Topic
  • 8 replies
  • Latest Post - ‏2013-06-03T23:11:56Z by Michael_Knauth
Michael_Knauth
Michael_Knauth
5 Posts

Pinned topic Run an action on a device other than the client

‏2013-04-16T14:04:19Z |

Hi all,

Is it possible to run an action on a specific machine, other than the client, based on information retrieved from the client.

To clarify, I need to take the Wifi MAC address from an Apple or Android device an insert it into an object in Active Directory. Unfortunately, these devices have no ability to access or modify AD directly, so another device needs to complete the task on their behalf.

Can anyone suggest a creative way of pulling the information from the client record, making it available for another device to do the work?

Thanks,

Michael.

  • R26KPA
    R26KPA
    5 Posts

    Re: Run an action on a device other than the client

    ‏2013-04-17T20:18:21Z  

    Hello,

    I'm not sure if the TEM (BigFix) agent can modify an AD object. If its possible to modify an AD object with information on behalf of another device I'm curious to see how it works too.

    Are these mobile devices managed by TEM?

     

    -R26KPA

  • Michael_Knauth
    Michael_Knauth
    5 Posts

    Re: Run an action on a device other than the client

    ‏2013-04-18T00:07:25Z  
    • R26KPA
    • ‏2013-04-17T20:18:21Z

    Hello,

    I'm not sure if the TEM (BigFix) agent can modify an AD object. If its possible to modify an AD object with information on behalf of another device I'm curious to see how it works too.

    Are these mobile devices managed by TEM?

     

    -R26KPA

    Yes, these devices are being managed by IEM.

    I don't believe that the AD inspectors allow for the modification and manipulation of arbitrary objects, only a set of limited operations to be carried out on a 'self' computer object. But, I am happy with this - I can use a powershell script, or similar, to achieve what I need.

    I just need to be able to 'redirect' the execution of such an operation to a device that is actually capable of running the script... The devices themselves aren't members of AD and are obviously not capable of executing windows based tools.

    Michael.

  • cj_1969
    cj_1969
    3 Posts

    Re: Run an action on a device other than the client

    ‏2013-04-18T19:05:14Z  

    Yes, these devices are being managed by IEM.

    I don't believe that the AD inspectors allow for the modification and manipulation of arbitrary objects, only a set of limited operations to be carried out on a 'self' computer object. But, I am happy with this - I can use a powershell script, or similar, to achieve what I need.

    I just need to be able to 'redirect' the execution of such an operation to a device that is actually capable of running the script... The devices themselves aren't members of AD and are obviously not capable of executing windows based tools.

    Michael.

    just about anything is possible.

    the connection itself should be simple .. assuming you have a client on the machine you will be reaching out from that is scriptable.

    The question that concerns me about your request is that credentials would have to be passed to the client machine that will execute the connection.  If you are running TEM 9 then you could implement encrypted communications in which case it would only be visible on the console and on the end point itself at execution time.

    If you were going to run the command from a dedicated workstation (machine) then you could try running the bigfix client under alternate credentials, that have access to the device ... this might allow pass-through credentials to facilitate the authentication.

    If the destination machine is not in AD then you are most likely going to have to deal with passing credentials ... there is a way to encode them and then decode them so that they are at leasst not in clear text (or at least they had that ability in TEM v7.2 (they did this for OSD in v1.2).

    What is the destination device?  How do you see connecting to it?

  • Michael_Knauth
    Michael_Knauth
    5 Posts

    Re: Run an action on a device other than the client

    ‏2013-04-19T00:46:36Z  
    • cj_1969
    • ‏2013-04-18T19:05:14Z

    just about anything is possible.

    the connection itself should be simple .. assuming you have a client on the machine you will be reaching out from that is scriptable.

    The question that concerns me about your request is that credentials would have to be passed to the client machine that will execute the connection.  If you are running TEM 9 then you could implement encrypted communications in which case it would only be visible on the console and on the end point itself at execution time.

    If you were going to run the command from a dedicated workstation (machine) then you could try running the bigfix client under alternate credentials, that have access to the device ... this might allow pass-through credentials to facilitate the authentication.

    If the destination machine is not in AD then you are most likely going to have to deal with passing credentials ... there is a way to encode them and then decode them so that they are at leasst not in clear text (or at least they had that ability in TEM v7.2 (they did this for OSD in v1.2).

    What is the destination device?  How do you see connecting to it?

    Thanks Chris.

    I am running IEM 9, which should hopefully open up a few more avenues of ability.

    I haven't started on the script to make that AD modification yet, or tackled the method of execution. My focus is on how to get the required information from the relevant mobile devices to a system that is able run a task.

