Enable Encryption for Clients
Log In or Register to download the BES file, and more.

0 Votes

Description

This task will deploy Crypto Utility to the BES Client folder, and generate a set of public and private key pair. These keys can be used to securely set passwords on the client machines.

Please note that only certain Dashboards will use this key pair for encryption.


Use the to view the public keys reported by endpoints with encryption.

File Size:

441 KB

Property Details

ID139
TitleEnable Encryption for Clients
CategorySetup
Download Size451072
SourceBigFix
Source ID<Unspecified>
Source Severity<Unspecified>
Source Release Date6/28/2012 12:00:00 AM
KeywordsTABLE TBODY BES Encryption Clients
Added by on 10/17/2012 1:13:29 PM
Last Modified by on 10/17/2012 1:13:29 PM
Counters 7997 Views / 13 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

isWindows (Relevance 274)
Used in 593 fixlets and 3 analyses   * Results in a true/false
Show indented relevance
name of operating system starts with "Win"
Used in 1 fixlet   * Results in a true/false
Show indented relevance
not exists folder "BFEncrypt" whose (exists file "private.pem" of it) of parent folder of client or not exists folder "BFEncrypt" whose (exists file "public.cert" of it) of parent folder of client

Actions

Action 1

Action Link Click here to enable encryption for BigFix Clients.
Script Type BigFix Action Script
parameter "oldCryptoFolderPath" = "{pathname of parent folder of client}\openSSL"
parameter "cryptoFolderPath" = "{pathname of parent folder of client}\BFEncrypt"
parameter "cryptoFilePath" = "{parameter "cryptoFolderPath"}\AppEngUtility.dll"
parameter "cryptoRegKey" = "HKEY_LOCAL_MACHINE\Software\Bigfix\EnterpriseClient\EncryptionControl"
// Create Folder if needed
if {not exists folder (parameter "cryptoFolderPath")}
    waithidden cmd.exe /C mkdir "{parameter "cryptoFolderPath"}"
endif
// Need to add version check here for next version
if {not exists folder (parameter "cryptoFolderPath") whose (exists file "AppEngUtility.dll" whose (version of it >= "8.2.10001.0") of it)}
    prefetch AppEngUtility.dll sha1:7a8600af3ba0d202f23d1d58612e762e313ce370 size:451584 http://software.bigfix.com/download/bes/mdm/AppEngUtility-8.2.10001.0.dll
    delete "{parameter "cryptoFilePath"}"
    move __Download\AppEngUtility.dll "{parameter "cryptoFilePath"}"
endif
if {not exists folder (parameter "cryptoFolderPath") whose (exists file "libBEScrypto_1_0_0_1.dll" of it)}
    prefetch libBEScrypto_1_0_0_1.dll sha1:80e9e5d26070f95249f7575d0d5b9cb66e6d5c02 size:1154120 http://software.bigfix.com/download/bes/mdm/libBEScrypto_1_0_0_1.dll
    move __Download\libBEScrypto_1_0_0_1.dll "{parameter "cryptoFolderPath"}\libBEScrypto_1_0_0_1.dll"
endif
if {not exists folder (parameter "cryptoFolderPath") whose (exists file "libBESssl_1_0_0_1.dll" of it)}
    prefetch libBESssl_1_0_0_1.dll sha1:34e3099090fa5eb2d797822bb8bf8a53ead254ee size:273480 http://software.bigfix.com/download/bes/mdm/libBESssl_1_0_0_1.dll
move __Download\libBESssl_1_0_0_1.dll "{parameter "cryptoFolderPath"}\libBESssl_1_0_0_1.dll"
endif
// set public/private key path
regset "[{parameter "cryptoRegKey"}]" "CertificatePath"="{escape of (parameter "cryptoFolderPath")}\\public.cert"
regset "[{parameter "cryptoRegKey"}]" "PrivateKeyPath"="{escape of (parameter "cryptoFolderPath")}\\private.pem"
// register CryptoUtility.dll
waithidden cmd.exe /C regsvr32.exe /s "{parameter "cryptoFilePath"}"
// Make sure the dll has been registered by checking registry key
continue if {exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\%7BC5A43980-AD5F-44BE-9C2B-B21B2848C660%7D" whose (exist key "InprocServer32" whose (exists value whose (it as string = (parameter "cryptoFilePath")) of it) of it) of x32 registry}
// Use the existing public/private keys (from previous OpenSSL folder)
if {exists folder (parameter "oldCryptoFolderPath")}
    if {exists folder (parameter "oldCryptoFolderPath") whose (exists file "public.cert" of it)}
        move "{parameter "oldCryptoFolderPath"}\public.cert" "{parameter "cryptoFolderPath"}\public.cert"
    endif
    if {exists folder (parameter "oldCryptoFolderPath") whose (exists file "private.pem" of it)}
        move "{parameter "oldCryptoFolderPath"}\private.pem" "{parameter "cryptoFolderPath"}\private.pem"
    endif
    waithidden cmd.exe /C rmdir /S /Q "{parameter "oldCryptoFolderPath"}"
    regdelete [HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\EncryptionControl] "MDMExtender"
else
// create initCrypto.vbs and run it to create public/private keys
createfile until __the_end
option explicit
dim crypto, shell
set crypto=createobject("AppEngUtility.Crypto")
'Only need to call it once during setup
crypto.InitializeKeyPairAndCert
__the_end
delete initCrypto.vbs
move __createfile initCrypto.vbs
waithidden cmd.exe /C cscript //B initCrypto.vbs
endif
// Make sure private and public key are created
continue if {exists key "HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\EncryptionControl" whose (exists value "CertificatePath" whose (exists file (it as string)) of it AND exists value "PrivateKeyPath" whose (exists file (it as string)) of it) of x32 registry}
// Set Registry key
regset "[{parameter "cryptoRegKey"}]" "InstalledTime"="{now}"
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!