List of settings and detailed descriptions

Some of the configuration settings are commonly used and they have tasks already documented in the BigFix Support site for your assistance. If such a task exists, it is indicated along the Task available ? row in the tables which you can use. If no task exists, create the configuration setting manually.

Note: The component restart is required ONLY if explicitly mentioned in the Component restart required ? field. If the Component restart required ? field does not exist in the setting details, then the component restart is NOT required.

Making a configuration setting

You can make a configuration setting in two ways: through the BES Console or manually on the endpoint.

Through the BES Console
  1. Open the BES console and navigate to the Computer section under the All Content domain.
  2. Select the computer(s) to which you want to apply the configuration settings.
    Note: To change a configuration setting for the server or relays using this mechanism, you must select the computer(s) that have the server or relays installed.
  3. Right-click the computer(s) and choose Edit Computer Settings.
  4. Create a custom setting using a Name and Value pair from the configuration table.
  5. Click OK to send the configuration setting through an action named Change Multiple Settings or a similar one.

    The setting takes effect after the action is complete.

  6. View the computer's updated setting. To view the updates, right-click the computer and select Edit Computer Settings or click the computer in the computer list and then select the Summary tab. Then, scroll down to the Client Settings section.

Manually on a Windows endpoint

The client configuration settings are maintained as keys in the Windows registry at the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix\EnterpriseClient\Settings\Client. To update the settings, do the following steps:
  1. Create a key at the registry location and give it a name.
  2. Create a string value (REG_SZ type) named value within the key.
  3. Set the value data within the value.
For guidance, review the already existing client setting keys.
Note: On Windows, you do not need to stop the BESClient service to apply the client setting manually. However, some settings may not take effect until the BESClient service is restarted. On Unix/Linux, you must stop the BESClient service to manually apply the configuration setting in the besclient.config file.

Manually on a Mac endpoint

On MacOS, you can manually change your BigFix Client settings from the command line.

Stop the BigFix Client service.
sudo /Library/BESAgent/BESAgent.app/Contents/MacOS/BESAgentControlPanel.sh -stop
Run the -setSettings command and provide an appropriate JSON file.
sudo "/Library/BESAgent/BESAgent.app/Contents/MacOS/BESAgent" -setSettings "/path/to/file.json"
Start the BigFix Client service.
sudo /Library/BESAgent/BESAgent.app/Contents/MacOS/BESAgentControlPanel.sh -start
Here is a JSON sample file that shows how to set (or change) two client settings, named "setting1" and "setting2".
{
	"client_settings": [
		{
			"key":"setting1",
			"value":"1"
		},
		{
			"key":"setting2",
			"value":"setting value 2"
		}
	]
}

Description, values, and references

The configuration settings are categorized by the following BigFix functions:

For information related to parallel FillDB configuration, see Configuring parallel FillDB.

Inspector behavior

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_Inspector_ActiveDirectory_Refresh_Seconds
Controls the frequency at which the BigFix client polls the Active Directory information.
Default value 43,200 (12 hours)
Setting type Numeric (Seconds)
Value range 1,200 - 2,147,483,648 (20 minutes - ~25K days)
Task available ? No
Component restart required ? No
Client All Active Directory property updating
_BESClient_Inspector_AdminPrivilegeFromToken
Enable this setting if you have user accounts belonging to a local domain group and the local domain group belongs to the administrators group. If this setting is not enabled, the administrative privileges of these user accounts are not correctly retrieved. This setting is not enabled by default, set this setting to "1" to enable.

Among other business needs, you should enable this setting also when the Active Directory security groups information is not correctly retrieved by the BigFix client.
Default value 0 (disabled)
Setting type Boolean
Value range 0 (disabled - 1 (enabled)
Task available ? No
Component restart required ? No
Client 9.5.9 and later
_BESClient_Inspector_RPMForceCacheRefresh
Set to 1 to force the refresh of the rpm inspector cache. In this case, when the rpm inspector is invoked, if the last time the rpm cache was refreshed exceeded 60 minutes, it forces a refresh to the rpm cache to exclude any mismatch between cached information and actual operating system rpm status.
Default value 0 (disabled)
Setting type Boolean
Value range 0 (disabled) - 1 (enabled)
Platform Linux/AIX
Component restart required ? No
Client All
_BESClient_Inspector_RPMDisableCache
Set to 1 to disable the rpm inspector cache. In this case, if the child process is enabled, seriously degraded client performance should be expected.
Note: The cache operation is independent from the child process. In particular, the cache may be enabled even if the child process is disabled.
Default value 0 (disabled)
Setting type Boolean
Value range 0 (disabled) - 1 (enabled)
Platform Linux/AIX
Component restart required ? No
Client All

