Secure Parameters

dan_obiedzinski · September 1, 2016, 1:35pm

Anyone have any template or example of a fixlet that has secure parameters in the form of username/password textbox in the Description of a fixlet and then those fields passed into the action script?

Aram · September 1, 2016, 6:35pm

How about something like:

https://bigfix.me/fixlet/details/3678

strawgate · September 1, 2016, 6:56pm

Dan,

Is there something in particular you’re trying to do? I might have some example fixlets with actionscript if you’re looking to do a domain join or something like that!

Bill

dan_obiedzinski · September 7, 2016, 1:17pm

I have the secure parameters down pat now, but I’m trying to run dcpromo using psexec. I keep getting exit code 2 but when I run the command manually on the server it works fine. Any ideas or examples you have?

strawgate · September 7, 2016, 1:18pm

Can you share your PSExec Command?

Bill

dan_obiedzinski · September 7, 2016, 1:26pm

Right now I’m testing using calc.exe instead. Psexec exists in the below location. From the log I can verify the parameters are passed correctly.

runhidden C:\RODCDeploy\psexec.exe -accepteula -h -u win{parameter “account” of action} -p {parameter “password” of action} calc.exe

dan_obiedzinski · September 7, 2016, 1:47pm

Actually, I think I have it now… if I add \\localhost after psexec.exe then it seems to be working…

bcoleman · February 20, 2019, 4:04pm

Any idea how I could call the referenced fixlet through the API? We would be using the SourceFixletAction so something like this

https://bigfix.me/fixlet/details/3678

<?xml version="1.0" encoding="UTF-8"?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 <SourcedFixletAction>
   <SourceFixlet>
     <Sitename>TestSite</Sitename>
     <FixletID>83</FixletID>
     <Action>Action1</Action
   </SourceFixlet>
   <Target>
     <ComputerID>13863357</ComputerID>
   </Target>
  <Parameter Name="_BESClient_EMsg_Detail">1000</Parameter>
 </SourcedFixletAction>
</BES>

It looks like the there is a SecureParameter element in BES.XSD so it looks like we might be able to do something like this?

<?xml version="1.0" encoding="UTF-8"?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 <SourcedFixletAction>
   <SourceFixlet>
     <Sitename>TestSite</Sitename>
     <FixletID>83</FixletID>
     <Action>Action1</Action
   </SourceFixlet>
   <Target>
     <ComputerID>13863357</ComputerID>
   </Target>
  <SecureParameter Name="secret">SecureValueOfSecret</Parameter>
 <SecureParameter Name="secret2">SecureValueOfSecret2</Parameter>
 </SourcedFixletAction>
</BES>

dcbadam · February 19, 2022, 8:04am

I am looking for solution to RunAs=localuser with password hardcoded in the html+javascript… Is there a way to specify password as a hardcoded “secret” parameter?

Aram · February 21, 2022, 3:18pm

If I’m understanding the scenario, perhaps this example may help: https://bigfix.me/fixlet/details/3679 (in particular, note the second hardcoded secret referenced in the description.

dcbadam · February 21, 2022, 8:28pm

In this sample fixlet https://bigfix.me/fixlet/details/3679,

I want to have the following in the Action script.

override wait
RunAs=localuser
hidden=true
user="domain<username>"
password=required
wait cmd.exe /C “D:\abc.bat”

However, instead of password=required, I want to pass the “secure” parameter hardcoded. How to integrate both pieces? If I change secret2 value to the password for the user name in the Action script, what would be the “password” field in the Action script? I can’t leave it out as it throws an error

JasonWalker · February 22, 2022, 12:14am

I want to keep the discussion over at Mapping a network drive from BigFix which I’ll be updating shortly