Is there a way to protect BigFix from being uninstalled/tampered.
This link might give a few ideas: https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli+Endpoint+Manager/page/Preventing+Tampering+with+BigFix+Agents
Ultimately any person with admin rights on a box and a little smarts can disable the client. The only thing you can do is make it a little harder. I personally have gone the route of trusting my admins as there are legitimate times when the client needs to be disabled (ie load testing where .1% cpu graphs). My environment is all server though and I research each non-report over 3 days when it shows up. Then I yell at folks for not doing a proper decom.
1 Like
Hi Meydey,
The links work thanks. My ask now is how to revert back the settings? scacl.exe as stated on the link was not downloadable. Is there another way to restore back the settings? Thanks
The 2 reply in that link have ideas. I would recommend applying the BES client hider fixlets listed:
251 Hide BES Clients from the Add/Remove Programs List - BES Client < 8.0 BES Support
325 Hide BES Clients from the Add/Remove Programs List - MSI BES Support
713 Hide BES Clients from the Add/Remove Programs List - BES Client >= 8.0 BES Support
I am debating running that in my environment and whether an RFC is required. A for scacl reversing, I cannot say as I have not tested.