_BESClient_Inspector_DisableWMI

This setting will disable the use of any inspectors that make calls to the Windows WMI. WMI has been found to cause problems on some computers, especially older versions of Windows (95 and 98). Problems include high CPU usage and 'blue screen' crashing of Windows. WMI is used by some optional retrieved properties.
Default value 0 (disabled)
Setting type Boolean
Value range 1 (true) - WMI inspectors disabled

0 (false) - WMI inspectors enabled
Task available ? No
Client 9.2 and later https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0023431

Top

Action execution

Name/Description Values Component affected Version(s) applicable References
_BESClient_ActionManager_PrefetchPlugInTimeoutSeconds
This configuration setting enables to customize the amount of time that the client waits, after executing a prefetch plug-in, for the plug-in to generate an answer. The time is expressed in seconds.
Default value 60
Setting type Numeric (seconds)
Value range 60 - 6,000
Platform All
Component restart required ? No
Client All
_BESClient_ActionManager_PresentOfferAfterAllConstraints
To control the Client behavior when managing actions configured as an offer. If set to 1 (True), the offer is presented to the user on the Client UI at action start time. If set to 0 (False), the offer is presented to the user on the Client UI as soon as the action is received by the Agent (BESClient).
Default value 0 (false)
Setting type Boolean
Value range 0 or 1
Platform Windows and Mac
Component restart required ? No
Client 9.5.7 and later
_BESClient_ActionManager_UIMissingHoldMode
To control client behavior for actions with "don't care" user constraint and UI to display. This setting is very useful when you have remote clients connecting to the computer and the remote sessions with an error of User interface process unable to launch (XX.YYYY) for user '' Example User interface process unable to launch (22.1008) for user '' This usually indicates an error condition of the connection to the remote connection was present, but was terminated. We are not able to detect the user name being used because the abandoned user connection was left active but not terminated correctly. Other examples and information related to this are conditions of abandoned session tokens.
Default value "failed"
Setting type String
Values "none" "failed" "all"
  • "none" - automatically run the action if the only UI sessions are disabled or failed.
  • "failed" - hold the action in a pending message state if there are UI sessions that are failed.
  • "all" - hold the action in a pending message state if there are UI sessions that are failed or disabled.
Task available ? No
Platform All
Component restart required ? Yes
Client All User interface process unable to launch
_BESClient_ActionManager_SSAv2Mode

This setting was implemented to allow the BESClient to display the Client UI dashboards in the Self Service Application (SSA). If SSA is not installed, this setting must be deleted, if present.

For more information, refer to the Software Distribution Self Service Application documentation.
Default value "SSAV2UIAll"
Setting type String
Values "SSAV2UIAll"
Task available ? No
Platform Windows/ Mac
Component restart required ? Yes
Client 9.5.3 and later
_BESClient_ActionManager_PendingRestartExclusions

String(s) residing in the registry key X which are to be ignored by the BigFix Client when determining if a restart is needed.

The strings must be separated by semicolons and the last string must have a terminating semicolon (for example "exclude1;exclude2;exclude3;").

With the setting _BESClient_ActionManager_PendingRestartExclusions=:; all entries in the Microsoft registry key HKLM\System\CurrentControlSet\Control\Session ManagerPendingFileRenameOperations are ignored because every entry is a path containing always a colon.
Note: The strings are case sensitive.
Default value Blank
Setting type String
Value range NA
Task available ? No
Platform Windows
Component restart required ? No
Client All Determining if a restart is needed
_BESClient_ActionManager_LocaleEnable
This configuration setting will enable BigFix Clients to display non-English messages if the translation files are in place (IEM 6.0+).
Default value 1 (enabled)
Setting type Boolean
Value range 1 (enable), 0 (disable)
Task available ? Yes
Platform Linux, Unix
Component restart required ? Yes
Client All

Top

Action management

The settings described in this section are made on the BigFix Client to configure how actions are run locally.

