When you take an action from a Fixlet message in BES, the BES Clients receive a copy of the action that is authorized by the BES Console user. If the underlying Fixlet message changes, the copy of the action you took earlier will not change. This behavior is designed specifically into BES as a security precaution -- the BES user knows that actions will not "change from underneath them" in a way that is potentially dangerous.

However, the downloads for some Fixlet messages change quite often. For example, the "BigFix AntiPest Update Definitions" Fixlet message will change weekly when new definitions are released. You will need to send out a new action every week to ensure that your AntiPest definitions are up to date. Some BES users wish to automate the process of reapplying actions when they change. The BES Action Regenerator was built for this purpose.

Requirements

The BES Action Regenerator must be run on a Windows 2000, XP, or 2003 Server.
The BES Action Regenerator must be able to connect to the BES Server database and BES Root server (the network requirements are the same as the BES Console).
The BES Action Regenerator must be given a valid username, passphrase, and private key file that will be used to connect to the database and then digitally sign and propagate actions.
The current BES Action Regenerator will work with BES 5.1, BES 6.0, BES 7.0, BES 7.1, BES 7.2, BES 8.0, TEM 8.1 and TEM 8.2.
The BES Client, BES Console and BES Server API must be installed on the computer that will run the BES Action Regenerator. The BES Client must be functioning normally and also in communication with the BES Root Server.

Setup Instructions

Download the BES Action Regenerator to a computer that will run the BES Action Regenerator on a periodic basis. You can use the BES Server, but BigFix recommends that you not use the BES Action Regenerator on your BES Server for security reasons and that you use a separate secure computer in which the key and passphrase can be better secured. The server to hosting the BES Action Regenerator should have the BES Client and BES Console installed on it.

Downloads:
Extract the contents to a permanent location.
You will need to install the BES API before the script will work. To do this, run the "setup.exe" file located in "BES API Installer" folder that you just unzipped. Follow the instructions to install the BES API.
Next, you will need to set the configuration parameters of the BES Action Regenerator. To do this, use a text editor to open the "ActionRegenerator.config" file in the "ActionRegenerator" folder.
You will need to specify the ODBC DSN value so that the BES Action Regenerator knows which BES Server database to use. Fill in the "databasedsn" value in the config file. If the BES Console is installed on the same computer, the DSN will be "bes_EnterpriseServer". If the BES Console is not installed on the computer, use the instructions here to set up a DSN.
You will also need to supply a BES private key file, a username, and a passphrase in the config file. The username and passphrase will be used to both connect to the database and to unlock the private key file. It is recommended that you generate a separate user and key file to be used explicitly for the BES Action Regenerator (by making a new user and key file, it will be easier to manage and to revoke the user if necessary).
Double check that you have filled in the databasedsn, username, passphrase, and signing keys with the appropriate values. The BES Action Regenerator is configured by default to update the "BigFix AntiPest - Update Definitions" Fixlet message (Fixlet ID 4 on the BigFix AntiPest site) if it changes. You can change the other configuration values if you would like. When it is complete, the config file should look something like this:

###################################### # Action Regenerator Config File ###################################### ## You need to change these config options: databasedsn=bes_EnterpriseServer; username=jsmith; password=pswd!; signingkeysfolder=C:\bigfix keys\jsmith; ## You probably don't want to change these (although you can if you want) preactiontitle=AUTOGENERATED: ; sitename=BigFix AntiPest (powered by PestPatrol); fixletid=4; actionid=2; targetrelevance=true; daystillexpire=7; temporaldistribution=60;
The BES Action Regenerator should now be configured.

Usage Instructions

When you run the BES Action Regenerator, it will create an action that will be targeted at all relevant computers for the "BigFix AntiPest - Update Definitions" Fixlet message (or whichever Fixlet message you specify). The action that will be created will look the same as if you opened the BES Console, clicked on the Fixlet action, targeted to all computers, and then sent the action out (the only difference will be that the action name will start with "AUTOGENERATED:").
When you run the BES Action Regenerator again, it will look to see if the download has changed from the last time it ran. If the download has changed, it will send out another action that will include the new download.
You can use the Windows task scheduler to run this BES Action Regenerator periodically.
The file ActionRegenerator.log in the same folder as BESActionRegenerator.exe will contain a log of the activities. Here is an example log entry:

Wed Nov 30 17:20:25 2005: Running Script... Wed Nov 30 17:20:25 2005: LastRunSHA1 doesn't exist (probably the first time the script has been run). Propagating action 1 of Fixlet 4 of site "BigFix AntiPest (powered by PestPatrol)"... Wed Nov 30 17:20:25 2005: Starting action propagation... Wed Nov 30 17:20:32 2005: Action propagtion finished -- Generated Action ID: 938 in 7 seconds. Wed Nov 30 17:20:32 2005: Script Finished... Wed Dec 30 17:18:36 2005: Running Script... Wed Dec 30 17:18:38 2005: SHA1 in action 1 of Fixlet 4 of site "BigFix AntiPest (powered by PestPatrol)" is the same. The download is the same as the last time the script ran. No need to propagate new action... Wed Dec 30 17:18:38 2005: Script Finished... Fri Dec 1 17:46:16 2005: Running Script... Fri Dec 1 17:46:20 2005: SHA1 in action 1 of Fixlet 4 of site "BigFix AntiPest (powered by PestPatrol)" has changed! There is a new download available. Beginning action propagation... Fri Dec 1 17:46:20 2005: Starting action propagation... Fri Dec 1 17:46:30 2005: Action propagtion finished -- Generated Action ID: 956 in 10 seconds. Fri Dec 1 17:46:31 2005: Script Finished...

Important Notes

Using the BES Action Regenerator will cause actions to automatically go out to the agents whenever it is run. Normally, a BES user must specifically review and authorize each action. Using the BES Action Regenerator removes this manual process, which is convenient but potentially dangerous for security and accountability reasons. Please be sure you understand the implications and dangers of automatically pushing new Fixlet messages. Contact a your support technician if you have any questions.
Your private key file and password are very powerful. Make sure you secure the private key file and config file that contains the passphrase to prevent unauthorized access. It is recommended that you change the file permissions on the BES Action Regenerator folder to allow only authorized access. Note that you can revoke the private key at any time using BES Admin.
Currently, the action that is generated will target all computers who need the update with an expiration of midnight in 7 days and a temporal distribution of 60 minutes (both options are configurable in the config file). There is currently no way to customize the rest of the action paramaters (i.e., retry time, user message, restart behavior, etc.)
The BES Action Regenerator is set up by default to be used with the "BigFix AntiPest Update Definitions" Fixlet message. You can change the config file to use the BES Action Regenerator with other Fixlet messages.
If the BES Action Generator fails after upgrading the BES Server API to version 7.1, try creating a new BES Console user set the BES Action Regenerator to use the new username/password/keyfiles. The BES Server API may fail to validate keys created before upgrading to BES 7.1.