Secure Parameters

Anyone have any template or example of a fixlet that has secure parameters in the form of username/password textbox in the Description of a fixlet and then those fields passed into the action script?

1 Like

How about something like:

https://bigfix.me/fixlet/details/3678

Dan,

Is there something in particular you’re trying to do? I might have some example fixlets with actionscript if you’re looking to do a domain join or something like that!

Bill

I have the secure parameters down pat now, but I’m trying to run dcpromo using psexec. I keep getting exit code 2 but when I run the command manually on the server it works fine. Any ideas or examples you have?

Can you share your PSExec Command?

Bill

Right now I’m testing using calc.exe instead. Psexec exists in the below location. From the log I can verify the parameters are passed correctly.

runhidden C:\RODCDeploy\psexec.exe -accepteula -h -u win{parameter “account” of action} -p {parameter “password” of action} calc.exe

Actually, I think I have it now… if I add \\localhost after psexec.exe then it seems to be working…

Any idea how I could call the referenced fixlet through the API? We would be using the SourceFixletAction so something like this

https://bigfix.me/fixlet/details/3678

<?xml version="1.0" encoding="UTF-8"?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 <SourcedFixletAction>
   <SourceFixlet>
     <Sitename>TestSite</Sitename>
     <FixletID>83</FixletID>
     <Action>Action1</Action
   </SourceFixlet>
   <Target>
     <ComputerID>13863357</ComputerID>
   </Target>
  <Parameter Name="_BESClient_EMsg_Detail">1000</Parameter>
 </SourcedFixletAction>
</BES>

It looks like the there is a SecureParameter element in BES.XSD so it looks like we might be able to do something like this?

<?xml version="1.0" encoding="UTF-8"?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 <SourcedFixletAction>
   <SourceFixlet>
     <Sitename>TestSite</Sitename>
     <FixletID>83</FixletID>
     <Action>Action1</Action
   </SourceFixlet>
   <Target>
     <ComputerID>13863357</ComputerID>
   </Target>
  <SecureParameter Name="secret">SecureValueOfSecret</Parameter>
 <SecureParameter Name="secret2">SecureValueOfSecret2</Parameter>
 </SourcedFixletAction>
</BES>

I am looking for solution to RunAs=localuser with password hardcoded in the html+javascript… Is there a way to specify password as a hardcoded “secret” parameter?

If I’m understanding the scenario, perhaps this example may help: https://bigfix.me/fixlet/details/3679 (in particular, note the second hardcoded secret referenced in the description.

In this sample fixlet https://bigfix.me/fixlet/details/3679,

I want to have the following in the Action script.

override wait
RunAs=localuser
hidden=true
user="domain<username>"
password=required
wait cmd.exe /C “D:\abc.bat”

However, instead of password=required, I want to pass the “secure” parameter hardcoded. How to integrate both pieces? If I change secret2 value to the password for the user name in the Action script, what would be the “password” field in the Action script? I can’t leave it out as it throws an error

I want to keep the discussion over at Mapping a network drive from BigFix which I’ll be updating shortly