Settings affecting data download on the Client

Whenever an action requiring the download of one or more than one files is taken, the target agent prevents the action from running on the client if the total size of the downloads associated to the action exceeds the value set in _BESClient_Download_SizeLimitMB, and the Client is not connected to a preferred relay.

The Client installed on the Server and the Client/Relay do not consider the setting _BESClient_Download_SizeLimitMB, allowing always the download (on the Relay/Client the condition is true when the Relay is active).

The connected relay is a preferred relay if:

  • The relay selection associated to the Client is the Manual Relay Selection, and the connected relay is the primary or the secondary relay.
  • The relay selection associated to the Client is the Automatic Selection with Affiliation, and the connected relay is member of an affiliation group belonging to the affiliation list. The number of affiliation groups belonging to the affiliation list can be configured using the setting _BESClient_PreferredRelay_MaxAffiliationsToCheck. The special affiliation group "*" is never used for setting a preferred relay.
  • The connected relay is either in the same sub-network of the client, or the number of network hops from the Client to the relay is lower than the value configured in the setting _BESClient_PreferredRelay_MaximumHopCount. In this case there is no dependency from the relay association method selected on the Client.
Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_PreferredRelay_MaxAffiliationsToCheck
Use this setting to specify the number of affiliation groups, belonging to the affiliation list, to consider when evaluating the preferred relay. By default any member of the first group in the affiliation list is a preferred relay.
Default value 1
Setting type Numeric
Value range 1 - 255
Task available ? No
Component restart required ? No
Client 9.5.9 and later
_BESClient_PreferredRelay_MaximumHopCount
Use this setting to specify the maximum number of network hops from the client to the preferred relay. The number of network hops from the client to the preferred relay must be lower than the value specified in this setting. By default, if the connected relay is in the same sub-network of the Client, it is a preferred relay.
Note: By setting the value to 0, this setting considers the Relays in the same sub-network as not preferred.
Default value 1 (adjacent sub-network)
Setting type Numeric (number of hops)
Value range 0 - 255
Task available ? No
Component restart required ? No
Client 9.5.9 and later

Settings affecting wait and waithidden commands on the client

You can use the wait command, as part of an action, to wait for the completion of a specific process or program before continuing with the next actionscript command. You can also use the waithidden command to run the process or program in a hidden window. When defining the wait command, you can optionally specify an override section to change some of the default behaviors, represented by keywords, that are applied at runtime on the target Clients. If you do so the different behavior applies only to the program or process triggered by that wait or waithidden command on all the clients where the action runs. The settings listed in the following table allow you to define the default behavior for timeout and disposition on a specific client for all the programs or processes triggered by any wait or waithidden commands, unless it is specified differently in an override section of that specific wait or waithidden command definition.

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_ActionManager_OverrideTimeoutSeconds
Use this setting to define on the specific Client how many seconds the action processing must wait for the completion of the wait or waithidden command's process before timing out. When the timeout elapses, the behavior specified in the disposition is applied to the wait or waithidden command's process, the overall action stops processing and exits in Timeout Reached status.
Default value 0
Setting type Numeric (seconds)
Value range 0 - 4,294,967,295
Task available ? No
Client 9.5.11 and later
_BESClient_ActionManager_OverrideDisposition

Use this setting to define on the specific Client what to do with the processes or programs triggered by any wait or waithidden command once the timeout elapses.

The available values are:
  • abandon, to disassociate the wait or waithidden command's process from the remainder of the actions.
  • terminate, to kill the wait and waithidden command's process.
Default value abandon
Setting type String
Value range abandon, terminate
Task available ? No
Client 9.5.11 and later

Top

Archiving client files

This allows the BigFix Administrator to automatically log data from specific managed computers.

For details, see Archiving Client files on the BigFix Server.

Archive Manager

For detailed description about Archive Manager, see Archive Manager.

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_ArchiveManager_OperatingMode
The OperatingMode dictates the style of archiving, allowing periodic or triggered archiving.
Default value 0
Setting type Numeric
Value range
  • 0 - Disables all archival operations
  • 1 - Automatic with a period = BESClient_ArchiveManager_IntervalSeconds
  • 2 - Enables the archive now action command. To allow a custom action to post client attributes to an archive file, make sure the OperatingMode is set to 2.
Task available ? No
Client 9.2 and later Archive Manager
_BESClient_ArchiveManager_FileSet-<tag>
This setting (or a group of settings with optional tags) specifies the files to be archived. This technique lets you specify multiple named batches of files. Each setting starts with "_BESClient_ArchiveManager_FileSet-" and ends with a batch name (the <tag> part).

