Auto Remediate - ST - MAG
Log In or Register to download the BES file, and more.

0 Votes

Description

 This task will use the Windows Task Scheduler as the Action Scheduler.

Property Details

ID27379
StatusQA - Ready for Production Level Testing
TitleAuto Remediate - ST - MAG
DomainPTCH
Sourcemichael.english@hcl-software.com
Source Release Date1/10/2025 12:00:00 AM
KeywordsCompliance, Automation, Custom Site
Is TaskTrue
Added by on 8/26/2025 3:13:27 PM
Last Modified by on 8/26/2025 3:13:27 PM
Counters 796 Views / 2 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 1 fixlet   * Results in a true/false
Show indented relevance
(windows of operating system) AND (exists main gather service)

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script 
parameter "scriptFolder" = "{(parent folder of data folder of client as string) & "\AUTO_REMEDIATE\" & (parameter "CustomSiteName")}"
parameter "scriptFile" = "{(parameter "scriptFolder") & "\securekey"}"

if {not exists folder (parameter "ScriptFolder")}
   folder create "{parameter "ScriptFolder"}"
endif

parameter "psFile" = {"%22" & (parameter "scriptFolder") & "\AutoRemediate.ps1" & "%22"}

if {not exists folder (parameter "psfile")}
delete __createfile
delete "{parameter "ScriptFile"}"
createfile until _EOF_
#Securing the password using SecureString with 16 byte (128 bit) encryption key then storing key in file.
#Encryption key is explicitly provided using the -Key or -SecureKey parameters with cmdlets like ConvertFrom-SecureString or ConvertTo-SecureString, PowerShell uses the Advanced Encryption Standard (AES) algorithm. The specified key must be a valid length for AES, typically 128, 192, or 256 bits.
[Byte[]] $key = (1..16)
$Password = "{parameter "MOpwd"}" | ConvertTo-SecureString -AsPlainText -Force
$Password | ConvertFrom-SecureString -key $key | Out-File "{parameter "ScriptFile"}"
_EOF_
delete "{parameter "ScriptFolder"}\encryptMO.ps1"
move __createfile "{parameter "ScriptFolder"}\encryptMO.ps1"
waithidden powershell -ExecutionPolicy Bypass -File "{parameter "ScriptFolder"}\encryptMO.ps1"
delete "{parameter "ScriptFolder"}\encryptMO.ps1"

if {not exists folder (parameter "scriptFolder")}
    folder create "{parameter "scriptFolder"}"
endif

