Revision as of 13:51, 12 May 2018

Sites

• Developer Site
• BigFix.Me
• Forums
• BigFix Inventory

Subjects

• IBM BigFix Environment Management
• IBM Server Automation
• IBM BigFix Basics

Items to Remember

• How will IBM BigFix Patch address new servicing models for Windows 7 and 8.1?
• KB0024021
• TASK1728858 - Relay Refresh with X3250 and RS140's.
• RITM1309391 - Decommission request for DEMO & CON1
• BigFix WebUI
• RITM1518487 - New DMZ Relay
• RITM1518488 - New DMZ Relay
• Root Server Hardware Specs - Discussion about running in a VM
• TASK2593699 - Requesting Service Account for WebUI DB access.
• TASK2597919 - Requesting Service Account SQL access required for WebUI functionality based on documentation from IBM.
• RITM2013089 - SSL Request for Test Environment
• RITM2118451 - Restore Firewall rule for Relays in DMZ (restoring access from Internet on port 52311)
• 7Zip 18.05 x64 Update

Tutorials and Training Material

• IBM Security Learning Academy

Items to investigate further

• https://github.com/jgstew/tools/blob/master/CMD/install_bigfix_universal.bat
• https://forum.bigfix.com/t/using-and-understanding-the-inspector-guides/17850
• https://forum.bigfix.com/t/9-5-2-problem-with-detecting-restart/17643/13
• CVE Dashboard
• One Computer - List of its Properties
• Permissions to cancel an Action - RESTAPI to stop an action.
• Managing Pending Restart and Automatic Restart of Endpoints
• Advanced Server Configuration Items
  • Password Restictions

Integrations

• BigFix Integration with IBM Workload Scheduler (IWS)
• BigFix CVE Dashboard
• BigFix Command Line
• BigFix and Microsoft SCOM

Diagnostics

• http://www.ibm.com/support/knowledgecenter/SS6MER_9.2.0/com.ibm.tivoli.tem.doc_9.2/Platform/Web_Reports/c_adding_a_datasource.html?cp=SS6MER_9.2.0&lang=en
• http://www.ibm.com/support/knowledgecenter/SS6MER_9.2.0/com.ibm.tivoli.tem.doc_9.2/Platform/Web_Reports/c_deploy_standaloneWR.html
• http://www.ibm.com/support/knowledgecenter/SS6MER_9.2.0/com.ibm.tivoli.tem.doc_9.2/Platform/Web_Reports/c_configuring_AD_web_reports.html
• http://www.ibm.com/support/knowledgecenter/SS6MER_9.2.0/com.ibm.tivoli.tem.doc_9.2/Platform/Web_Reports/c_post_LDAP_upgrade_steps.html

Current Issues

• WMI Select with a Where clause
• BigFix on Embedded Windows Devices
• ILMT Needs to be upgraded
• Making an Action Relevant after a particular day of week
• IBM BigFix Inventory
• Microsoft Windows Patching
• Software Distribtuion
• IBM BigFix Relay Maintenance

Remote Site Relay Hardware

I need to spec out hardware for Relays to place at "Remote" locations. These systems don't need to have massive processors or tons of RAM, they just need a decent network connection, and they need to be cheap.

After a little Googling I found these systems ...

• Lenovo RS140 - $746.10

Our Facilities Manager doesn't like them because they don't have Dual Power Supplies. My thought is "that's fine", I plan to use them in an N+1 configuration for each location anyway. If there is even dual power available at a location, we can always connect the even numbered units to one leg of power and the odd numbered units to the other leg of power. If power fails at a site, my guess is most of the workstations will go with it, and there won't be a huge need for the Relays ANYWAY.

The Solutions

It looks like it's going to be a combination of both the RS140 and the X3250 from Lenovo.

• Lenovo RS140
  • Low Cost
  • Mountable in 2 post rack systems (TelComm Racks)
  • Single Power Supply
• Lenovo X3250-m5
  • Low Cost
  • Mountable in standard server racks
  • Dual Power Supplies available as an option

History

The search for inexpensive rackable computers with Dual Power Supplies until I can convince someone it's a bad idea.

• Dell PowerEdge R420 (Cannot locate on Dell's Web Site)
• Dell PowerEdge R330 - $1,385.40 - Configured with No OS, No RAID, 500GB SATA Drive, Dual Power Supplies and 8GB RAM.
• [1] - "Ribbed for your viewing pleasure!" External Cooling vanes. Not Rack mountable and very expensive. Not an option, but funny!
• ABMX rack mountable server - $1,238 with dual PS, 8gb ram, and 500gb hd
• ABMX Rack mountable servers
• Wall Mount Rack

Relevance

• Relevance Question: List out all relevant fixlets for a Computer Group
• Action Parameter to define IP Address
• string values of selects "MediaLoaded from Win32_CDROMDrive" of wmi
• Examples of Relevance From IBM

I Want to ...