The value of each setting is a path on the client file system. It can be a single file, in which case that file is part of the archive; a single directory, in which case all files in the directory will be part of the archive; or a directory path ending with wild cards, in which case all files in the directory matching the wild cards will be part of the archive. For example, the setting _BESClient_ArchiveManager_FileSet-(log), representing all the log files in a temporary log folder, could have a value like c:\temp\log. Everything after the dash (-) is used as the default prefix of the files as they are unpacked on the root server. Therefore a file named x.log in the c:\temp\log folder would be unpacked as (Log)x.log.

Default value None
Setting type String
Client 9.2 and later Archive Manager
_BESClient_ArchiveManager_SendAll
This setting allows you to send just the archives that have changed, avoiding redundant uploads. There are two possible values for this setting. The Default value of 0 is recommended for most applications.
Default value 0
Setting type Boolean
Value range
  • 0 - Only send files that have changed since the last archive operation
  • 1 - Send all files, even if they have not changed.
Task available ? No
Client 9.2 and later Archive Manager
_BESClient_ArchiveManager_MaxArchiveSize

This setting limits the size (in bytes) of the uploaded archive. Because a typical archive might be composed of several files, the archive size corresponds to the sum of the file sizes. If the limit is exceeded, an archive that contains only the index file is created and uploaded by the Archive Manager. The index contains the following header line: MaxArchiveSize: Exceeded Copy.
Default value 1,000,000 (one million bytes). Starting in Endpoint Manager version 8.0, the file system is 64-bit. This means that the actual maximum file size is 264 – 1, sufficient for any reasonably sized file.
Setting type Numeric (bytes)
Value range 0 - (264– 1)
Task available ? No
Client 9.2 and later Archive Manager
_BESClient_ArchiveManager_IntervalSeconds
When the OperatingMode is set to 1, this setting determines the interval at which the client triggers an archive.
Default value 86,400 seconds (24 hours)
Setting type Numeric (seconds)
Value range 0 - 4,294,967,295
Task available ? No
Client 9.2 and later Archive Manager

Top

Post file

The PostFile program receives the chunks of files posted by the Upload Manager and appends them to its own copy of the file. The Upload Manager specifies the range of bytes being posted and the sha1 of the file, which is used as the filename.

For details, see PostFile.

Name/Description Values Component(s) affected Version(s) applicable References
_BESRelay_PostFile_ThrottleKBPS

The PostFile component of BigFix uses this setting for controlling throttle values for the incoming data.

The value of the setting can be adjusted for varying connection speeds or other network anomalies. When PostFile communicates with the Upload Manager, it passes along this value. If there is a conflict between any two computers over these settings, it favors the smaller value.
Default value 0 (disabled)
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? No
Relay, Root server 9.2 and later Bandwidth throttling
_BESRelay_PostFile_ChunkSize

The PostFile component of BigFix uses this setting for controlling the chunk size of incoming data.

The value of the setting can be adjusted for varying connection speeds or other network anomalies. When PostFile communicates with the Upload Manager, it passes along this value. If there is a conflict between any two computers over these settings, it favors the smaller value.
Default value 0
Setting type Numeric (in bytes)
Value range 1,024 - (264- 1)

Any value between 1 and 1,023 is reset to 1,024.
Task available ? No
Relay, Server 9.2 and later Bandwidth throttling

Top

Upload Manager

The Upload Manager coordinates the sending of files in chunks to the Post File program. You can throttle the upload dataflow to conserve bandwidth. The file system uses 64-bits, sufficient for file sizes of up to 264 – 1 bytes in length.

