BigFix
Contents
- 1 What is BigFix
- 2 HCL Content
- 3 V10 Cloud Functions
- 4 Sites
- 5 Subjects
- 6 Items to Remember
- 7 Active Issues
- 8 Tutorials and Training Material
- 9 Items to investigate further
- 10 Integrations
- 11 Diagnostics
- 12 Current Issues
- 13 Remote Site Relay Hardware
- 14 History
- 15 Relevance
- 16 I Want to ...
- 17 Content
- 17.1 Utilities
- 17.2 Documentation
- 17.3 Diagnostics
- 17.4 DSA Server
- 17.5 SCM & SCA Server
- 17.6 Performance
- 17.7 Utilities
- 17.8 Logging Documentation
- 17.9 Client
- 17.10 Service Now Items of Note
- 17.11 OS Deployment
- 17.12 SOAP API
- 17.13 REST API Content
- 17.14 IBM AIX Support in BigFix
- 17.15 Custom Content Creation
- 17.16 Interesting items
- 17.17 Documentation
- 17.18 WebUI Documentation
- 17.19 IEM Component Articles
- 17.20 Tools that might be useful
- 17.21 Pages about odd information
- 18 Projects
- 19 Support Links
- 20 Notes
What is BigFix
Short Answer
BigFix is a "Agent Based" system used to securely manage computers without needing to constantly visit each computer.
Long Answer
BigFix is a "Client/Server" based system of managing remote computers. Member computers need to be connected to the network, and can be managed anywhere in the world as long as they are actively connected to a network where they can reach a Relay or the BigFix server. The Server and Clients use Relays as "store and forward" devices to allow a huge amount of computers to be managed by a single BigFix implementation. Console Operators can deploy software to remote computers, including OS Patches and Software installation packages. Authorized Console Operators can create custom Fixlets and Tasks to perform any task on remote computers that can be scripted. Management of Computers can be distributed between multiple "Console Operators" and different levels of access can be assigned via the Role objects.
Components
- BigFix Servers
- Console Operators
- Roles
- Sites
- Relays
- Clients
- WebUI Server
- Web Report Server
- Fixlets/Tasks
- Analyses
- Actions
HCL Content
HCL Recently bought BigFix from IBM. This means most all of the links below will need to change. (!!) Perfect time to clean things up and re-organize the collection!
These links are from a recent posting on the Forums and should be a good starting point to fixing the rest of the links.
According to the Forum post, Internet Explorer is NOT supported at the above links.
According to HCL, they are working on providing updated PDF forms of the documentation.
HCL BigFix Technology Partner information can be found HERE
V10 Cloud Functions
Sites
- IBM BigFix Review
- Developer Site
- BigFix.Me
- Forums
- BigFix Inventory
- IBM License Metric Tool
- JGStew's Tools
Subjects
- IBM BigFix Environment Management
- IBM Server Automation
- IBM BigFix Basics
- BigFix Service Now Integration
- Configuring SSL Certs for BigFix Components
Items to Remember
- RITM2586103 - New Project request so I can get a new VM for the BigFix Test environment. Freaking stupid that I have to request a whole project just to get a new VM for the Test Environment of a FUNCTIONAL system.
- How will IBM BigFix Patch address new servicing models for Windows 7 and 8.1? (Broken)
- KB0024021
- TASK1728858 - Relay Refresh with X3250 and RS140's.
- RITM1309391 - Decommission request for DEMO & CON1
- BigFix WebUI
- RITM1518487 - New DMZ Relay
- RITM1518488 - New DMZ Relay
- Root Server Hardware Specs - Discussion about running in a VM
- TASK2593699 - Requesting Service Account for WebUI DB access.
- TASK2597919 - Requesting Service Account SQL access required for WebUI functionality based on documentation from IBM.
- RITM2013089 - SSL Request for Test Environment
- RITM2118451 - Restore Firewall rule for Relays in DMZ (restoring access from Internet on port 52311)
- 7Zip 18.05 x64 Update
- PRJ0064377 - Relay Project
- KB0029526 - DHTS Work Instructions on Clearing/Resetting a BigFix Relay
- RITM2240495 - Technical Bridge request for DNS change as part of the switch from Physical to Virtual BigFix servers.
