Edit Actions Tab
The Actions tab of the Creation/Edit dialogs lets you create Actions for your new or customized Fixlet or Task object.
The Actions you create here become the clickable links in the finished Task or Fixlet, and they are deployed on the appropriate computers of your network. The Actions are listed in their display order at the top of the dialog. To the right of the list is a set of buttons:
- Add: Click this button to create a new Action. It creates a new numbered entry in the top list and opens a blank text box for you to write your Action script.
- Delete: Select an item from the list and click this button to Delete it.
- Move Up: Moves the selected Action up in the list, meaning that it is displayed earlier.
- Move Down: Moves the selected Action down in the list, meaning that it is displayed later.
For each Action, you can edit the type, certain settings, and the script itself.
Select an Action Script Type from the pull-down menu. Among the choices are:
- BigFix Action Script: This is a cross-platform scripting language, and is the default scripting type.
- AppleScript: This is the scripting language of choice for managing Macintosh computers.
- sh: This is shell script as used by a UNIX system.
- URL: This is a URL pointing to an appropriate script or informational web page. When an Action is created as a URL, it is listed as a numbered Link.
- PowerShell: Starting from version 10.0.4, BigFix
gives you the possibility to run PowerShell scripts too.
You can run on a selected Windows Client the script that you write in the Action Script text box. The script runs on the PowerShell installed by default by your Windows operating system in the C:\Windows\System32\WindowsPowerShell\v1.0 directory, if available, or in C:\Windows\SysWOW64\WindowsPowerShell\v1.0.
The script is executed by default using the -ExecutionPolicy Bypass option. To avoid using this option, you can use the
_BESClient_PowerShell_DisableExecPolicyBypass
client setting described in the Miscellaneous section of the List of settings and detailed descriptions page.Since they are executed in hidden mode, PowerShell scripts requiring user interaction or showing pop-up windows or dialog boxes are not supported and might cause the action to remain in running status or the script to display an error in the log file.
There are some more properties you can use to modify any Action.
Check one or more of the following boxes to customize each action:
- This Action is the default Action: Check this box to make the selected Action the default for this group of Actions. Default Actions must be failsafe and simple, making it reasonable to launch them unattended or to group them for simultaneous deployment.
- Include Action Settings Locks: Check this box to use custom settings and locks, including display messages, users, execution behavior, and post-actions. Click the Edit button to open the Action Settings dialog with a lock next to each item. Click the locks to keep these values from being changed.
- Include Custom Success Criteria: Typically a Fixlet is designed so that completing an Action makes it fail the initial Relevance test. Because this test is typically triggered by a vulnerability, its failure indicates successful remediation, therefore causing the Fixlet to disappear from the Console. However, you can select other criteria to establish success by checking this box. Click the Edit button to open the Action Success Criteria dialog and key in your alternative criteria.
In the bottom text box, enter the actual text of the Action Script. The style varies depending on the script type you chose in the previous section. Because they can be potentially distributed to hundreds of thousands of computers, it is always advisable to test and test again.
This dialog is available by clicking the Fixlet, Task, or Baseline icon in the Domain Panel navigation tree. Right-click an item in the resulting List Panel and select Create Custom Copy from the context menu.
Alternatively, select the Create item you want from the Tools menu.