Note: BigFix Inventory and BigFix License Metric Tool upload a lot of data from the BigFix Clients. If you plan to use any of these two applications you are suggested to specify a value for the settings _BESRelay_UploadManager_BufferDirectoryMaxSize and _BESRelay_UploadManager_BufferDirectoryMaxCount described in the following table to limit the disk space usage.
Name/Description Values Component(s) affected Version(s) applicable References
_BESRelay_UploadManager_AllowConsoleUploads
Controls the ability to upload files as "console uploads" to the relay. Set it to 1 to re-enable.
Note: Enabling this type of upload is not secure because the relay does not require any sort of authentication.
Default value 0 (disabled)
Setting type Boolean
Value range 0 - 1
Task available ? No
Component restart required ? No
Relay, Root server 9.5 and later Upload Manager
_BESClient_UploadManager_BufferDirectory
The input buffer directory of the Upload Manager. This directory is on the client computer, in the BigFix Client folder.
Default value None
Setting type String
Task available ? No
Component restart required ? No
Client 9.2 and later Upload Manager
_BESClient_UploadManager_ChunkSize
Uploads are done one chunk at a time. In a conflict between this computer and the upstream computer, the size of the chunk is set to the smaller of the two. The local chunk size setting is specified in bytes.
Default value 131,072 (128KB)
Setting type Numeric (bytes)
Value range 1,024 - 4,294,967,295
Note: If you set a value less than 1,024, it is automatically reset to 1,024.
Task available ? No
Component restart required? Yes
Client 9.2 and later Upload Manager
_BESClient_UploadManager_ThrottleKBPS
After each chunk is uploaded, the Upload Manager calculates the amount of time to sleep to maintain the throttle speed in kilobytes per second (ThrottleKBPS). This allows you to compensate for network bottlenecks. For example, a BigFix client that is connected over a slow VPN to the relay might have a low upload throttle rate to minimize the bandwidth on that network segment. In a conflict between this computer and the upstream relay (or server), the throttle KBPS is set to the smaller of the two.
Default value 0 (Disabled)
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? No
Component restart required ? No
Client 9.2 and later
_BESRelay_UploadManager_BufferDirectory
Like the BigFix Client, the BigFix Relay also has an Upload Manager, and it also has a buffer directory, whose path is specified by this setting. The Upload Manager uploads the files in the sha1 subdirectory of the specified directory. It sorts the files by modification time and then, just like the BigFix Client, it uploads them in chunks to smooth out the bandwidth requirements.
Default value None
Setting type String
Task available ? No
Component restart required ? No
Relay, Root server 9.2 and later Upload Manager
_BESRelay_UploadManager_BufferDirectoryMaxSize

Denotes the maximum amount of space on disk that can be used to store the data uploaded from the BigFix Clients using the Upload Manager. You can specify this setting on the BigFix Server or on the BigFix Relays. Depending on the role of the system in the BigFix topology, the behavior of this setting differs as follows:

BigFix Relay

You can set the maximum file size to be as large as 264 – 1 bytes. The default value is 1 GB. A check against this setting is run every time a new file is received.

BigFix Server

By default, the setting is not specified on the system, meaning that the maximum size of the Buffer Directory is unlimited. Specify this setting to define a threshold size for the Buffer Directory. You must remove the setting to restore the default value. The BigFix Server checks every 15 minutes if the size of the Buffer Directory exceeds the value set in _BESRelay_UploadManager_BufferDirectoryMaxSize. If this check is true, the BigFix Server does not accept any additional uploaded files. Change the value of the setting either manually or using the appropriate Fixlet, or reduce the content of the Buffer Directory to resume uploading files.
Note: Starting from version 9.5 Patch 5, the _BESRelay_UploadManager_BufferDirectoryMaxSize checking is listed among the prerequisite checks for running the upgrade. For more information, see Upgrading on Windows systems or Upgrading on Linux systems.
Default value
  • 1 Gbyte, on relay and on the server until 9.5.4
  • 264 – 1, on the server starting from 9.5.5
Setting type Numeric (bytes)
Value range 0 - 264 – 1
Task available ? Yes
Component restart required ? No
Relay, Root server 9.2 and later Upload Manager
_BESRelay_UploadManager_BufferDirectoryMaxCount

Denotes the maximum number of files that the Upload Manager Buffer Directory is allowed to store. You can specify this setting on the BigFix Server or on the BigFix Relays. Depending on the role of the system in the BigFix topology, the behavior of this setting differs as follows:

BigFix Relay

A check against this setting is run every time a new file is received.

BigFix Server

By default the setting is not specified on the system, meaning that the maximum number of files in the Buffer Directory is unlimited. Specify this setting to define a threshold to the number of files stored in the Buffer Directory. You must remove the setting to restore the default value.

