I built a new deployment for our company and recently finished moving the clients to it. Everything is going well from what we can tell, though I have something I wanted to ask here and see if anyone else ran into a similar situation.
Replacement computer systems for us are spread across the country and are not reimaged too frequently (3rd party) and we will have a gap between now and when those new images hit the field. They have the bigfix agent installed on there, but it’s setup to check in with the old infrastructure.
At first I thought leaving the old infrastructure in place temporarily and having 1 open policy action to roll the masthead and leave like 20 licenses there, but not sure if there is some other way I can do this. Anyone else ran into similar or have any suggestions on how I can automate that - and also not relying on the 3rd party to literally do anything?
you have a machine which is deployed with BigFix Agent that is reporting to previous deploynent - as of right now, they can report back that server? only when they are onsite?
If that is the case - I would leave the same open policy to change the masthead
If that machine is enrolled to some cloud like Intune - you can apply a script that will make those changes
We are currently doing same activity. We migrate license once every 15 days from old to new. And keep policy action open for masthead replacement if any new device report to old environment.
Along side with it, we have updated master images with new agent and license file.
In general I suggest if possible that our BigFix customers leave the Masthead swap action open up and running on the old server for an extended time if having that old server is possible. This will help ensure that you don't lose any of your endpoints before shutting down your old BigFix server.
Hm, it sounds like the old image already has the BESClient installed, so it'll have a masthead for the old deployment. Even if DNS bounced them to the new infrastructure, the client's masthead wouldn't match and it wouldn't trust the new server.
Do you have any other way of manipulating the machines when they come online with the old image?
MDM ? Intune? Active Directory - Computer Startup Scripts? Logon Scripts? An Antivirus solution that can run commands? A company App Store? Anything like that at all?
There's not much magic to the 'masthead switch' fixlet - just stop the BESClient service, replace the ActionSite.afxm, and start the service again. Adding some preferred relay values to the Registry if you need to get really fancy.
If you have any way at all to perform that operation, you can switch those clients without having to keep the old deployment online.