Preventive actions for relay and agent

vk.khurava · March 20, 2017, 6:58pm

Hi,

Is there anything fixlet/task, computer settings etc. Which help to prevent bigfix relay and client service stopping/uninstallation by any user, and if somehow service got disabled it auto enabled, and prevent user to uninstall relay and agent.

TimRice · March 20, 2017, 7:18pm

You can use the “Hide BES Clients from the Add/Remove Programs List - BES Client >= 8.0” Task.
You can use the “Automatically Restart Stopped BES Clients Using TaskScheduler” Task.
Install the “Install BES Client Helper Service”.
There used to be a “Hack” available that would restrict control of the BES Client service to the “Local System” account, preventing even a Local Administrator from stopping it. It might be available on BigFix.me or you can Google it. You might also be able to do something similar to the Relay service. TEST THIS PRIOR TO PRODUCTION DEPLOYMENT, I don’t think it’s supported by IBM.
Once you have established the BES Client can’t be tampered with, you can use it to enforce the installation and functioning of the BES Relay service.

vk.khurava · March 22, 2017, 9:41am

I tried this task but its applicability not decreasing, I guess its not checking task name which is being created using it so I mentioned relevance for checking task name but applicability is still same & when I looked into one of server for this specific task there was task scheduler created but with “AT” something name not one which is mentioned in this bigfix task as “RestartStoppedBESClientsa11”

Can you please provide more clarity on it. And there are many entries I guess someone also run this task in past, is there any option we can delete older entries related to this task & add only latest one.

TimRice · March 22, 2017, 2:05pm

I’ve not needed to use this Task in my implementation so far, so I’m not familiar with it’s behavior. Being a Educational/Enterprise entity, we have enough control over the endpoints already that we don’t get much resistance from the Users about having the BES Components running on their systems. In fact, most of our users are professionals and LIKE having the BES Client installed and running because it means that they can get the software/patches they need without interruption to their work day.

From what I can see, you are correct, the Task does not look for a scheduled task to determine relevance.

It simply targets systems that are running newer versions of Windows with BES Client v8.0 or newer and have the Scheduler service running.

vk.khurava · March 22, 2017, 6:48pm

Is there any option for unix/linux servers to setup such options.