The BigFix Server checks every 15 minutes if the number of uploaded files stored in the Buffer Directory exceeds the value set in _BESRelay_UploadManager_BufferDirectoryMaxCount. If this check is true, the BigFix Server does not accept any additional uploaded files. Change the value of the setting either manually or using the appropriate Fixlet, or reduce the content of the Buffer Directory to resume uploading files.
Note: Starting from version 9.5 Patch 5, the _BESRelay_UploadManager_BufferDirectoryMaxCount checking is listed among the prerequisite checks for running the upgrade. For more information, see Upgrading on Windows systems or Upgrading on Linux systems.
Default value
  • 10,000 on both server and relay, up to version 9.5.4.
  • 264- 1 on the server (later than version 9.5.4)
Setting type Numeric
Value range 0 - 264 – 1
Task available ? Yes
Component restart required ? No
Relay, Root server 9.2 and later Upload Manager
_BESRelay_UploadManager_CompressedFileMaxSize
This setting denotes the amount of space of the largest compressed file the Upload Manager is allowed to handle. You can set the maximum file size to be as large as 264 – 1 bytes. It applies only to the server and it is evaluated during the decompression of the uploaded archive.
Default value 20,971,520 (20 MB)
Setting type Numeric (bytes)
Value range 0 - 264- 1
Task available ? No
Component restart required ? No
Relay, Root server 9.2 and later Upload Manager
_BESRelay_UploadManager_ChunkSize
Uploads are done one chunk at a time. In a conflict between this computer and the upstream computer, the size of the chunk is set to the smaller of the two.
Default value 131,072 (128 KB)
Setting type Numeric (bytes)
Value range 1,024 - 4,294,967,295
Note: If you set a value less than 1,024, it is automatically reset to 1,024.
Task available ? No
Component restart required ? Yes
Relay, Root server 9.2 and later Upload Manager
_BESRelay_UploadManager_ThrottleKBPS
After each chunk is uploaded, the Upload Manager calculates the amount of time to sleep to maintain the throttle speed in kilobytes per second (ThrottleKBPS). This allows you to compensate for network bottlenecks. For example, a BigFix relay that is connected over a slow VPN to the server might have a low upload throttle rate to minimize the bandwidth on that network segment.

In a conflict between this computer and the upstream server (or relay), the throttle KBPS is set to the smaller of the two.

The default value is 0, which disables throttling.
Default value 0 (Disabled)
Setting type Numeric (KBPS)
Value range 1 - 65,536
Task available ? No
Component restart required ? No
Relay, Root server 9.2 and later Upload Manager
_BESRelay_UploadManager_CleanupHours
Sometimes archived files accumulate but do not get uploaded. This might happen with a network outage, a downed server or other communication problem. To avoid overloading the system, these old files are deleted or cleaned up. This setting determines how old a file can get before it is deleted.
Default value 72
Setting type Numeric (hours)
Value range 0 - 4,294,967,295
Relay, Root server 9.2 and later Upload Manager

