I am trying to find a reasonable way to exclude individual users from certain fixlets. The relevance I am testing works in QNA, but when I add it to the fixlet the applicable system count drops to zero. QNA examples and a screenshot of the fixlet relevance are provided below. This may be an intentional limitation of the fixlet relevance, but I’m not sure. Any assistance you can provide would be greatly appreciated.
Q: (it != "mkerudi" and it != "mgilbert") of (following text of first "\" of (it as string) | it as string) of values ("LastLoggedOnSAMUser") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" of (x64 registries; x32 registries)
A: False
T: 4492
Q: (it != "mkerudi" and it != "jbell") of (following text of first "\" of (it as string) | it as string) of values ("LastLoggedOnSAMUser") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" of (x64 registries; x32 registries)
A: True
T: 12870
I would like to confirm what you are doing/wanting to do. Are you saying that you are trying to prevent a task from being able to be relevant on machines where specific users are logged in?
That is correct. We want to make computers non-applicable for certain fixlets when specific users have logged in. It looks like I was able to get this working with the relevance provided below, but I’m open to other options.
We are 100% Windows, and I have confirmed that at least for our environment this registry key is more reliable than the OOB User Name property.
(exists (if exists values "LastLoggedOnSAMUser" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" of (x64 registries; x32 registries) then (following text of first "\" of (it as string) | it as string) of values ("LastLoggedOnSAMUser") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" of (x64 registries; x32 registries) else error "not set") whose (it != "mgilbert" and it != "mkerudi"))
If you have multiple tasks that you want to do this on, it might be easier to setup a computer group that could be used for multiple tasks but i’d also be cautious about creating too many Computer groups. There is always a trade off.
We have done the opposite thing frequently where we want a task to specifically target a handful of users and not be relevant to the others. Here are a couple of other options if you don’t see the results, you are looking for with the relevance above.
We also sometimes do things with Registry keys where we tag a device with a registry flag and then either target or exclude machines with that registry key to reduce the need for a specific user to be logged in. it would essentially be excluding the machine because the user previously logged in which caused the device to get tagged. The challenge with that is that sometimes support people will login to a machine for troubleshooting and could cause a device to get tagged because they logged in, so be cautious about that.
(“xxx123 123ABC TBDIDK” as uppercase contains it) of ((if (exists ( key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\userstats” whose (exists value “LogonHistory” of it) of registry)) then (concatenation “;” of unique values whose (multiplicity of it = (maximum of multiplicities of unique values of preceding texts of firsts “;;” of substrings separated by “::” of (value “LogonHistory” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\userstats” of registry as string)))of preceding texts of firsts “;;” of substrings separated by “::” of (value “LogonHistory” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\userstats” of registry as string)) else (“No User Stats”) )as uppercase)
if(exists logged on user)
then(
(“xxx123 123ABC TBDIDK” as uppercase
contains name of logged on user as uppercase)
)
else false