- Using DSA to replace a BigFix Server
- KB0030524 - Procedure to generate and install an SSL Cert for the Web Reports server.
- RITM2589542 - New Cert for ILMT Server
- PRJ0080342 - Rebuild BigFix Test Environment
- RITM2638250 - Decommission VML-TEM-ILMT and VML-TEM-DB2
- RITM2688193 - Request new PACE Relay
- RITM2688192 - Request new PACE Relay
- RITM2759511 - Firewall request to allow Server communications into the dc-dhts-non-clinical VRF
- INC2496211 - Problem adding Group Manager Groups to Local Administrator Groups via Command Line NET LOCALGROUP commands and Power Shell.
- RITM3374423 - Requested SQL Server be installed on the new SCA server.
- RITM3380791 - New Project Request for Microsoft SCCM POC
- RITM3405803 - Decommission two DMZ Relay servers
- CHG0184584 - Change to Remove BigFix Inventory from Production Environment
- TASK3771248 - Task to create a "Universal" Encryption property in BigFix for reporting purposes.
- RITM3835378 - F5 VIP Request for BF-Core
- Microsoft Windows Update Resources
- CS0295243 - HCL ticket about systems cycling between Evaluating, Pending Download, and not Relevant.
- RITM4462525 - New ILMT SSL Cert Requested
- RITM4512395 - New WebUI SSL Cert Requested
- RITM5054521 - New WebUI SSL Cert Requested (2023)
- RITM5503316 - Decommissioning 4 Remote Relay Servers running 2012R2
- RITM5523128 - New WebReports SSL Cert Requested (2024/01/10)
- RITM5687282 - New ILMT SSL Cert Request (2024/03/07)
- RITM5913381 - Firewall Requests for ILMT
Active Issues
Tutorials and Training Material
Items to investigate further
- https://github.com/jgstew/tools/blob/master/CMD/install_bigfix_universal.bat
- https://forum.bigfix.com/t/using-and-understanding-the-inspector-guides/17850
- https://forum.bigfix.com/t/9-5-2-problem-with-detecting-restart/17643/13
- CVE Dashboard
- One Computer - List of its Properties
- Permissions to cancel an Action - RESTAPI to stop an action.
- Managing Pending Restart and Automatic Restart of Endpoints
- Advanced Server Configuration Items
- Password Restictions
Integrations
- BigFix Integration with IBM Workload Scheduler (IWS)
- BigFix CVE Dashboard
- BigFix Command Line
- BigFix and Microsoft SCOM
Diagnostics
- http://www.ibm.com/support/knowledgecenter/SS6MER_9.2.0/com.ibm.tivoli.tem.doc_9.2/Platform/Web_Reports/c_adding_a_datasource.html?cp=SS6MER_9.2.0&lang=en
- http://www.ibm.com/support/knowledgecenter/SS6MER_9.2.0/com.ibm.tivoli.tem.doc_9.2/Platform/Web_Reports/c_deploy_standaloneWR.html
- http://www.ibm.com/support/knowledgecenter/SS6MER_9.2.0/com.ibm.tivoli.tem.doc_9.2/Platform/Web_Reports/c_configuring_AD_web_reports.html
- http://www.ibm.com/support/knowledgecenter/SS6MER_9.2.0/com.ibm.tivoli.tem.doc_9.2/Platform/Web_Reports/c_post_LDAP_upgrade_steps.html
Current Issues
- WMI Select with a Where clause
- BigFix on Embedded Windows Devices
- ILMT Needs to be upgraded
- Making an Action Relevant after a particular day of week
- IBM BigFix Inventory
- Microsoft Windows Patching
- Software Distribtuion
- IBM BigFix Relay Maintenance
- Linux Based Relays Going Off-Line
- Microsoft Delta Updates
- https://forum.bigfix.com/t/autopkg-integration-for-mac-os-x/11590
Remote Site Relay Hardware
I need to spec out hardware for Relays to place at "Remote" locations. These systems don't need to have massive processors or tons of RAM, they just need a decent network connection, and they need to be cheap.
