Installing BigFix MDM Service for Windows endpoints

Learn how to install BigFix MDM server for Windows endpoints.

About this task

For instructions on how to install BigFix MCM Server for Windows endpoints through WebUI, see Install BigFix MDM Service for Windows.

In this section, you can find instructions on how to install BigFix MCM Server for Windows endpoints using the BESUEM Fixlet Install BigFix Windows MDM Server.

Before you begin: These prerequisites must be met to install the BigFix MDM Server for Windows endpoints:
  • You must have the required certificates and keys. See, MDM SSL Certificates.
  • You must have BigFix Agent running on the MDM Server target.
  • You must have the wnscredentials.json file ready to upload. For the work flow to create this file, see Generating WNS credentials

In the Install BigFix Windows MDM Server Fixlet, provide this information:
  1. Enter the organization name. While enrolling a device, the organization name is displayed to the users along with the rest of the profile information.
  2. Enter user facing hostname. This is the hostname of the server that the enrolling devices should be pointing to. The value must be the hostname from a valid URL. For example, enter mdmserver.deploy.bigfix.com.
  3. Enter LDAP parameters. This is used for authorization to enroll users for MDM over the air. This limits enrollment to your MDM server to authorized users only. Omitting all LDAP parameters disables the need for LDAP authentication to enroll for MDM.
    1. LDAP URL: Valid format is ldap://<server>:<port>. For more information on LDAP URL formats, see https://ldap.com/ldap-urls/
    2. LDAP Base DN: Valid format "dc=example,dc=org"
    3. LDAP Bind User: The root point to bind to the server. For example, DC=mydomain, DC=mycompany, DC=com. "user@example.org"
    4. LDAP Bind Password: The password entered here is encrypted and stored in the MDM_PARAM_4.enc file in the /var/opt/BESUEM/certs directory.
      Note: LDAP Authentication is turned on by default.
  4. Upload the files containing the details of the MDM Server TLS certificate and key contents.
    1. TLS key password: Enter a string to set TLS key password.
    2. In the MDM Server TLS Certificate section, click Upload File and browse through the location to select the TLS .crt file to be used.
    3. In the MDM Server TLS Key section, click Upload File and browse through the location to select the TLS .key file to be used.
  5. Upload the files containing the MDM Server authentication certificate and key contents.
    1. In the MDM Server Certificate Authority section, click Upload File and browse through the location to select the ca.cert.pem file.
    2. In the MDM Server Certificate content section, click Upload File and browse through the location to select the server.cert.pem file.
    3. In the MDM Server Key section, click Upload File and browse through the location to select the server.key file.
      Tip: For more information on how to generate .pem and .key files, see MDM SSL Certificates.
  6. WNS Credentials: This field appears when you select Windows as the operating system. Click Upload File and browse through the file location to select the wnscredentials.json file.
    Tip: To learn how to generate this file, see Generating WNS credentials
  7. Deploy the Fixlet to the targeted systems.
Results:
  1. Downloads a set of docker images from software.bigfix.com which is needed for the MDM installation.
  2. Installs the services and certificates including the Plugin certificates and the TLS certificate on which the server runs.
  3. Applies all required configurations.