Welcome
Remote Control
BigFix Remote Control application helps to communicate between different components, clients, and endpoints within BigFix environment.
Remote Control Administrators Guide
This guide is for users who want to administer Remote Control.
Certificate management
Remote Control uses certificates in the Server and in the Broker to address the authentication and verification required for ensuring secure connections between the different product components.
Broker Certificate Renewal
The Broker certificate must be renewed before its expiration to maintain communication between Remote Control components. This process involves renewing the certificate keystore, uploading the new certificate, and ensuring all Brokers and Targets are updated accordingly.

BigFix Documentation Homepage
BigFix 11 Lifecycle Documentation
Welcome to the BigFix Lifecycle documentation, where you can find information about how to install, maintain, and use BigFix Lifecycle.
BigFix Platform
BigFix Query
Lifecycle overview
BigFix Lifecycle is single-agent, single-console technology that provides near real-time visibility into the state of endpoints.
Lifecycle guides in PDF format
Following is a list of links to the BigFix Lifecycle guides in PDF format:
Software Distribution
Use the BigFix Software Distribution applications to deploy software to endpoints across your network from a single location. Maintain control and visibility into software delivery and installation. Device owners can use the Self Service Application to manage software and other BigFix actions that are deployed to them as offers.
OS Deployment
BigFix OS Deployment, which is part of the BigFix Lifecycle Management suite, provides a consolidated, comprehensive solution to quickly deploy new workstations and servers throughout a network from a single, centralized location. This solution saves time and money, enforces a standardized and approved image, and reduces risks associated with non-compliant or insecure configurations.
Remote Control
BigFix Remote Control application helps to communicate between different components, clients, and endpoints within BigFix environment.
- Release notes
  A summary of changed or new features and enhancements included in BigFix Remote Control.
- Remote Control Installation Guide
  By using Remote Control you can remotely support and control thousands of PCs and servers, on an enterprise scale, from a central location or directly, in peer to peer mode.
- Remote Control Administrators Guide
  This guide is for users who want to administer Remote Control.
  - Set a secure environment
    Set a secure environment when you are using Remote Control.
  - Secure target registration
    To prevent unauthorized targets from registering with the Remote Control server, you can use tokens to authenticate the target.
  - Configure SAML 2.0 authentication on the server
    Remote Control V9.1.3 introduced support for SAML 2.0 authentication on the Remote Control server.
  - Access the server web interface
    After you install the BigFix® Remote Control Server software and the BigFix Remote Control Target software, you can log on to the server application. For more information about installing and configuring the server and target software, see the Remote Control Installation Guide
  - Using the Deployment Status Dashboard
    The Deployment Status Dashboard provides a quick view of the system and brokers health status.
  - Unattended Target Support
    The Unattended Target Support feature allows you to take remote control sessions of targets that are connected through a broker, without the need to provide a connection code. In strict remote control terminology, an unattended target is a managed target that performs Call Home through a broker.
  - Unlocking user accounts
    When a user account is locked, you can unlock the account by using the Unlock locked userid feature.
  - Manage targets and target groups
  - Manage users and user groups
  - Server session policies
  - How session policies are determined
  - Starting a managed session by using an installed controller
    When you start a managed session, you can configure the server to use an installed controller rather than using the Java™ Web Start method. Note that the Java Web Start plugin method is deprecated in Remote Control starting from Version 10.0.0 Update 8 (Build Number 0802). This feature makes starting a session faster and it removes any warning message windows that are displayed while the session is starting.
  - Manage permission sets for temporary access to targets
  - Requests for temporary access to targets
  - Generate custom reports
  - Manage the home page for a user or group
  - Adding tables and columns to queries
  - Configuration and troubleshooting options in the Admin menu
  - Ensure targets are registered correctly
  - Record the session on the target
  - Set up for exporting recordings
  - Audit log distribution
  - Access targets on different networks
  - Editing the properties files
    You can use the properties files in Remote Control to customize your environment, configure Microsoft Entra ID or LDAP, set debug options, and set controller and on-demand target properties. The files can be edited in the BigFix® Remote Control Server UI.
  - Running tools on the target during a remote control session
  - Reduce the volume of target connections to the server
  - Broker configuration
    When you install broker support you can use the installed trc_broker.properties file to configure your environment for using the broker function.
  - Managing brokers
    After installing broker support you can register the broker machines in the Remote Control server. When they have been registered you can view the list of brokers, edit the broker details and delete brokers that are no longer required.
  - Certificate management
    Remote Control uses certificates in the Server and in the Broker to address the authentication and verification required for ensuring secure connections between the different product components.
    - Remote Control Server Certificate
      By default, Remote Control creates a self-signed certificate for the website during the installation.
    - Using an existing keystore
      You can change the default certificate by installing your own certificate keystore. You can either use a P12 or JKS keystore.
    - Using a Certificate Authority signed certificate on the Server
      You can create a Certificate Signing Request (CSR) from the default self-signed certificate keystore created during the installation by following the procedure at Lifecycle/Remote_Control/RC_Admin_Guide/rcbcacerts.html.
    - Backing up your server certificate file
      Back up your certificate file if you are upgrading your Remote Control server and you previously manually installed a certificate.
    - Remote Control Broker Certificate
      Remote Control does not create certificate for the broker during the installation. Follow the instructions in this section to create and setup the broker certificate.
    - Strict Certificate Verification on Broker Connections
      The Remote Control controller and target, instructed by the remote control server, uses strict certificate validation by default when connecting to a broker. This verification requires a trust store that contains the trusted certificate.
    - Using a self-signed certificate for the Broker
      You can create a self-signed certificate for the broker by following the Lifecycle/Remote_Control/RC_Admin_Guide/rcbnewcert.html procedure.
    - Using a Certificate Authority signed certificates for the Broker
      If using a PKCS#12 keystore you can create a Certificate Signing Request (CSR) from the self-signed certificate keystore created earlier by following the procedure at Lifecycle/Remote_Control/RC_Admin_Guide/rcbcacerts.html or you can also create a brand new Broker self-signed certificate before creating the CSR. In this case follow the procedure at Lifecycle/Remote_Control/RC_Admin_Guide/rcbnewcert.html.
    - Configuring the keystore on the broker
      After you have created the keystore which holds the private key and certificate for the broker, it should be copied to the broker machine and the broker properties configured accordingly.
    - Truststore configuration
      The Remote Control server holds the truststore that is used for verifying the broker certificates.
    - Creating a self signed certificate
      Read this page to learn the procedure to renew or generate self-signed certificates.
    - Creating Certificate Authority signed certificates
      Read this page to learn the procedure to renew or generate CA signed certificate.
    - Extracting the certificate from the keystore
      When using strict certificate verification, the certificate needs to be extracted from the keystore before being uploaded to the Remote Control server.
    - Broker Certificate Renewal
      The Broker certificate must be renewed before its expiration to maintain communication between Remote Control components. This process involves renewing the certificate keystore, uploading the new certificate, and ensuring all Brokers and Targets are updated accordingly.
  - Migrating to a new certificate
    If your existing certificates are due to expire, you can create new certificates. Distribute the new certificates to the relevant endpoints so that they can continue to successfully establish remote control sessions through the broker.
  - Configuring the session connection code
    You can define the number of characters required and the timeout value, for the connection code used when starting a remote control session through a broker.
  - Target registration before a remote control session
    When you have targets that are on the internet or third-party networks and cannot register directly with the Remote Control server you can configure server properties to allow the target to register with the server. When the target registers, you can start a remote control session with the target, by using a broker.
  - Configure target properties
  - Importing data from other sources
  - Database table and column descriptions
  - Troubleshooting and Help
  - Gateway sample scenarios
  - Properties for configuring logging activity
    Use properties to determine what type of information and how much is written to the broker, gateway, and target component log files.
  - Override proxy
    The controller uses the proxy defined at system level by default. In some conditions, this may not be desirable. Creating a file named “override.proxy” in the controller install folder changes the default behavior and the system proxy is ignored
- Remote Control Console User Guide
- BigFix Remote Control Controller Users Guide
- Remote Control Target Users Guide
- Remote Control On-demand Target Guide
  Use Remote Control to start remote control sessions over the internet with targets that do not have the target software installed.
- Remote Control V10 Readme
Power Management
Use Power Management to control, monitor, and manage conservation policies in your deployment.
Application Control
BigFix Application Control provides a robust framework for managing application usage within an organization. It allows administrators to define policies that dictate which applications can or can not be run on endpoints, thereby enhancing security and compliance.
Server Automation
Server Automation provides powerful automation. You can use it to sequence automation actions in steps across multiple endpoints.
Profile Management
Profile Management is a WebUI-based feature of BigFix Lifecycle. It provides Security Administrators the capability to define and deploy security policies to Windows 10 and macOS devices.
BigFix Remediate
BigFix MCM

