BigFix Guides
BigFix Server Hardware/Software Specifications
- Provision a dedicated server or virtual image with at least 20 GB of free disk space and 2 GB of RAM
- Perform a clean install of a Microsoft Windows Server 2003 | 2008 with all critical patches and Service Packs applied
- Install a default instance of Microsoft SQL Server (Standard or Enterprise) locally on the server. If you do not have a license for SQL server, download and install the free 6 month evaluation version from Microsoft.
Network Specifications
- Allow the BigFix server to have direct Internet access without going through a proxy.
- Allow TCP and UDP traffic on port 52311(default) across any internal firewalls and centrally managed personal firewalls.
- Define and propagate an internal DNS entry for the BigFix server so its IP address can be resolved through a fully qualified domain name, for example: bigfix.OrganizationName.TopLevelDomain. If a DNS name is not used, the BigFix server must have a fixed IP address.
Other than applying all relevant patches to the Server OS, also download and install the following software as well prior to our meeting:
BigFix Software Download
BigFix Enterprise Suite is located here (get the evaluation version unless you have received a license already).
If we have a WebEx scheduled for the installation, just download the installer to the server and reboot the machine prior to the meeting.
Installing the BigFix Agent
A complete list of options can be found in the BES System Administrator’s Guide.
For environments with no existing software deployment methods (GPO, login scripts,etc.), the BigFix Deployment Tool may work. For the BigFix Deployment tool, it is important that you are able to meet the requirements outlined at this BigFix KB article.
Using the BigFix Deployment tool to install the BigFix Client to workgroup or domain computers requires the following configuration only during the period of agent installation:
- RPC must be enabled
- File and print sharing must be enabled
- Any local firewalls on the endpoint must be disabled
If you have problems with the deployment tool, it is usually because of one of the following reasons:
- RPC is not enabled
- File and Print Sharing is not enabled
- A personal firewall or other endpoint security tool is blocking the connection (AV, HIPS, etc.)
- An internal firewall is blocking the connection
- The person using the Deployment tool does not have the correct domain permissions to remotely install software; or, if they are using a local administrative account, they do not have the correct local administrative password
Installing the BigFix Client with MSI
You can use the Microsoft Installer (MSI) version of the BES Client to interpret the package and perform the installation automatically. This MSI version of the client (BESClientMSI.msi) is stored in the BESInstallers\ClientMSI folder. You can run this program directly to install the client or you can call it with arguments. Here are some sample commands, assuming that the MSI version of the Client is in the C:\BESInstallers\ClientMSI folder:
msiexec.exe /i c:\BESInstallers\ClientMSI\BESClientMSI.msi /qn
The \qn command performs a silent install.
msiexec.exe /i c:\BESInstallers\ClientMSI\BESClientMSI.msi INSTALLDIR="c:\myclient"
This command will install the program to the given directory. You can find the full list of installation options at this Microsoft site.
With the MSI version of the client installer, you can create a Group Policy Object (GPO) for BESClientMSI deployments. For more information on Group Policies, see the Microsoft knowledge base article 887405.
Installing the BigFix Agent on Macs
Installation instructions for the Mac BigFix Agent are here. You may want to use the Apple Remote Desktop feature to automate the delivery.
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment