Enable Encryption for Clients
0 Votes |
Description
This task will deploy Crypto Utility to the BES Client folder, and generate a set of public and private key pair. These keys can be used to securely set passwords on the client machines. Please note that only certain Dashboards will use this key pair for encryption. Use the to view the public keys reported by endpoints with encryption. |
File Size:
441 KBProperty Details
139 | |
Enable Encryption for Clients | |
Setup | |
451072 | |
BigFix | |
<Unspecified> | |
<Unspecified> | |
6/28/2012 12:00:00 AM | |
TABLE TBODY BES Encryption Clients | |
besSupport on 10/17/2012 1:13:29 PM | |
danielheth on 10/17/2012 1:13:29 PM | |
7997 Views / 13 Downloads | |
![]() ![]() ![]() ![]() ![]() |
Relevance
isWindows (Relevance 274)

name of operating system starts with "Win"
Used in 1 fixlet | * Results in a true/false |

not exists folder "BFEncrypt" whose (exists file "private.pem" of it) of parent folder of client or not exists folder "BFEncrypt" whose (exists file "public.cert" of it) of parent folder of client
Actions
Action 1
Action Link Click
here to enable encryption for BigFix Clients.
Script Type
BigFix Action Script
parameter "oldCryptoFolderPath" = "{pathname of parent folder of client}\openSSL"
parameter "cryptoFolderPath" = "{pathname of parent folder of client}\BFEncrypt"
parameter "cryptoFilePath" = "{parameter "cryptoFolderPath"}\AppEngUtility.dll"
parameter "cryptoRegKey" = "HKEY_LOCAL_MACHINE\Software\Bigfix\EnterpriseClient\EncryptionControl"
// Create Folder if needed
if {not exists folder (parameter "cryptoFolderPath")}
waithidden cmd.exe /C mkdir "{parameter "cryptoFolderPath"}"
endif
// Need to add version check here for next version
if {not exists folder (parameter "cryptoFolderPath") whose (exists file "AppEngUtility.dll" whose (version of it >= "8.2.10001.0") of it)}
prefetch AppEngUtility.dll sha1:7a8600af3ba0d202f23d1d58612e762e313ce370 size:451584 http://software.bigfix.com/download/bes/mdm/AppEngUtility-8.2.10001.0.dll
delete "{parameter "cryptoFilePath"}"
move __Download\AppEngUtility.dll "{parameter "cryptoFilePath"}"
endif
if {not exists folder (parameter "cryptoFolderPath") whose (exists file "libBEScrypto_1_0_0_1.dll" of it)}
prefetch libBEScrypto_1_0_0_1.dll sha1:80e9e5d26070f95249f7575d0d5b9cb66e6d5c02 size:1154120 http://software.bigfix.com/download/bes/mdm/libBEScrypto_1_0_0_1.dll
move __Download\libBEScrypto_1_0_0_1.dll "{parameter "cryptoFolderPath"}\libBEScrypto_1_0_0_1.dll"
endif
if {not exists folder (parameter "cryptoFolderPath") whose (exists file "libBESssl_1_0_0_1.dll" of it)}
prefetch libBESssl_1_0_0_1.dll sha1:34e3099090fa5eb2d797822bb8bf8a53ead254ee size:273480 http://software.bigfix.com/download/bes/mdm/libBESssl_1_0_0_1.dll
move __Download\libBESssl_1_0_0_1.dll "{parameter "cryptoFolderPath"}\libBESssl_1_0_0_1.dll"
endif
// set public/private key path
regset "[{parameter "cryptoRegKey"}]" "CertificatePath"="{escape of (parameter "cryptoFolderPath")}\\public.cert"
regset "[{parameter "cryptoRegKey"}]" "PrivateKeyPath"="{escape of (parameter "cryptoFolderPath")}\\private.pem"
// register CryptoUtility.dll
waithidden cmd.exe /C regsvr32.exe /s "{parameter "cryptoFilePath"}"
// Make sure the dll has been registered by checking registry key
continue if {exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\%7BC5A43980-AD5F-44BE-9C2B-B21B2848C660%7D" whose (exist key "InprocServer32" whose (exists value whose (it as string = (parameter "cryptoFilePath")) of it) of it) of x32 registry}
// Use the existing public/private keys (from previous OpenSSL folder)
if {exists folder (parameter "oldCryptoFolderPath")}
if {exists folder (parameter "oldCryptoFolderPath") whose (exists file "public.cert" of it)}
move "{parameter "oldCryptoFolderPath"}\public.cert" "{parameter "cryptoFolderPath"}\public.cert"
endif
if {exists folder (parameter "oldCryptoFolderPath") whose (exists file "private.pem" of it)}
move "{parameter "oldCryptoFolderPath"}\private.pem" "{parameter "cryptoFolderPath"}\private.pem"
endif
waithidden cmd.exe /C rmdir /S /Q "{parameter "oldCryptoFolderPath"}"
regdelete [HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\EncryptionControl] "MDMExtender"
else
// create initCrypto.vbs and run it to create public/private keys
createfile until __the_end
option explicit
dim crypto, shell
set crypto=createobject("AppEngUtility.Crypto")
'Only need to call it once during setup
crypto.InitializeKeyPairAndCert
__the_end
delete initCrypto.vbs
move __createfile initCrypto.vbs
waithidden cmd.exe /C cscript //B initCrypto.vbs
endif
// Make sure private and public key are created
continue if {exists key "HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\EncryptionControl" whose (exists value "CertificatePath" whose (exists file (it as string)) of it AND exists value "PrivateKeyPath" whose (exists file (it as string)) of it) of x32 registry}
// Set Registry key
regset "[{parameter "cryptoRegKey"}]" "InstalledTime"="{now}"
Success Criteria
This action will be considered successful when the applicability relevance evaluates to false.
Sharing
Social Media: |