Broker Certificate Renewal

The Broker certificate must be renewed before its expiration to maintain communication between Remote Control components. This process involves renewing the certificate keystore, uploading the new certificate, and ensuring all Brokers and Targets are updated accordingly.

The Broker certificates can reach their expiration date in one year or more. You can check the expiration date in the All Trusted Certificates page on the Remote Control server by selecting a specific certificate in the list.

It is suggested to renew the Broker certificate before the expiration date to avoid broken communications between Remote Control components. Following is the list of suggested steps:

Renew the expiring Broker certificate keystore.
Upload the new certificate to the Remote Control server (PEM format).
In case of CA signed certificate, upload the CA chain certificates to the server if they have been changed (PEM format).
The new certificates will be automatically downloaded by the Brokers and the Target on next callHome or next service restart.

When the Target can’t directly reach the Remote Control server and the Remote Control server and/or the Target have a version 10.1.0.3xx or earlier you need to manually upload the new certificate using the Remote Control Target Wizard (refer to Creating Remote Control target configuration tasks). You can copy the broker.certs file content from one of the Brokers with the updated list and paste it to the Trusted certificates for Broker connections box. Note that the whole content of the broker.certs file on the Target machine will be replace with the provided list of certificates.

Once that the new certificates have been updated on all Brokers and Targets you can copy the new certificate keystore file to the Broker machine (check the supported formats from the Remote Control Broker Certificate topic) and reconfigure the Broker to use the new keystore.

Once that the Broker service has been restarted you can follow the instructions from the Remote Control Broker Certificate topic to perform the certificate validation.

Once the validation is completed you can safely delete the expiring/expired certificate from the All Trusted Certificates page on the Remote Control server.