Distribute 2 Secrets
Log In or Register to download the BES file, and more.

0 Votes

Description

 

Varient: This variation also includes, a second hardcoded secret. This is not secure on the console or database, but would be secure "in flight" and "on the endpoint" and "in all client logs". If you require "console secure" then you should only use the first method where the taker of the action has to type in the secret when taking the action.


Property Details

ID3679
StatusBeta - Preliminary testing ready for more
TitleDistribute 2 Secrets
DomainBESC
SourceInternal
Source Release Date7/31/2012 12:00:00 AM
Added by on 12/21/2013 7:00:42 AM
Last Modified by on 12/21/2013 7:00:42 AM
Counters 9952 Views / 295 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 94 fixlets and 99 analyses   * Results in a true/false
Show indented relevance
true

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
dos echo {parameter "secret" of action} > c:\secret
dos echo {parameter "secret2" of action} >> c:\secret

// uncomment this line to "clean up" the the secret in normal usage.
// delete c:\secret

// You may prefer to use the secret directly in commands instead of inserting it into a script file.
// if you choose this method, the plaintext secret will only exist briefly in memory on the endpoint during execution.
// dos net user adminstrator {parameter "secret" of action}
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
brolly33 -
Also of note - you can pass secure parameters in a REST action using the SecureParameter tag in your XML. Documented in the BES_XSD for the Action and SourcedFixletAction nodes.
brolly33 -
vipulmeche, you might have figured out by now, the secret distribution requires use of the client secure mailbox, and therefore cannot be targeted dynamically. If you are sending to more than 10,000 machines you will have to break your list up.
vipulmeche -
Hi jgstew, This task does not allow to choose" Dynamically target by Property". It is greyed out. The problem is that I am trying to use this task to deploy on a large scale and the console is not allowing me to deploy on more then 10000 machines properly. Any modifications that can make this happen?
jgstew -
I think you could remove the secret that is being prompted for in the JS and use only "stored" secrets that would be visible to anyone who can see them in the console. This might allow it to be used using the RestAPI.
DavidCee -
Any suggestions how to make this work via the REST API? Obviously in this form, the javascript to force a TakeSecureFixletAction only works in the GUI
jgstew -
Also related discussion here: https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014748508
jgstew -
Related discussion here: https://www.ibm.com/developerworks/community/forums/html/topic?id=56dbb886-ad6f-4777-8f29-678daee29ac6
brolly33 -
Variation on the Distribute Secret to demonstrate using 2 secrets in the same Fixlet. Also shows a method of hardcoding the secret into the Fixlet Description (where it would be visible to any console operator) instead of prompting the action taker for it.