Top

Gathering content

Name/Description Values Component(s) affected Version(s) applicable References
_BESRelay_GatherMirror_UpstreamCheckPeriodMinutes
This setting controls the minimum amount of time a relay (or a root server in DSA deployments) will wait between checking for new versions of sites. In a network with full connectivity, this polling behavior will be unimportant, because relays will always receive notifications when new sites become available. But when notifications get missed, this polling behavior allows a relay to "catch up". The downside to polling too frequently is that it can drive unnecessary load into the parent. The polling will only be done in response to a client request, so if none of a relay's children are asking for a site, it won't go upstream to check for the site, even if its polling period has expired. Note that a "request" in this case means any query about the status of the site -- so a command polling request from a Client can trigger this upstream check even though it's not directly requesting any sites. This setting does not directly control a "relay gather interval", as there is no such thing. The Relay only initiates gather requests in response to notifications received from its parent or gather requests received from one of its children. However, if a Relay has many children, gather requests will come in frequently, and the amount of time between upstream checks will end up being very close to the minimum amount of time specified by this setting.
Default value 360
Setting type Numeric (number of minutes)
Value range 0 - 4,294,967,295
Task available ? No
Relay 9.2 and later
_BESGather_Download_CheckParentFlag
When a file is requested from the BigFix Relay, it can either download the file from the BigFix Server or download the file directly from the Internet. If this setting is set to 1 (True), then the BigFix Relay will first attempt to download the file from the BigFix Server.
Note: This setting should stay at 0 (False) for the BigFix Server.
Default value BigFix Server: 0 (False) BigFix Relay: 1 (True)
Setting type Boolean
Value range 1 (True) - Check the BigFix Server first to download the file 0 (False) - Do not check the BigFix Server when to download the file
Task available ? No
Server, Relay 9.2 and later
_BESGather_Download_CheckInternetFlag
When a file is requested from the BigFix Relay, it can download the file directly from the Internet instead of from the BigFix Server. If this setting is set to 1 (True), then the BigFix Relay will first attempt to connect to the BigFix Server (if the _BESGather_Download_CheckParentFlag is set to 1) then directly connect to the Internet if the download from the BigFix Server fails.
Note: This setting should stay at 1 (True) for the BigFix Server.
Default value BigFix Server: 1 (True) BigFix Relay: 0 (False)
Setting type Boolean
Value range 1 (True) - Download the file directly from the Internet 0 (False) - Do not download the file directly from the Internet
Task available ? No
Server, Relay 9.2 and later
_BESGather_Download_CacheLimitMB
BigFix Gather will cache downloaded files on the BigFix Server or BigFix Relay computer so that the file will not need to be downloaded again if the action is reissued. This setting will specify how many MB to cache before overwriting the old files. When the cache is full, the least recently used files will be replaced. This setting requires a restart of the BES Relay Service.
Default value 1,024
Setting type Numeric (MB)
Value range 1 - 4,294,967,296
Task available ? Yes
Server, Relay 9.2 and later
_BESGather_Download_RetryMinutes
When BigFix Gather fails to download a file from the Internet or its parent during an action, it will wait for the specified amount of time then try again.
Default value 10
Setting type Numeric (minutes)
Value range 0 - 4,294,967,295
Task available ? No
Server, Relay 9.2 and later
_BESGather_Download_RetryLimit
When BigFix Gather fails to download a file from the Internet or its parent during an action, it will retry the specified number of times (each time it will double the amount of time it waited to retry the last time).
Default value 6
Setting type Numeric (retry limit)
Value range 0 - 4,294,967,295
Task available ? No
Server, Relay 9.2 and later
_BESGather_Download_ChannelThreshold
BigFix Gather can simultaneously download two files at a time by using one "main channel" and one "thin channel". The main channel is used for all downloads, but if the main channel is currently downloading a large file, the thin channel can be used to download smaller files if the download size is less than the specified threshold. If this setting is set high, BigFix Gather will use the thin channel to download larger files, which could slow down actions because two large files may be downloading at the same time (each using half the bandwidth) instead of one file after the other. If this setting is set low, the thin channel will be used for only very small file downloads.
Default value 500,000
Setting type Numeric (bytes)
Value range 1 - 100,000,000 (Set to 0 to disable the thin channel)
Task available ? No
Server, Relay 9.2 and later
_BESGather_Download_InactivityTimeout
When the BigFix Gather service is downloading a file from the Internet or its parent, it sometimes will experience some inactivity because of network problems, disconnections, etc. When there is inactivity, BigFix Gather will wait for the specified number of seconds to receive more data before aborting the download.
Note: This setting is deprecated starting from BigFix Version 9.0.
Default value 300
Setting type Numeric (seconds)
Value range 0 - 4,294,967,295 (Set to 0 to disable time-out mechanism)
Task available ? No
Server, Relay 9.2 and later
_BESGather_Download_TimeoutSeconds
With this value, you specify the maximum amount of time since the last activity on the connection. The BigFix Gather service waits for the specified number of seconds before aborting the download operation. After the download connection is established, if the time since the last activity is greater than the value set in this parameter, the download operation is aborted.
Default value 30
Setting type Numeric (seconds)
Value range 0 - 4,294,967,295
Task available ? No
Server, Relay 9.5.7 and later
_GatherService_ForwardGet_UserAgentOverride
This string determines the User-Agent: string in the HTTP headers that the BES Gather Service uses. This can be used to help work strict proxy configurations.
Default value None
Setting type String
Value range N/A
Task available ? No
Component restart required ? Yes
Server, Relay, Agent 9.2 and later IV85244: USER AGENT NOT ALWAYS SET TO THE VALUE SPECIFIED WITH _GATHERSERVICE_FORWARDGET_USERAGENTOVERRIDE

Top

HTTPS
Name/Description Values Component(s) affected Version(s) applicable References
_BESGather_Use_Https

You can use the the HTTPS protocol to get license updates or gather external sites directly on a BigFix server or in an airgapped environment. To enable the HTTPS protocol, set the client keyword _BESGather_Use_Https to 1. After enabling HTTPS, you can create or download a package of certificates that you want to trust. The BigFix server validates the certificates during its gathering process.

