Create Location-Specific Tasks

The goal in the procedures below is to create two different configurations and tasks and attach them to different locations. As a result Configuration 1 is automatically picked up by users in Location 1, and Configuration 2 is picked up by users in Location 2. When users from Location 2 travel to Location 1 they automatically pick up Configuration 1 when connecting to the network.

How Location Properties Work

Each IBM BigFix Agent, on which the CPM for Mac client is installed, receives a complete list of all the Actions deployed from the BigFix Server through the various Tasks. The individual Agents check themselves against the list and create a short-list of only those Actions that apply to them. In the current example, relevance is determined by IP address. Configuration 1 is going to be deployed to all Agents, but only those Agents running on an endpoint with an IP address in the subnet that is defined for San Francisco will pick up the configuration. You can see this self-selection at work when you create the second configuration and apply it to a different Location. One Action is picked up by San Francisco endpoints and the other by German endpoints.

BigFix Agents remain in sync with new relevance expressions by frequently checking the BigFix Server for updates. Agents also maintain a detailed description of themselves that can include hundreds of values describing their hardware, the network, and software. In short:
  1. Define some locations.
  2. Configure your scan, firewall, or URL filtering settings.
  3. Save the settings to a Task and create an Action to target some given endpoints.
When you deploy the Task, the BigFix Server converts the Action details into a relevance expression, which is sent to all Agents at the endpoints. Each Agent checks itself against the relevance expression and takes the Action that is required for every match found.

Create the First Configuration and Task

  1. From the BigFix Console, click Endpoint Protection on the lower-left pane.
  2. From the upper-left navigation pane, go to Core Protection Module > Configuration > Global Settings > Global Settings Wizard. The Global Settings Wizard screen opens.
  3. Enable Configure scan settings for large compressed files and type the limits that are shown here:
    • Do not scan files in the compressed file if the size exceeds 2 MB.
    • Stop scanning after CPM detects 2 virus/malware in the compressed file.

  4. Click the Create Global Scan Settings Configure Task button. The Edit Task window opens.
  5. Type a descriptive (or memorable) name for the Task such as, Skip 2MB-2.
  6. Click OK.
  7. At the prompt, type your private key password and click OK. The new policy now appears in the Configuration > Global Settings > Custom Tasks screen.

Create the Second Configuration and Task

  1. From the BigFix Console, click Endpoint Protection on the lower-left pane.
  2. From the upper-left navigation pane, go to Core Protection Module > Configuration > Global Settings > Global Settings Wizard. The Global Settings Wizard screen opens.
  3. Remove the check from Configure scan settings for large compressed files.
  4. Click the Create Global Settings Configuration Task button. The Create Task screen opens.
  5. Type a descriptive (or memorable) name for the Task such as, Scan BIG.
  6. Click OK.
  7. At the prompt, type your private key password and click OK. The new policy now appears in the Configuration > Global Settings screen.

Make the Configurations Location-Specific

  1. From the BigFix Console, click Endpoint Protection on the lower-left pane.
  2. From the upper-left navigation pane, go to the task you just created, for example, Core Protection Module > Configuration > Global Settings > Custom Task > Skip 2MB-2. A screen displaying the Task Description tab opens.
  3. Below Actions, click the hyperlink to open the Take Action window.
  4. Select All computers with the property values selected in the tree below.

    .

  5. Click the All Computers tree and then By Retrieved Properties > By Subnet Address to open that branch.
  6. Choose the Location name that you created for the San Francisco subnet in Create Location-Specific Tasks.
  7. With your location still selected, click the Execution tab.
  8. Remove any Constraints that you do not want to apply (such as a Start and End date), and in the Behavior section, make sure that only the following option is enabled: Reapply this action... whenever it becomes relevant again.

  9. Click OK.
  10. At the prompt, type your private key password and click OK.
  11. Repeat this procedure for the second configuration and Task (choose Scan BIG from the Global Settings screen), and use the Location name that you used for the Germany subnet.