I will be creating posts with a series of tips that have helped me over the years
I am a “Security Architect” and often tell my superiors that if you can run a script (bat, vbs or PS) or sit at the command line on a computer and get what you want without a prompt to respond, you can get it done with BigFix.
It often requires thinking outside the box, knowing the goal and figuring out how to get there.
I am a scripter with my strength being Batch and VBS. It has been a while since I have written any VBS scripts, Batch is my preferred method at this time.
This also means, my tips will be for Windows Only because I do not have a strong base in other Operating Systems.
I often combine batch scripting to dumping data into the registry or file and then an analysis to gather the data for display or using the keys to set relevance on other Fixlets, tasks or analysis.
I am not allowed to identify my employer. Some times I will need to sanitize code to remove identifying data.
We are a multi-tenant MSP with more than 100 tenants and 30k+ endpoints. Challenges arise because each tenant has unique needs and we automate as much as possible, allowing us to manage all patching with a staff of 3 people. We have another group of staff members that resolve agent (client) issues such as agent offline issues. They also install, decom and configure relays (Which we have over 400 of).
Once we onboard a tenant, get them all setup in the console, unless they have a change request, we dont have to go back and do anything, the automation does everything on the tenant side. We do manage baselines for patching with is where our staff members spend a lot of time.
We have a patching methodology that has a patch vetting process built in. Think about a patch that causes windows 10 to crash and reboot. If we push to all 20k + windows 10 systems we manage, we now have a nightmare with few resources to manage a resolution. Vetting patches is critical in multi-tenancy.
I hope my tips will be helpful to all of you. Please comment if they do.