• Enable SAML 2.0 under BigFix
• Improve Performance
• Uninstall software that's not being used
• Ensure that the BigFix client and Communications are secure
• Efficiently use BigFix to patch a brand new Computer
• Know How BigFix works
• Change where the BigFix Console stores it's Cache data
• View information about BigFix managed computers
• Install the BigFix client on Windows
• Install the BigFix client on Windows from the DMZ or Outside the Network
• Install the BigFix client on OS X
• Install the BigFix clinet on OS X from the DMZ or Outside the Network
• Install the BigFix client on Linux
• Install the BigFix clinet on Linux from the DMZ or Outside the Network
• Create a Patching Baseline for the Citrix Servers
• Create a Patching Baseline for the Monthly Microsoft patches
• Change the Owner property for the BigFix Client
• Parse CSV with Regular Expressions and Tuples
• Deploy the BigFix Client to a number of remote computers
• Determine how the BES Client knows there is something to do?
• Determine how long a Computer has been in BigFix
• Determine what the 'external' IP address of a computer is
• Read data from both branches of a 64bit Windows system
• Restart a Win2012r2 Core server
• Monitor BES Relays
• How to disable NotBIOS on Windows computers
• Generate Random Numbers
• Stagger Action Start Times AND Content Downloads in BigFix
• Run PowerShell Scripts from BigFix
• Work with Windows Scheduled Tasks from BigFix
• Install SSL Certs on the WebUI Server
• Improve BigFix Server Performance
• Deploy an Action the user can trigger or that will start on a schedule
• Best Practices for Managing Baselines
• How does BigFix determine if a reboot is required (Windows)
• Detect Apple OS X WDE Encryption Status

Content

Documentation

• IBM BigFix Relay Optimization in Large Environments
• BigFix Quick Reference Page
• BigFix Bare Metal OS Deployment
• How to create a Windows Software Install Fixlet from scratch
• Developer BigFix Documentation
• Server Automation
• IBM BigFix Videos
• BigFix Inventory - Managing VM managers
• Videos related to IBM BigFix
• Managing VM managers
• DSA replication is failing with named instance databases
• IBM BigFix 9.5 Documents in PDF
• Strings from BESRelay.exe that look like settings
• Strings from BESClient.exe that look like settings
• BFI RESTAPI Documentation
• BigFix Docs in PDF
• List of Unicode Characters in Latin Script
• Unmanaged Assett Scan Importer
• Unmanaged Asset Scanner Documentation
• What does the Send Refresh on the right click menu of a computer do in the BigFix Console?
• Common Relevance Error Messgaes
• IBM BigFix Product Videos
• Replacement for use of (now) in Action Scripts
• BigFix Inventory - Advanced Server Configuration Settings
• Dynamic Downloads
• Use of the PIPE character in relevance
• Override Action Script Command
• Disable WebUI Session Timeout
• YouTube Videos about BigFix
• Autoselection Failsafe Controls

Diagnostics

• Why does a BigFix client sometimes take a long time to do its thing

Performance

• Configure FillDB Batch Rate
• Forum Discussion on FillDB Performance

Utilities

• Audit Trail Cleaner
• Site Date Reader
• Relays.dat Parser
• Mac Ops Plan B
• Migrate Software Repositories

Logging Documentation

• Enable Web Report Logging

Client

• Client Settings

Service Now Items of Note

• RITM0819411/REQ0812148 - Requested DMZ Server for BigFix/Service-Now Test/Dev
• Tools to interact with BigFix SOAP API
• FOrums.BigFix.com posting about ServiceNow

OS Deployment

• OSD 3.9 Announcement

REST API Content

• The BigFix REST API
• Baselines and RestAPI, What Gives?
• SOAP API Example in VB
• Relevance to export all properties for all computers
• Session Relevance, Analyses results and the Rest API

IBM AIX Support in BigFix

• AIX Patch Management FAQ

Custom Content Creation

• Make-Prefetch now supports both Python 2 & 3
• Creating Parameterized Fixlet's
• How can I write an action statement that provides information about the operator who runs a task or fixlet on the client
• Using WOW64 Redirection
• Detect and Remove malicious eDell root certificate
• IBM BigFix Secure Parameters

Interesting items

• Is today the 2nd Tuesday of the month?
• Undelete Actions via SQL commands
• Customizing the Self-Service Portal
• SQL Analysis Properties
• if exists (domain users(names of logged on users))then full names of domain users(names of logged on users)else if exists (users(names of logged on users)) then "local account" else "none"
• File being Uploaded never shows Completed Status in Software Distribution dashboard
• Internet Facing Relays
• Need a Secure way to prompt a console user for a password
• BigFix OS Deployment Content
• Enable Custom Site to bypass a Client Lock State
• Terminal Services Recommended Settings
• BitLocker Analysis
• BitLocker Events from Logs
• Adjust Console Timeout settings to prevent Error 28's
• Get the current Action Name while running the Action
• Download Folder Path
• POSTMan
• Tracking Logins for Local Administrator Accounts
• Configure Preference for IP v4
• Is there a way to externally tell if an action is running?

