We are in the process of implementing a Network Access Control (NAC) solution. The group that is implementing the NAC solution would like to link some of the NAC controls to BigFix Group memberships if possible. But to do this without additional actions in BigFix, I need to determine where the BigFix client keeps track of which Groups it has decided it is a member of, assuming it keeps that information in a non-volatile state.
For now, the focus is Windows computers.
Operating off the assumption that the GroupID would be used to reference anything stored, I’ve found the Group {groupid}.fxf files that define the Automatic Groups in the BES Client folder, but I’ve not located anything that looks like it records that a client thinks it’s a member of any of the groups.
Have you looked at the Bigfix Client Compliance site?
Their is a wizard or dashboard in there. that builds compliance rules.
These rules are then evaluated using the client compliance API.
These more complex rules will evaluate true/false and an action will be automatically taken based on your threshold for variance from what is an acceptable config.