After a little Googling I found these systems ...
- Lenovo RS140 - $746.10
Our Facilities Manager doesn't like them because they don't have Dual Power Supplies. My thought is "that's fine", I plan to use them in an N+1 configuration for each location anyway. If there is even dual power available at a location, we can always connect the even numbered units to one leg of power and the odd numbered units to the other leg of power. If power fails at a site, my guess is most of the workstations will go with it, and there won't be a huge need for the Relays ANYWAY.
The Solutions
It looks like it's going to be a combination of both the RS140 and the X3250 from Lenovo.
- Lenovo RS140
- Low Cost
- Mountable in 2 post rack systems (TelComm Racks)
- Single Power Supply
- Lenovo X3250-m5
- Low Cost
- Mountable in standard server racks
- Dual Power Supplies available as an option
History
The search for inexpensive rackable computers with Dual Power Supplies until I can convince someone it's a bad idea.
- Dell PowerEdge R420 (Cannot locate on Dell's Web Site)
- Dell PowerEdge R330 - $1,385.40 - Configured with No OS, No RAID, 500GB SATA Drive, Dual Power Supplies and 8GB RAM.
- [1] - "Ribbed for your viewing pleasure!" External Cooling vanes. Not Rack mountable and very expensive. Not an option, but funny!
- ABMX rack mountable server - $1,238 with dual PS, 8gb ram, and 500gb hd
- ABMX Rack mountable servers
- Wall Mount Rack
Relevance
- Relevance Question: List out all relevant fixlets for a Computer Group
- Action Parameter to define IP Address
- string values of selects "MediaLoaded from Win32_CDROMDrive" of wmi
- Examples of Relevance From IBM
- IBM BigFix Session Relevance
I Want to ...
- Enable SAML 2.0 under BigFix
- Improve Performance
- Uninstall software that's not being used
- Ensure that the BigFix client and Communications are secure
- Efficiently use BigFix to patch a brand new Computer
- Know How BigFix works
- Change where the BigFix Console stores it's Cache data
- View information about BigFix managed computers
- Install the BigFix client on Windows
- Install the BigFix client on Windows from the DMZ or Outside the Network
- Install the BigFix client on OS X
- Install the BigFix clinet on OS X from the DMZ or Outside the Network
- Install the BigFix client on Linux
- Install the BigFix clinet on Linux from the DMZ or Outside the Network
- Create a Patching Baseline for the Citrix Servers
- Create a Patching Baseline for the Monthly Microsoft patches
- Change the Owner property for the BigFix Client
- Parse CSV with Regular Expressions and Tuples
- Deploy the BigFix Client to a number of remote computers
- Determine how the BES Client knows there is something to do?
- Determine how long a Computer has been in BigFix
- Determine what the 'external' IP address of a computer is
- Read data from both branches of a 64bit Windows system
- Restart a Win2012r2 Core server
- Monitor BES Relays
- How to disable NotBIOS on Windows computers
- Generate Random Numbers
- Stagger Action Start Times AND Content Downloads in BigFix
- Run PowerShell Scripts from BigFix
- Work with Windows Scheduled Tasks from BigFix
- Install SSL Certs on the WebUI Server
- Improve BigFix Server Performance
- Deploy an Action the user can trigger or that will start on a schedule
- Best Practices for Managing Baselines
- How does BigFix determine if a reboot is required (Windows)
- Detect Apple OS X WDE Encryption Status
- Track number of times a user logs into a computer to install/uninstall software
Content
Utilities
Documentation
Videos
- YouTube BigFix Tech Advisor Channel
- BigFix Beyond the Perimeter Considerations when leveraging a DMZ relay
- BigFix PeerNest Introduction
Links
- List of most helpful BigFix links
- Advanced Configuration Options
- WebUI Server Settings Definitions
- IBM BigFix Relay Optimization in Large Environments
- BigFix Quick Reference Page
- BigFix Bare Metal OS Deployment
- How to create a Windows Software Install Fixlet from scratch
- Developer BigFix Documentation
- Server Automation
- IBM BigFix Videos
- BigFix Inventory - Managing VM managers
- Videos related to IBM BigFix
- Managing VM managers
- DSA replication is failing with named instance databases
- IBM BigFix 9.5 Documents in PDF
- Strings from BESRelay.exe that look like settings
- Strings from BESClient.exe that look like settings
- BFI RESTAPI Documentation
- BigFix Docs in PDF
- List of Unicode Characters in Latin Script
- Unmanaged Assett Scan Importer
- Unmanaged Asset Scanner Documentation
- What does the Send Refresh on the right click menu of a computer do in the BigFix Console?
