Trying to get the message for end user if password expire via bigfix action and message option but not getting.
is there any other way??
// Enter your action script here
//parameter "days"="{{preceding text of first "," of (((maximum password age of security database) - (password age of users of logged on users)) as string)}"
//{name of logged on user whose (active of it = True)}
delete __createfile
delete c:\temp\pass_days.html
createfile until eof
Your password will expire in
{name of drive of windows folder}
{{maximum password age of security database}
{name of logged on user whose (active of it = True)} days. Please change your password.
So off the top of my head, the issue may be due to 1 of 2 reasons (or both):
Launching a windows application that needs to interact with the desktop (i.e. display a windows-application GUI) requires the process that starts the application have the interact with desktop permission which BESClient.exe does not have out-of-the-box (at least that was the case in the past, but may not hold true anymore). Enabling this capability does introduce a potential security risk and in general is considered against best practices. This is the reason there is a BESClientUI.exe process in addition to BESClient.exe.
The start command may not be able to identify the correct application to spawn based upon the provided argument. You may need to provide the entire command line to open a web browser (like IE) and have it open the HTML file. This in itself may be an issue as some security policies prevent browsers from opening local files, or treat local files as downloads and prompts the user to download the file instead of displaying the contents (I have seen multiple variations on this).
Hi script goes well , but it does not print the password expire days left
// Enter your action script here
//parameter "days"="{{preceding text of first "," of (((maximum password age of security database) - (password age of users of logged on users)) as string)}"
//{name of logged on user whose (active of it = True)}
delete __createfile
delete c:\temp\pass_days.html
createfile until eof
Your password will expire in
{name of drive of windows folder}
{{maximum password age of security database}
{name of logged on user whose (active of it = True)} days. Please change your password.
without it {{ for password relevance it through substitution error ? not sure why not for other commands
{name of drive of windows folder}
{maximum password age of security database}
{{maximum password age of security database - password age of users of logged on users}
{name of logged on user whose (active of it = True)} days. Please change your password.
q:exists logged on user whose (maximum password age of security database - password age of it / day > 50)
E: The operator "password age" is not defined.
q:(maximum password age of security database - password age of user of logged on user) / day > 100
A: False
T: 0.025 ms
q:(maximum password age of security database - password age of user of logged on user)
A: 53 days, 07:51:55
T: 0.020 ms
q:(exists logged on user whose (maximum password age of security database - password age of user of it)) / day > 50
E: A boolean expression is required.
I think the comparison is the wrong way round - the message would be fired when the password age was low, not high.
Also, on machines with multiple logged on users, any one of them with an aging password would cause ‘innocent’ users to get the message.
This just has the feel of trying to get Bigfix to do something that the OS should already provide. Domain attached Windows boxes certainly have this facility (as @Mike references)