RunAsCurrentUser and relevance authentication

(imported topic written by SystemAdmin)

My challenge is to SECURELY coordinate custom fixlet actions across groups of related machines. The machines may not necessarily be running the same baseline at the same time, so I need another chronological mechanism. I have partially solved my problem, but not completely.

I first worked around the null share limitation (http://support.bigfix.com/bes/misc/null_session_share.html) so I can authenticate to a remote share to securely pass files back and forth. This was accomplished by building a drive mapping batch on the fly, then using RunAsCurrentUser to call the batch. This works like this (assume f is a network drive):

delete __appendfile

appendfile @echo off

appendfile NET USE f: /DELETE

appendfile NET USE f: \server\share

appendfile f:

copy __appendfile __download\map.bat

wait __Download\RunAsCurrentUser.exe --w cmd /C __download\map.bat

wait __Download\RunAsCurrentUser.exe --w cmd /C xcopy /C /Q /Y f:\source c:\target

So here is where I’m stuck. (Somewhat similar to http://forum.bigfix.com/viewtopic.php?id=1032) I reallly need to use either a “continue if” or “pause while” or similar statement so I can coordinate the interdependencies of these multiple machines. For example, I’d love to be able to have a statement work like:

wait __Download\RunAsCurrentUser.exe --w pause while {not exists file “f:\path\file.txt”}

or

wait __Download\RunAsCurrentUser.exe --w continue if {exists file “f:\path\file.txt”}

If I run the statement without a “RunAsCurrentUser”, the command says it succeeds, but in reality it fails for lack of permissions on the target machine.

As an asside, near the top of my BigFix wishlist would be the ability to take any relevance or action and target it to a particular machine (defaults to local machine). A mechanism to securely encrypt, manage, store, and pass authentication parameters be necessary as well.

Anyway, I’d love to hear any ideas. Thanks.