Asset Discovery

This page has not been liked. Updated 4/7/17, 12:42 AM by KarenKueTags: None

Product Documentation

Asset Discovery User's Guide (version 9.5)

Asset Discovery User's Guide (version 9.2)

Asset Discovery User's Guide (version 9.1)

Asset Discovery User's Guide (version 9.0)

Asset Discovery User's Guide (version 8.2)

Asset Discover User's Guide (version 8.1)


The following content may be outdated. Please refer to the product documentation in the above links.


BigFix offers several ways to identify computers that do not have the BigFix Client installed or running:

  • Client Deploy Tool: A tool that will connect to Active Directory and check if the computers have the BigFix Client service running. The Client Deploy Tool comes installed when you install the Installation Generator. The Client Deploy Tool can be used to install the BigFix Client if the computers are in the Active Directory domain.

  • Asset Discovery Fixlet Site: A Fixlet site that allows you to remotely deploy "Scan Points" to periodically scan the remote subnets and then import the data into the TEM Console. Read below for more details.

The Asset Discovery Fixlet site allows you to help find unmanaged computers that do not have the BigFix Client installed (or computers that do not have the BigFix Client running) that are on the network and additionally help you identify network devices such as routers, printers, and switches that cannot have the BigFix Client installed.

BigFix Asset Discovery works by allowing you through Fixlet messages and Tasks to deploy "Scan Points", which are NMAP scanners, to specified BigFix Clients in your network. You can then use Fixlets and Tasks to periodically run scans. The scan results are automatically shipped to the BigFix Server, which imports the data into the database. The scan information can then be viewed in the BigFix Console in the "Unmanaged Asset" tab.


Note: To make the link Install BES Client active, copy the folder BESClientDeploy from the BES installer folder on the server to the folder BES Console on the workstation where the BES console is installed.


Here are some pictures illustrating the process.

The designated scan points will scan their local subnets:

The result are then automatically sent to the BigFix Server, imported in the database, and available for view in the BigFix Console "Unmanaged Assets Tab":

Instructions for using BigFix Asset Discovery

Follow these instructions to begin using BigFix Asset Discovery:

  1. First, read the warnings below about using the BigFix Asset Discovery prior to installation.

  2. Then please see the following guide to configure and manage the BigFix Asset Discovery solution:



The warnings below are very important, please read them before installing the Asset Discovery Fixlet site. Check with your network team before scanning the network!



  • When you designate scan points, you are installing the NMAP scanner application available from You must agree to the license agreement for NMAP before designating the scan points.

  • When you designate scan points, you are installing the packet capture library, WinPCAP 3.1, available at will be installed. You must agree to the license agreement for WinPCAP before designating the scan points.

  • Nmap is distributed in a .zip file. In order to extract it, BigFix will temporarily download and use Info-Zip's decompression tool. Info-Zip is an open-source decompression utility. More information on Info-Zip is available at You must agree to the license agreement for Info-Zip before designating the scan points.


Potential Scanning Issues

  • Network scans can potentially trigger Intrusion Detection Systems.

  • Network scans can potentially cause old network devices, such as old printer network devices, to fail if scanned.

  • Network scans can potentially cause personal firewalls, such as ZoneAlarm or BlackIce, to advise the user that a computer is scanning the local computer.

  • NMAP is sometimes flagged by virus scanners as a potentially harmful tool (because it can be used for malicious purposes). Check to make sure your virus scanner is not set to block NMAP from running.

  • If you set NMAP to scan a very large network (such as 10.10.*.*) it will take a very long time and could consume significant bandwidth during the scan. Note that the default scan is the local Class C network, which usually is a fast LAN. BigFix does not recommend scanning large networks across the WAN with this tool.

  • Using NMAP to scan is usually a very safe operation, but there potentially could be issues specific to your organization that could result from scanning computers. Please obtain the appropriate authorization before proceeding.

  • The scan point name cannot include any non-ASCII characters. Any non-ASCII character might result in unmanaged assets not being found when a non master operator runs "By Scan Point", or it fails to upload the scanning report to the BigFix server.

  • When assigning a non master operator to operate unmanaged assets through "Scan Point", the non master operator might be able to access unmanaged assets scanned by other operators if the scan point name is the same as the name of any computer the non master operator manages.