Will DOI/USGS be pushing down patches from the top level?
BigFix will be used to push out Microsoft software updates and the mandated Java update to all non-MECM and non-MECM endpoints which includes Windows clients (ie Windows 7, 8, and 10) and Windows Servers including Server 2008, 2008R2, 2012 and 2012R2.
How do sites control their no reboot groups in BigFix?
See https://tst.usgs.gov/applications/asset-management/ibm-endpoint-manager/bigfix-exception-properties-and-fixlets/ Sites will need to ensure any servers that should not be rebooted are added to the MECM No Reboot collections. Information on updating your MECM No Reboot can be found here.
How often are systems synced from MECM to IEM?
Sites should ensure systems are in the MECM No Reboot collection 2 days prior to the patch deadline.
Should sites that want to use BigFix to patch systems turn off MECM patch deployment?
The two tools play together pretty well. As long as there aren’t two tasks running at the same time the two tools should work fine together.
Does the agent have to be installed everywhere?
No, only of supported OS. Most OSs are supported. The agent cannot be installed on network devices.
How large of a file can be deployed with BigFix ?
There is nothing stopping folks for deploying updates or software of any size. The USGS relay infrastructure should handle this.
What is the process for changing my local relay if the hardware or OS changes?
1) Install the client
2) If the system is an AD joined Windows system add the computer to the “IGSG DI-IEM Relay Computers” group in AD. It will then automatically install the relay component. If the system is not in AD or is non-Windows then email the service desk to request the machine be made a relay.
How do the appropriate systems appear in my BigFix console computer list?
Based on the site’s location questionnaire the BigFix team created rules based on the OU names, computer names and ip address ranges provided. In some cases the rule will check for the presence of a specially named file unique to your site. If you are not seeing the systems you have the client installed on, contact the Servicedesk.
How do I ensure permissions to manage my systems are assigned to the appropriate person when multiple people manage multiple groups within a site OU?
Contact the service desk and the BigFix team will work with you to setup permissions.
How does the client deal with multiple network interfaces?
In a multiple IP scenario BigFix tracks all interfaces and attempts to use any one of the interfaces for relay communication.
How does relay selection work?
The client receives a list of all relays as part of the client software install. The client uses ICMP to probe the relays it knows about and select the closest one. At that point it stops probing until the relay becomes unavailable.
What if my relay disk fills up?
On each relay the amount of space available for use by BigFix is automatically set not to exceed a percentage of available space on each available volume. If a relay gets full it deletes the most infrequently used files first.
What additional configuration does the relay require beyond installation of the agent?
None, simply inform the BigFix Technical Support team of the relay’s IP so that the relay functionality can be enabled.
How do I remove a system from the console?
Right click and delete. This will remove from the console but not from the backend database. Each machine receives a unique identifier during the client install, if you rebuild a system it will appear as a new computer.
Can I track additional information? For example attach the FBMS CE Designation as a property of my computers.
Yes, Right click a computer, -> Edit Settings -> Add an attribute.