Secure Parameters

dan_obiedzinski 2016-09-01 13:35:55 UTC #1

Anyone have any template or example of a fixlet that has secure parameters in the form of username/password textbox in the Description of a fixlet and then those fields passed into the action script?

Run executable from specific folder

Aram 2016-09-01 18:35:21 UTC #2

How about something like:

https://bigfix.me/fixlet/details/3678

strawgate 2016-09-01 18:56:35 UTC #3

Dan,

Is there something in particular you’re trying to do? I might have some example fixlets with actionscript if you’re looking to do a domain join or something like that!

Bill

dan_obiedzinski 2016-09-07 13:17:36 UTC #4

I have the secure parameters down pat now, but I’m trying to run dcpromo using psexec. I keep getting exit code 2 but when I run the command manually on the server it works fine. Any ideas or examples you have?

strawgate 2016-09-07 13:18:43 UTC #5

Can you share your PSExec Command?

Bill

dan_obiedzinski 2016-09-07 13:26:39 UTC #6

Right now I’m testing using calc.exe instead. Psexec exists in the below location. From the log I can verify the parameters are passed correctly.

runhidden C:\RODCDeploy\psexec.exe -accepteula -h -u win{parameter “account” of action} -p {parameter “password” of action} calc.exe

dan_obiedzinski 2016-09-07 13:47:58 UTC #7

Actually, I think I have it now… if I add \\localhost after psexec.exe then it seems to be working…

bcoleman 2019-02-20 16:04:06 UTC #8

Any idea how I could call the referenced fixlet through the API? We would be using the SourceFixletAction so something like this

https://bigfix.me/fixlet/details/3678

<?xml version="1.0" encoding="UTF-8"?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 <SourcedFixletAction>
   <SourceFixlet>
     <Sitename>TestSite</Sitename>
     <FixletID>83</FixletID>
     <Action>Action1</Action
   </SourceFixlet>
   <Target>
     <ComputerID>13863357</ComputerID>
   </Target>
  <Parameter Name="_BESClient_EMsg_Detail">1000</Parameter>
 </SourcedFixletAction>
</BES>

It looks like the there is a SecureParameter element in BES.XSD so it looks like we might be able to do something like this?

<?xml version="1.0" encoding="UTF-8"?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 <SourcedFixletAction>
   <SourceFixlet>
     <Sitename>TestSite</Sitename>
     <FixletID>83</FixletID>
     <Action>Action1</Action
   </SourceFixlet>
   <Target>
     <ComputerID>13863357</ComputerID>
   </Target>
  <SecureParameter Name="secret">SecureValueOfSecret</Parameter>
 <SecureParameter Name="secret2">SecureValueOfSecret2</Parameter>
 </SourcedFixletAction>
</BES>

Targeting for Credential Fixlet

dcbadam 2022-02-19 08:04:53 UTC #9

I am looking for solution to RunAs=localuser with password hardcoded in the html+javascript… Is there a way to specify password as a hardcoded “secret” parameter?

Aram 2022-02-21 15:18:50 UTC #10

If I’m understanding the scenario, perhaps this example may help: https://bigfix.me/fixlet/details/3679 (in particular, note the second hardcoded secret referenced in the description.

How to copy file from network share to a target machine

dcbadam 2022-02-21 20:28:05 UTC #11

In this sample fixlet https://bigfix.me/fixlet/details/3679,

I want to have the following in the Action script.

override wait
RunAs=localuser
hidden=true
user="domain<username>"
password=required
wait cmd.exe /C “D:\abc.bat”

However, instead of password=required, I want to pass the “secure” parameter hardcoded. How to integrate both pieces? If I change secret2 value to the password for the user name in the Action script, what would be the “password” field in the Action script? I can’t leave it out as it throws an error

JasonWalker 2022-02-22 00:14:47 UTC #12

I want to keep the discussion over at Mapping a network drive from BigFix which I’ll be updating shortly