Hey everyone, I’m fairly new to Bigfix and have been trying to work through things on my own, however I’m having issues figuring this one out, since I can’t just push a .sh script out to the Windows machines.
I have saved an exported xml file (wifi.xml) with our wifi credentials imbedded into it. Is it possible/how can you distribute the xml file with BigFix, and then ‘import’ it via the netsh command either directly, or from a batch file that you generate.
I know this command works if run locally on a windows machine from the command prompt, but I want to be able to use Bigfix to automate this so we don’t have to run around to hundreds of machines.
netsh add profile filename="\imported\path\wifi.xml"
Thank you in advance for any assistance provided!
Hi,
Before starting – it’s generally not possible to securely distribute this file dynamically to your endpoints. If you are fine with an advanced adversary having access to this then we can continue.
So you have a couple steps to complete
- Get the XML File onto the endpoint.
a. Either download the file with BigFix
b. Write the file with BigFix
- Run the import command with BigFix
So for step 1, i’d write out the file using BigFix. So make a new fixlet and take the contents of your XML and put it like this:
delete config.xml
delete __createfile
createfile until _end_
CONTENTS OF YOUR XML
_end_
move __createfile config.xml
Next we have to import the configuration using netsh. After the “move __createfile config.xml” we just did we are going to run the command you just provided and point it to our new config.xml file.
waithidden netsh add profile filename="config.xml"
All together:
delete config.xml
delete __createfile
createfile until _end_
CONTENTS OF YOUR XML
_end_
move __createfile config.xml
waithidden netsh add profile filename="config.xml"
1 Like
Hi,
First off thank you for your help!
Secondly, I tried running this on a test Windows machine and it didn’t add the wifi profile. Is there anything else that is needed to get this to work?
The only things I changed from what you have here is the name of the created .xml file.
Can you share the resultant fixlet with anything sensitive removed?
Bill
Sorry, like I said I’m fairly new with Bigfix. Where can I find the resultant fixlet?
Sorry – I meant the fixlet you made
Ah okay, yeah no problem. Let me link it in:
delete wifi.xml
delete __createfile
createfile until _end_
The contents of my XML (which I know is good. I have used it locally on a machine to add the wifi profile using the netsh command and it worked)
_end_
move __createfile wifi.xml
waithidden netsh add profile filename="wifi.xml"
Can you try adding:
action uses wow64 redirection {not x64 of operating system}
To the very top of your fixlet?
action uses wow64 redirection {not x64 of operating system}
delete config.xml
delete __createfile
createfile until _end_
CONTENTS OF YOUR XML
_end_
move __createfile config.xml
waithidden netsh add profile filename="config.xml"
Okay I’ll try it right now. Thanks
It still didn’t add the wifi profile
Should I not put this at the beginning of the content of the .xml?
<?xml version="1.0"?>
I just copied everything from the wifi profile xml that I had saved and this is at the top of it. That wouldn’t mess with the creation of the file in the script would it?
Is the command perhaps netsh WLAN add profile? And not netsh add profile?
You mean try using netsh WLAN add profile in the place of “netsh add profile” ?
I tried adding WLAN in the command and it still didn’t work.
I know that netsh add profile filename=“config.xml” works, I tried it on a machine locally and it added the profile no problem. Could it be an issue with the xml being created?
Or perhaps the computer isn’t able to find the xml? Where would this be creating the file, just at the root? I checked the computer after running the script and the file wasn’t even created.
Would it be possible to just download the existing saved xml file to endusers through bigfix and then run the netsh command?
It will make the file in one of the folders here:
C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData
Okay, so the problem seems to be that it’s not actually creating the xml file.
You will have to check pretty quickly after the action runs otherwise there is a chance the agent will cleanup the file.
You can look in the agent log to see that it’s writing the file out, on the delete __createfile line you should see this in the log:
Command succeeded delete No 'C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\a site of yours\__createfile'
and the wifi.xml should be in that directory