- Common Relevance Error Messgaes
- IBM BigFix Product Videos
- Replacement for use of (now) in Action Scripts
- BigFix Inventory - Advanced Server Configuration Settings
- Dynamic Downloads
- Use of the PIPE character in relevance
- Override Action Script Command
- Disable WebUI Session Timeout
- YouTube Videos about BigFix
- Autoselection Failsafe Controls
- Server Migration
Diagnostics
DSA Server
- Distributed Server Architecture
- IBM BigFix Distributed Server Architecture DSA Installation and Configuration
- Adding DSA server
- DSA Configuration Considerations
- Switching the Master Server (Windows)
- DSA Recovery - Windows
- Using DSA to replace a BigFix Server
- BigFix Server Migration
SCM & SCA Server
- SCM and SCA
- Synchronize Checks Wizard
- Create the check lists using the Wizards and then as the checklists are updated, there are other wizards that can be used to keep them updated.
Performance
Utilities
Logging Documentation
Client
Service Now Items of Note
- RITM0819411/REQ0812148 - Requested DMZ Server for BigFix/Service-Now Test/Dev
- Tools to interact with BigFix SOAP API
- Forums.BigFix.com posting about ServiceNow
- ServiceNow Integration with BigFix
- BigFix Service Now Integration
OS Deployment
SOAP API
REST API Content
- The BigFix REST API
- Baselines and RestAPI, What Gives?
- SOAP API Example in VB
- Relevance to export all properties for all computers
- Session Relevance, Analyses results and the Rest API
IBM AIX Support in BigFix
Custom Content Creation
- Make-Prefetch now supports both Python 2 & 3
- Creating Parameterized Fixlet's
- How can I write an action statement that provides information about the operator who runs a task or fixlet on the client
- Using WOW64 Redirection
- Detect and Remove malicious eDell root certificate
- IBM BigFix Secure Parameters
Interesting items
- '(ids of it, values of results of it) of bes properties whose (name of it = "Last Logged on User")'
- Is today the 2nd Tuesday of the month?
- Undelete Actions via SQL commands
- Customizing the Self-Service Portal
- SQL Analysis Properties
- if exists (domain users(names of logged on users))then full names of domain users(names of logged on users)else if exists (users(names of logged on users)) then "local account" else "none"
- File being Uploaded never shows Completed Status in Software Distribution dashboard
- Internet Facing Relays
- Need a Secure way to prompt a console user for a password
- BigFix OS Deployment Content
- Enable Custom Site to bypass a Client Lock State
- Terminal Services Recommended Settings
- BitLocker Analysis
- BitLocker Events from Logs
- Adjust Console Timeout settings to prevent Error 28's
- Get the current Action Name while running the Action
- Download Folder Path
- POSTMan
- Tracking Logins for Local Administrator Accounts
- Configure Preference for IP v4
- Is there a way to externally tell if an action is running?
Client Installation Information
- Can I automatically assign a Relay when installing a client
- Deploying clients that won't be able to talk to the IEM server
- Forum post about Mac Client installation issues
- Can I automatically assign a TEM Client a particular relay at installation time?
Client Configuration Content
Creating Custom Content
- exists keys "HKEY_LOCAL_MACHINE\SOFTWARE\Sassafras\Install\KeyAccess" of (x64 registries; x32 registries)
- Automatically creating patches using BigFix Fixlets - VERY Cool Concept!
