Managing the endpoint Fixlets

This section provides information about endpoint Fixlets and their deployment.

Fixlets applicable for the endpoints

The administrator can deploy Fixlets to allow the functioning of certain tasks. This section provides information of the types of Fixlets, their deployment, and the order of their deployment.

The table below list the Fixlets and their descriptions:
List of Fixlets available along with their descriptions
Fixlet name Description
Boot Time Scan The Fixlet allows you to collect diverse endpoint metrics during the system boot.
High Frequency Scan The Fixlet collects various endpoint’s performance metrics scheduled to execute at every minute on the targeted endpoint through the task scheduler.
Low Frequency Scan This Fixlet collects the specified endpoint metrics that is executed every 15 minutes on the targeted endpoint.
Upload Scan Results The Fixlet uploads the data report files from the endpoints to the BigFix root server.
Disable Audit Logon Policy - Boot Time Scan The Fixlet disables the scheduled task DEX_hf-1 that is responsible for data collection form High Frequency Scan.
Delete Schedule Task and Script - High Frequency Scan This Fixlet deletes the scheduled task DEX_hf-1 and PowerShell script associated with it, that is responsible for data collection form High Frequency Scan.
Enable Scheduled Task - High Frequency Scan The Fixlet enables the scheduled task DEX_hf-1, if found disabled on the target endpoint. If this scheduled task is disabled.
Disable Schedule Task - High Frequency Scan The Fixlet disables auditing for the Logon/Logoff category.
Prerequisite Boot Time Scan - Enable Audit Logon Policy The Fixlet enables success auditing for the Logon/Logoff category. It serves as a prerequisite for High Frequency Scan, if audit logon policy is not enabled, then ambiguous data may be encountered.
Note: The Fixlets are dependent on the DEX_Report_bt* file in the DEX\Results folder. Deployment of Boot Time Scan Fixlet must precede High Frequency Scan Fixlet and Low Frequency Scan Fixlet to allow all Fixlets to stay relevant.

Order of Fixlets execution

The Fixlets must be executed in the following order:
  1. Prerequisite Boot Time Scan - Enable Audit Logon Policy
  2. Boot Time Scan
  3. Low Frequency Scan
  4. High Frequency Scan
  5. Upload Scan Results
    Note: Fixlets other than those mentioned above can be deployed when required.

Deploying Fixlets

System requirements
  • Only MS Windows targets are supported.
  • Supported OS target platforms are:
    • Microsoft Windows 10 Pro.
    • Microsoft Windows 10 Enterprise
    • Microsoft Windows 11 Pro.
    • Microsoft Windows 11 Enterprise
  • Only devices with PowerShell enabled are supported.
  • Only devices configured with the English language are supported.
  1. Execution Steps (Part1) - The execution steps are applicable on:
    • Prerequisite Boot Time Scan - Enable Audit Logon Policy
    • Disable Schedule Task - High Frequency Scan
    • Delete Schedule Task and Script - High Frequency Scan
    • Enable Scheduled Task - High Frequency Scan
    • Enable_Scheduled_Task
    • Disable Schedule Task - High Frequency Scan
    Perform the below steps to run the Fixlets:
    1. Go to the Sites > Custom Sites > #site where you store the Fixlet in the last step (DEX version 11, in my case) the go to Fixlets and Tasks and click on the Fixlet. The Take Action button appears.
    2. Click Take Action. Take Action window appears.
    3. In the Take Action window, define the execution parameters and targets.
    4. In the Execution tab, enter the execution parameters.
    5. Click on the Target tab to select the targets. Use the following options to select the targets:
      1. Select devices - Select the target endpoints from the “Applicable Computers”.
      2. Enter device names - Enter the hostnames of the target endpoints.
      3. Dynamically target by property - Select the target endpoints based on specific properties or target all computers. The Fixlet will evaluate on all the targeted computers and will run, wherever applicable.
    7. Click OK to execute the Fixlet.
  2. Execution Steps (Part2) - These executions are applicable on:
    • Boot Time Scan
    • High Frequency Scan
    • Low Frequency Scan
    • Upload Scan Results

    Perform the below steps to run the Fixlets:

    1. Go to Sites > Custom Sites > #site where you saved the Fixlet in the last step (DEX_v11) Fixlets and Tasks, and click on the Fixlet.
    2. Click Take Action. Take Action window appears.
    3. In the Take Action window, define the execution parameters and targets.
    4. Click on the Preset dropdown menu, and select Policy.
    5. In the Execution tab, enter the execution parameters.

      Result: Configuration of the execution parameters is complete.

    6. Click on the Target tab to select the targets. Use the following options to select the targets:
      1. Select devices - Select the target endpoints from the “Applicable Computers”.
      2. Dynamically target by property - Select the target endpoints based on specific properties or target all computers. The Fixlet will evaluate on all the targeted computers and will run, wherever applicable.
      3. Enter device names - Enter the hostnames of the target endpoints.
    7. Click OK to execute the Fixlet.