-Zip 9.20 (x64 edition)
AT&T Connect Participant
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
CVE-2013-3893
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
FileZilla Client 3.7.3
Free Download Manager 3.9.3
Intel® PROSet/Wireless WiFi Software
Intel® Processor Graphics
Java 7 Update 45
Java™ SE Development Kit 7
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo Power Management Driver STEP 3:
Edit the list to remove some entries so that those applications can be seen as “Unauthorized”.
STEP 4:
Copy the output to a text file and rename it APPWL.dat and place the APPWL.dat in “C:\Program Files (x86)\BigFix Enterprise\BES Client” OR “C:\Program Files\BigFix Enterprise\BES Client” as the case may be depending on a 32bit or 64bit OS on a few test computers.
In production, the job of distribution of whitelist can be done through fixlets.
Currently we will do the distribution manually to keep customization efforts at minimum.
This file will serve as the “Whitelist” to compare with the installed applications on computers.
STEP 5:
Create an analysis called “Application Whitelisting” with the following properties within the analysis:
Property Name: Applications Installed - Authorized
Relevance: if exists file “AppWL.dat” of folder(pathname of parent folder of regapp “besclient.exe” as string ) then ((item 1 of it as string) of it whose ((item 1 of it as string) starts with (item 0 of it as string)) of ((lines of file “AppWL.dat” of folder(pathname of parent folder of regapp “besclient.exe” as string)) , unique values of ((if (exists value “DisplayName” of it AND exists value “DisplayName” of it as string) then (value “DisplayName” of it as string) else ( “” )) ) of keys whose (exists value “UninstallString” of it AND not exists value “SystemComponent” of it AND (it does not contain “Hotfix” AND it does not contain “Security Update for” AND it does not contain “Update for” AND it does not contain “Security Update for Windows” AND it does not contain “Update for Windows” AND it does not contain “Security Update for Microsoft” AND (length of it > 0) AND (number of substrings " " of it < length of it)) of (value “DisplayName” of it as string)) of keys “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of (if x64 of operating system then (x32 registry; x64 registry) else registry))) else "File Not Found: " & pathname of parent folder of regapp “besclient.exe” & "\AppWL.dat"
Property Name: Applications Installed - Unauthorized
Relevance: if exists file “AppWL.dat” of folder(pathname of parent folder of regapp “besclient.exe” as string) then ((item 1 of it) of it whose (item 0 of it = number of lines of file “AppWL.dat” of folder(pathname of parent folder of regapp “besclient.exe” as string) ) of (multiplicities of it, it) of unique values of (item 1 of it as string) of it whose ((item 1 of it as string) does not start with (item 0 of it as string)) of ((lines of file “AppWL.dat” of folder(pathname of parent folder of regapp “besclient.exe” as string ) ) , unique values of ((if (exists value “DisplayName” of it AND exists value “DisplayName” of it as string) then (value “DisplayName” of it as string) else ( “” )) ) of keys whose (exists value “UninstallString” of it AND not exists value “SystemComponent” of it AND (it does not contain “Hotfix” AND it does not contain “Security Update for” AND it does not contain “Update for” AND it does not contain “Security Update for Windows” AND it does not contain “Update for Windows” AND it does not contain “Security Update for Microsoft” AND (length of it > 0) AND (number of substrings " " of it < length of it)) of (value “DisplayName” of it as string)) of keys “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of (if x64 of operating system then (x32 registry; x64 registry) else registry))) else "File Not Found: " & pathname of parent folder of regapp “besclient.exe” & "\AppWL.dat"
Set the Report period at 1 day for both the properties
STEP 6: Save the analysis
Wait for an hour and then generate a report for the analysis from Web reports >> Report List>> Analysis List>> Application Whitelisting
Thank you for you suggestion.
Tim, Could you please let me know how can I flag the task to not able to used for baseline relevance. Like you mentioned we want it to be executed only when some other component is executed.
Thank you Jason.
Today, I have tried this option. This worked But it would be better, if it will be able to show a message that “this particular application/task is missing, Please install it”. But the offer provide baseline name to the end user which is very generic.
Thank vikki for the detailed explanation. Really appreciate it.
There is a way to do the first part through bigfix. Will we be able to create an action which will all application data to APPWL.dat file everyday or something?
No need to create everyday task @dilu, In our office we install all approved software’s in one system run that fixlet command to retrieve app name & version and then put it into a DAT file( paste on notepad & save as DAT)
1.In your bigfix server or any enpoint machine install all approved software 2.Place fixlet debugger on that endpoint which will have all approved software then run that analysis through fixlet debugger
**3.paste the results on notepad and save as APPWL.DAT ** 4.Place that file in mention location through our fixlet command by using copy & move 5.Create analysis both approved list & blacklist 6.In web-reports trigger the relevant report use conditions( Approve & blacklist analysis)
If you want change that DAT file create a new file with all new added software’s & replace old files through fixlet
I hope you need to change that DAT file every 3 months so task is easy for us through bigfix.