- Omitting HTML tag from BES Fixlet Descriptions
- Interesting Ideas for Fixlets
- SavingThrow Anti-ADWare
- Dual Monitor Relevance - Still needs work. Doesn't report correct results on my Lenovo AIO.
- Install IEM OSD on Air Gapped IEM for PIN
- IEM Tickets to Remember
- Notes on intentionally Air-Gapping an IEM Installation
- IBM Endpoint Manager Relevance Language Information
- IBM Endpoint Manager Action Information
- IBM Endpoint Manager Web Reports
- Software Installation Information
- Disaster Server Architecture
- IBM Endpoint Manager API Scripting
- https://forum.bigfix.com/t/microsoft-patch-tuesday-detail-summary-report/6786
- https://forum.bigfix.com/t/relevance-question-sum-of-applicable-computer-counts-and-group-membership/12245
- Software Installation Documentation
- Relevance Cheat Sheet
- RESTAPI: Generate uninstall tasks for all MSI applications on target computer - Windows
- TEM Client Deployment in a VDI Cloned pool infrastructure
- Allow non-Master Operators to stop other actions
- Retrieve information for a Removed Computer before the database is purged
- Enumerate Multiple Monitors
- Gather files from endpoints
- Connecting your IEM Environment to Bigfix.Me
- IEM Tickets to Remember
- Forum post about Mac Client installation issues
- Notes on intentionally Air-Gapping an IEM Installation
- IBM Endpoint Manager Relevance Language Information
- IBM Endpoint Manager Action Information
- IBM Endpoint Manager Web Reports
- Software Installation Information
- Disaster Server Architecture
- IBM Endpoint Manager API Scripting
- https://forum.bigfix.com/t/microsoft-patch-tuesday-detail-summary-report/6786
- https://forum.bigfix.com/t/relevance-question-sum-of-applicable-computer-counts-and-group-membership/12245
- Software Installation Documentation
- RESTAPI: Generate uninstall tasks for all MSI applications on target computer - Windows
- TEM Client Deployment in a VDI Cloned pool infrastructure
- Allow non-Master Operators to stop other actions
- Retrieve information for a Removed Computer before the database is purged
Documentation
- List of most helpful BigFix links
- List of Advanced Configuration Options
- Client Configuration Settings
- IBM BigFix Relay Optimization in Large Environments
- FTP Server with the BigFix 9.2 Documentation in PDF format
- JGStew keeps a page with Documentation links on it
- Logged On User Information
- IBM Endpoint Manager Version 9.0 - DOCUMENTATION
- REST API Documentation
- Inspector Documentation
- Bigfix.me Inspector Guide
- IEM Video on YouTube
- Upload and Archive Manager
- Baseline Information
- Fixlet Authoring
- Recommended Client Settings from JGStew
- Creating Custom Dashboards for Bigfix
- Action Object Documentation
- Schedule-able Compliance by Computer Web Reports
- RedHat Patching Documentation
- MsiExec.exe and InstMsi.exe Error Messages
- BigFix Server Automation Documentation
- Server Disk Performance
- Decompress Utility
- Relay Autoselection Failsafe Controls
- How do I turn on more detailed logging for the TEM Client?
- How do I turn on detailed message debug logging for the non-Windows TEM Client?
- Relays.dat Parser
- FORUM: Windows or Linux Relay
- List of Advanced Options
WebUI Documentation
- WebUI Administration Guide
- WebUI Users Guide
- Service Application Installation & Configuration Guide
- Managing BigFix Offers on Your Device
- Automatic Patching
IEM Component Articles
Tools that might be useful
- Microsoft ORCA.exe
- Netwrix Change Audit Tool for Windows Server
- A quick look at the IBM endpoint Security Strategy
- Yara Malware tool
Pages about odd information
- Null Session Shares (not a good idea!)
- A quick look at the IBM Endpoint Security Strategy
- How can I clean out and reset my BigFix Relays
- Clean and Reset IBM BigFix Relays
- IBM BigFix Custom Repositories