    In my mind, (roughly) it's a three stage process:

    • Identify mobile devices that need their MAC included into AD and make that information available to a capable agent/machine;
    • Run a task to make the AD modification;
    • Set a value on the mobile device so that it is no longer relevant for the fix.

    It's the first stage that's my current hurdle - getting the data to a capable agent to process.

    Thanks,

    Michael.

  • cj_1969
    cj_1969
    3 Posts

    Re: Run an action on a device other than the client

    ‏2013-04-19T11:02:06Z  

    Thanks Chris.

    I am running IEM 9, which should hopefully open up a few more avenues of ability.

    I haven't started on the script to make that AD modification yet, or tackled the method of execution. My focus is on how to get the required information from the relevant mobile devices to a system that is able run a task.

    In my mind, (roughly) it's a three stage process:

    • Identify mobile devices that need their MAC included into AD and make that information available to a capable agent/machine;
    • Run a task to make the AD modification;
    • Set a value on the mobile device so that it is no longer relevant for the fix.

    It's the first stage that's my current hurdle - getting the data to a capable agent to process.

    Thanks,

    Michael.

    Wow ... they finally changed the product name and removed the Tivoli part ... you threw me at first by the IEM reference  :)

    If these are managed devices with an IEM product then you should have all of the information (or can get it) in the IEM console/wenb reports.

    I would think the easiest way to do what you want is to create a web report that reports back the MAC address of those devices and then you can export that report to a CSV file.  Use that file as the input to your script to make the mods to AD.

    As for flagging the client in some way, if you log the successful update of AD on a per machine basis you could then use that machine list to deploy something back to those clients to identify them as having been added to AD.  For simplicity sake and the lack of storage requirements, maybe just add them to a group so that you can exclude by group membership to identify machines that have not been added to AD

  • Michael_Knauth
    Michael_Knauth
    5 Posts

    Re: Run an action on a device other than the client

    ‏2013-05-20T01:45:27Z  
    • cj_1969
    • ‏2013-04-19T11:02:06Z

    Wow ... they finally changed the product name and removed the Tivoli part ... you threw me at first by the IEM reference  :)

    If these are managed devices with an IEM product then you should have all of the information (or can get it) in the IEM console/wenb reports.

    I would think the easiest way to do what you want is to create a web report that reports back the MAC address of those devices and then you can export that report to a CSV file.  Use that file as the input to your script to make the mods to AD.

    As for flagging the client in some way, if you log the successful update of AD on a per machine basis you could then use that machine list to deploy something back to those clients to identify them as having been added to AD.  For simplicity sake and the lack of storage requirements, maybe just add them to a group so that you can exclude by group membership to identify machines that have not been added to AD

    Sounds like a good plan.

    I've made a custom web report that should produce a file that is parsable by some sort of script. The catch is, the report isn't exported as a CSV, even though the scheduled task is configured to do so; All data is exported on one line with HTML mark up (either td's or br's).

    Is there an easier/better way to export report results?

  • tomfranken
    tomfranken
    4 Posts

    Re: Run an action on a device other than the client

    ‏2013-06-03T19:01:43Z  

    Sounds like a good plan.

    I've made a custom web report that should produce a file that is parsable by some sort of script. The catch is, the report isn't exported as a CSV, even though the scheduled task is configured to do so; All data is exported on one line with HTML mark up (either td's or br's).

    Is there an easier/better way to export report results?

    If the individual devices are separated by "td", you can copy it all into a Word doc and replace the td's (or whatever separates them) with a paragraph mark (^p).  That will give you a list of rows of relevant data.  If the data is separated by the br's, replace them with some unique character.  Copy that mess into Excel and slit the text into multiple columns using the character as the deliminator. 

     

    It sounds worse than it is.

  • Michael_Knauth
    Michael_Knauth
    5 Posts

    Re: Run an action on a device other than the client

    ‏2013-06-03T23:11:56Z  

    If the individual devices are separated by "td", you can copy it all into a Word doc and replace the td's (or whatever separates them) with a paragraph mark (^p).  That will give you a list of rows of relevant data.  If the data is separated by the br's, replace them with some unique character.  Copy that mess into Excel and slit the text into multiple columns using the character as the deliminator. 

     

    It sounds worse than it is.

    Thanks Tom, but probably not the sort of solution I'm willing to adopt.

    The problem is that Web Reports doesn't seem to want to create a CSV as indicated in the UI. Any post-report manual manipulation detracts from the requiment of having this entire process automated.

    Yes, you could parse the output'd report and use regex replacement to do this without having to jump from Word to Excel, etc, but it would be advantageous to address the ability to properly export a CSV file.

    I want to be able to use the tools that are provided through the solution, as once it's implemented, the processes will have to be managed by level 1 helpdesk technicians.