Hi Everyone,
I’ve created a compliance document and took an action to the endpoint, then I took action “determine compliance” (as a policy) the status computer status changed to compliant.
Now I created another document in which I selected the maximum number of critical patches “20” and took the action on an endpoint but there is no applicable computer in “determine compliance task”.
Can anyone please help??
What is the relevance of your “Determine Compliance” task?
Thanks for immediate response, the relevance is default relevance of task and it’s quite long relevance if you want me to post it then please let me know.
Well without that relevance we won’t be able to help you determine why it’s not evaluating to “True” on your target.
Here it is
(((((((if( name of operating system starts with “Win” ) then platform id of operating system != 3 AND (if exists property “in proxy agent context” then (not in proxy agent context) else true) else false) AND (exists site “clientcompliance”)) AND ((exists regapp “besclient.exe”) AND (version of client >= “4.1.8”))) AND (name of operating system = “Win2000” OR name of operating system = “WinXP” OR name of operating system = “WinXP-2003” OR name of operating system = “Win2003” OR name of operating system = “WinVista” OR name of operating system = “Win2008” OR name of operating system = “Win7” OR name of operating system = “Win2008R2” OR name of operating system = “Win8.1” OR name of operating system = “Win8” OR name of operating system = “Win2012”)) AND (exists folder (pathname of folder (value “RequestDir” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\ClientComplianceAPI” of registry as string)) AND exists folder (pathname of folder (value “ResponseDir” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\ClientComplianceAPI” of registry as string)) AND exists folder (pathname of folder (value “ConnectDir” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\ClientComplianceAPI” of registry as string)))) AND (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\ClientComplianceAPI” of registry AND exists “RequestDir” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\ClientComplianceAPI” of registry AND exists “ResponseDir” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\ClientComplianceAPI” of registry AND exists “ConnectDir” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\ClientComplianceAPI” of registry)) AND (exists folder (pathname of parent folder of regapp “BESClient.exe” & “__BESData\actionsite__Compliance”) AND exists file (((pathname of parent folder of regapp “BESClient.exe”) & “__BESData\actionsite__Compliance”) & (value “ComplianceDocName” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\ClientComplianceAPI” of registry as string)))) AND ((exists no key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\BES Client API Configuration\RunAPI” of registry) OR (exists no value “run” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\BES Client API Configuration\RunAPI” of registry) OR ((now - (value “run” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\BES Client API Configuration\RunAPI” of registry as time)) > 5 * minute) OR ((now - (value “run” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\BES Client API Configuration\RunAPI” of registry as time)) < 0 * minute))
The only thing that may affect being able to run a scan using this relevance would be the time delay but that would be 5 minutes and I’m sure plenty of time has passed between the previous scan and now. Are you sure there are clients this will apply to?
yes I’m sure, I’ve enforce a policy for which I used that task and client reported as compliant
Then I created a new compliance document and enforce a policy to test whether it is compliant or not (and it shouldn’t be compliant to that policy). But “Determine Compliance” didn’t show any applicable computer. I don’t know Why?
One more thing I want to know that If I want to enforce a new compliance document then should I need to remove the previous document from the client’s computer?