Client Installation Information

• Can I automatically assign a Relay when installing a client
• Deploying clients that won't be able to talk to the IEM server
• Forum post about Mac Client installation issues
• Can I automatically assign a TEM Client a particular relay at installation time?

Client Configuration Content

• BigFix Patching Maintenance Windows

Creating Custom Content

• exists keys "HKEY_LOCAL_MACHINE\SOFTWARE\Sassafras\Install\KeyAccess" of (x64 registries; x32 registries)

• Automatically creating patches using BigFix Fixlets - VERY Cool Concept!
• Omitting HTML tag from BES Fixlet Descriptions
• Interesting Ideas for Fixlets
• SavingThrow Anti-ADWare
• Dual Monitor Relevance - Still needs work. Doesn't report correct results on my Lenovo AIO.
• Install IEM OSD on Air Gapped IEM for PIN
  • IEM OS Deployment/Bare Metal Air-Gapped Network
• IEM Tickets to Remember
• Notes on intentionally Air-Gapping an IEM Installation
• IBM Endpoint Manager Relevance Language Information
• IBM Endpoint Manager Action Information
• IBM Endpoint Manager Web Reports
• Software Installation Information
• Disaster Server Architecture
• IBM Endpoint Manager API Scripting
• https://forum.bigfix.com/t/microsoft-patch-tuesday-detail-summary-report/6786
• https://forum.bigfix.com/t/relevance-question-sum-of-applicable-computer-counts-and-group-membership/12245
• Software Installation Documentation
• Relevance Cheat Sheet
• RESTAPI: Generate uninstall tasks for all MSI applications on target computer - Windows
• TEM Client Deployment in a VDI Cloned pool infrastructure
• Allow non-Master Operators to stop other actions
• Retrieve information for a Removed Computer before the database is purged
• Enumerate Multiple Monitors
• Gather files from endpoints
• Connecting your IEM Environment to Bigfix.Me
• IEM Tickets to Remember
• Forum post about Mac Client installation issues
• Notes on intentionally Air-Gapping an IEM Installation
• IBM Endpoint Manager Relevance Language Information
• IBM Endpoint Manager Action Information
• IBM Endpoint Manager Web Reports
• Software Installation Information
• Disaster Server Architecture
• IBM Endpoint Manager API Scripting
• https://forum.bigfix.com/t/microsoft-patch-tuesday-detail-summary-report/6786
• https://forum.bigfix.com/t/relevance-question-sum-of-applicable-computer-counts-and-group-membership/12245
• Software Installation Documentation
• RESTAPI: Generate uninstall tasks for all MSI applications on target computer - Windows
• TEM Client Deployment in a VDI Cloned pool infrastructure
• Allow non-Master Operators to stop other actions
• Retrieve information for a Removed Computer before the database is purged

Documentation

• IBM BigFix Relay Optimization in Large Environments
• FTP Server with the BigFix 9.2 Documentation in PDF format
• JGStew keeps a page with Documentation links on it
• Logged On User Information
• IBM Endpoint Manager Version 9.0 - DOCUMENTATION
• REST API Documentation
• Inspector Documentation
• Bigfix.me Inspector Guide
• IEM Video on YouTube
• Upload and Archive Manager
• Baseline Information
• Fixlet Authoring
• Recommended Client Settings from JGStew
• Creating Custom Dashboards for Bigfix
• Action Object Documentation
• Schedule-able Compliance by Computer Web Reports
• RedHat Patching Documentation
• MsiExec.exe and InstMsi.exe Error Messages
• BigFix Server Automation Documentation
• Server Disk Performance
• Decompress Utility
• Relay Autoselection Failsafe Controls
• How do I turn on more detailed logging for the TEM Client?
• How do I turn on detailed message debug logging for the non-Windows TEM Client?
• Relays.dat Parser
• FORUM: Windows or Linux Relay

WebUI Documentation

• WebUI Administration Guide
• WebUI Users Guide
• Service Application Installation & Configuration Guide
• Managing BigFix Offers on Your Device
• Automatic Patching

IEM Component Articles

• ILMT/TAD4D/SUA Blog
• SUA and ILMT Beta Program
• BigFix OpenMic presentation on Relays (PDF)

Tools that might be useful

• Microsoft ORCA.exe
• Netwrix Change Audit Tool for Windows Server
• A quick look at the IBM endpoint Security Strategy
• Yara Malware tool

Pages about odd information

• Null Session Shares (not a good idea!)
• A quick look at the IBM Endpoint Security Strategy

Projects

• Automate the assignment of Relay Affiliation Groups to clients and Relays

Support Links

• DeveloperWorks Support Forum
• Bigfix Support
• IBM BigFix Certification