delete __createfile
createfile until _EOF_
Set-Location -Path "{parameter "scriptFolder"}"
#
# here we are decrypting the key and using the credetials to run our first rest api query which looks for any existing AutoRemdiate MAG and deletes it to prevent stacking.
$key = @(1..16)
$dataFile = "secureKey"
$password = Get-Content $dataFile | ConvertTo-SecureString -Key $key
$creds = New-Object System.Management.Automation.PSCredential ("{parameter "Operator"}", $password)
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
#
$qry = @"
(%28ids%20of%20it%20as%20integer%29%20of%20bes%20actions%20whose%20%28name%20of%20it%20starts%20with%20%22AutoMAG%3A%20{parameter "CustomSiteName"}%22%20and%20state%20of%20it%20%3D%20%22Open%22%20and%20time%20issued%20of%20it%20%3C%20now%20or%20name%20of%20it%20starts%20with%20%22AutoMAG%22%20and%20state%20of%20it%20%21%3D%20%22Open%22%29)
"@
$BigFix_URL = "{parameter "RootURL"}"
$URL = "$BigFix_URL/api/query?relevance=$qry"
$responseQuery = (Invoke-RestMethod -Method GET -Uri $URL -Credential $creds).InnerXml
$answerData = $responseQuery | Select-Xml -XPath "//Answer[@type = 'integer']"
#
$answerData.Node.'#text'
foreach ($id in $answerData.Node.'#text') {
$BigFix_URL = "{parameter "RootURL"}"
$URL = "$BigFix_URL/api/action/$id"
$responsePost = (Invoke-WebRequest -Method DELETE -Uri $URL -Credential $creds).InnerXml
$responsePost
}
#
# we run our second rest api query which looks for any relevant fixlet in the site and provides the ID.
$rel = @"
(%28tuple%20string%20item%200%20of%20it%20of%20it%29%20of%20%28%28it%20as%20string%29%20of%20%28%28id%20of%20it%29%20of%20fixlets%20whose%20%28fixlet%20flag%20of%20it%20%3D%20true%20and%20exists%20applicable%20computers%20of%20it%20and%20exists%20action%200%20of%20it%29%20of%20bes%20custom%20sites%20whose%20%28name%20of%20it%20%3D%20%22{parameter "CustomSiteName"}%22%29%29%29)
"@
$BigFix_URL = "{parameter "RootURL"}"
$URL = "$BigFix_URL/api/query?relevance=$rel"
$xml_headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$xml_headers.Add("Content-Type", "application/xml")
$responseQuery = (Invoke-RestMethod -Method GET -Uri $URL -Credential $creds).InnerXml
$answerData = $responseQuery | Select-Xml -XPath "//Answer[@type = 'string']"
#
$mag = ""
foreach ($id in $answerData.Node.'#text') {
    $mag += "{parameter "CustomSiteName"}$idAction1"
}
#
# we run our third and final rest api query which looks for any relevant endpoints to be used for targeting.
$rel2 = @"
(concatenation%20%22%22%20of%20unique%20values%20of%20substrings%20separated%20by%20%22%20%22%20of%20%28tuple%20string%20item%200%20of%20it%29%20of%20%28%28it%20as%20string%29%20of%20%28%28%20%28%22%3CComputerID%3E%22%20%26%20concatenation%20%22%3C%2FComputerID%3E%20%3CComputerID%3E%22%20of%20substrings%20separated%20by%20%22%20%22%20of%20unique%20values%20of%20%28%28if%20%28exists%20ids%20of%20Applicable%20Computers%20of%20it%20%7C%20false%29%20then%20%28concatenations%20%22%20%22%20of%20%28ids%20of%20Applicable%20Computers%20of%20it%20as%20string%29%29%20else%20%28%22%3Cnone%3E%22%29%29%29%20%26%20%22%3C%2FComputerID%3E%22%20of%20it%29%29%20of%20fixlets%20whose%20%28fixlet%20flag%20of%20it%20%3D%20true%20and%20exists%20applicable%20computers%20of%20it%20and%20exists%20action%200%20of%20it%29%20of%20bes%20custom%20sites%20whose%20%28name%20of%20it%20%3D%20%22{parameter "CustomSiteName"}%22%29%29%29)
"@
$URL2 = "$BigFix_URL/api/query?relevance=$rel2"
$responseQuery2 = (Invoke-RestMethod -Method GET -Uri $URL2 -Credential $creds).InnerXml
$answerData2 = $responseQuery2 | Select-Xml -XPath "//Answer[@type = 'string']"
#
$target = $answerData2.Node.'#text'
#
# here we are creatng the xml file to be used when we submit our post.
$xml = @"
="1.0" encoding="UTF-8"?>
="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
  
    AutoMAG: <span class='actionscriptRelevance'>{parameter "CustomSiteName"}</span>
    true
    $mag
    
      $target
    
  

"@
$BigFix_URL = "{parameter "RootURL"}"
$URL = "$BigFix_URL/api/actions"
$xml_headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$xml_headers.Add("Content-Type", "application/xml")
$responsePost = (Invoke-RestMethod -Method POST -Uri $URL -Headers $xml_headers -Credential $creds -Body $xml).InnerXml
$responsePost
_EOF_
delete "{parameter "psFile"}"
move __createfile "{parameter "psFile"}"
endif
//We now create the scheduled task
wait cmd.exe /C schtasks /create /sc hourly /mo "{parameter "Interval"}" /tn "AutoRemediate_{parameter "CustomSiteName"}" /tr "powershell.exe -ExecutionPolicy Bypass -File '{parameter "psFile"}'" /F /ru SYSTEM /rl HIGHEST
Success Criteria

This action will be considered successful when all lines of the action script have completed successfully.


Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
Mike_English -
Use this task to automate compliance checklists in custom sites. (Actually it can automate any action deployment in any custom site).
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as