HCL Connections
  • Home
  • Profili ▼
  • Comunità ▼
  • App ▼
  • Metriche
  • Moderazione
  • ▼
  • Accesso
  • Condividi
  • ?
  • HCLHCL

Blog

  • Blog personali
  • Blog pubblici
  • Aggiornamenti personali
  • Amministrazione
  • Accedere per partecipare

▼ Tag

 

▼ Archivio

  • settembre 2021

▼ Autori del blog

BigFix - Add extra security controls to your environment

Visualizza tutte le voci
Facendo clic su questo pulsante verrà eseguito un aggiornamento della pagina completa. L'utente dovrà passare all'area "Elenco di voci" per visualizzare il nuovo contenuto.) Elenco di voci

BigFix - Add extra security controls to your environment

Brad Sexton 64576A77-B31D-BF00-0025-86070027DBEC bsexton@hcltechsw.com | ‎ | 768 viste

With great power comes great responsibility! While having domain admin rights on your workstation, you do not want to log in to it and use it to check your email or do your day-to-day activities. The same goes with your BigFix Master Operator. Your Master Operator account is needed for configuring your environment; your day-to-day job of patching and pushing out software should be used with a least privileged one.  For details, see my earlier article on how to set up roles and grant your account the access privileges it needs. You can also set additional security controls in your accounts. For details, see the official documentation.

In this article however, I will walk you through the steps for setting up some of these features to keep additional checks in place so they fit your organizational needs. 

  1. On your BigFix Server computer, open BigFix Administration Tool (BESAdmin).

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  1. Enter the site key and password when prompted.

image

 

 

 

 

 

 

 

  1. Open the Advanced Option tab and select Add.

The first setting to add is requireConfirmAction - set the value to true and click OK.

image

 

 

 

 

 

 

 

 

A summary of the action is displayed. Click OK to proceed.

image

 

 

 

 

 

 

 

 

 

 

 

 

disableNmoDynamicTargeting

image

 

 

 

 

 

This action prevents non-master operators (NMO) from targeting dynamically and sending out mass deployments. It only allows them to target either by using a list or by entering the device names manually.

image

 

 

 

 

 

 

 

 

 

loginTimeoutSeconds

image

 

 

 

 

 

 

This forces the operator including master operators to re-authenticate before each action is taken.

image

 

 

 

 

 

 

 

 

 

 

 

 

 

targetBySpecificListWarning

image

 

 

 

 

 

 

This issues a warning to the console operator when they target more machines than a predefined value.

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

useFourEyesAuthentication

image

 

 

 

 

 

 

  1. Go to roles settings and create an "approver" role and add the operators you want to be able to approve actions.

image

 

 

 

 

 

 

 

  1. Set the operator that you want to be able to force an approval before the actions can be run.

image

 

 

 

 

 

 

 

 

Once this is done, you are prompted to enter the approver's credentials before taking an action.

image

 

 

 

 

 

 

 

 

 

  • Aggiungi un commento Aggiungi un commento
  • Modifica
  • Ulteriori azioni v
  • Metti questa voce in quarantena
Invia notifica ad altre persone
notification

Invia notifica email

+

Metti in quarantena questa voce

deleteEntry
duplicateEntry

Contrassegna come duplicato

  • Voce precedente
  • Principale
  • Voce successiva
Feed per voci del blog | Feed per commenti del blog | Feed per commenti relativi a questa voce
  • Home
  • Guida
  • Strumenti di segnalibri
  • Metriche server
  • IU mobile
  • Informazioni su
  • HCL Connections su hcl.com
  • Inoltra feedback