Note: Before 9.5.11, the only allowed values for this setting are 0 (default value) and 1. If the value is set to 1, it makes the server use the HTTPs protocol when gathering external content or performing license updates.
Default value 2
Setting type Numeric
Value range
  • 0 - The server uses the protocol defined in the URL.
  • 1 - The server tries to gather all sites using the HTTPS protocol only.
  • 2 - The server first tries to gather all sites using the HTTPS protocol. If the server fails to gather a site using HTTPS, it will try to gather again using the HTTP protocol.
Task available ? No
Component restart required ? Yes
Server 9.5 and later Customizing HTTPS for Gathering
_BESGather_CACert
Path of the downloaded set of trusted certificates.
Default value None
Setting type String (path)
Server 9.5 and later Customizing HTTPS for Gathering

Top

Deployment Encoding

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_DeploymentEncoding_IANAName
This setting is mandatory on each BigFix V9.5 client in environments where the version of BigFix installed on the server is earlier than V9.5. It specifies the deployment encoding to use when communicating with the infrastructure. The value for this setting defaults to "windows-1252" on Mac clients. Other available values are: windows-874, windows-932/Shift_JIS, windows-936/GBK, windows-949/windows-949-2000, windows-950/Big5, windows-1250, windows-1251, windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257, windows-1258.
Note:
This setting is ignored on the client side beginning in version 9.5.
  • Mac and Android use UTF-8 and can not be changed by setting this option.
  • Unix default is determined by the client locale environment variables (ex: LC_ALL or LC_CTYPE).
  • Windows default is determined by the language for non-Unicode programs selected in the Windows control panel.
On the server side, this setting is required on Linux and a specific warning is logged if the setting is missing. It's used as default value for _BESClient_FxfEncoding_IANAName.
Default value Empty
Setting type String
Value range Standard IANA values
Platform All
Component restart required ? Yes
Client, Server All

Top

Logging

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_EMsg_Detail
This configuration setting will enable the BigFix Client debug log that will give information about the BigFix Client activity. The higher the level of detail, the greater the detail of the messages that are put into the file and/or NT event log.
Note: Setting this value too high can cause the log file to grow extremely quickly filling up disk space.
Default value 0 (none)
Setting type Numeric (detail level)
Value range 0 - 10,000
  • 0 - none
  • 1 - critical error
  • 10 - debug
  • 10,000 - verbose
Task available ? Yes
Client 9.2 and later Data Collection: BigFix Client
_BESClient_EMsg_File
Full path to file to store activity messages. If empty string and the computer is not Win9x, activity messages are added to the NT event log. If you change the name or the path of this file, to avoid character display problems, ensure to use names that have only standard ASCII characters and not extended ASCII characters.
Note: The _BESClient_EMsg_Detail setting must be greater than 0 to use this option.
Setting type String (full path)
Task available ? Yes
Client 9.2 and later Data Collection: BigFix Client
_BESClient_EMsg_MaxSize
Defines the maximum size of the single client debug log file.
Default value 536,870,912 (512 MB)
Setting type Numeric (bytes)
Value range 0 - 1,073,741,824 (1 GB)
Platform All
Client 9.2 and later Data Collection: BigFix Client
_BESClient_Log_MaxSize
Size of daily log file. When the log becomes this big, it is renamed to 'date'.back (unless this file already exists) and then the log for the day is restarted. Result is that for any particular day, you have the first part of the day, and the last part of the day.
Default value 512,000
Setting type Numeric (bytes)
Value range 0 - 4,294,967,295
Task available ? No
Client 9.2 and later Data Collection: BigFix Client
_BESClient_Log_Days
Number of days to save Client log files.
Default value 10
Setting type Numeric (days)
Value range 1 - 366
Task available ? No
Client 9.2 and later Data Collection: BigFix Client
_BESRelay_Log_Verbose
A non-zero value will enable verbose logging on the BigFix relay for troubleshooting purposes. This setting increases the information written to the existing logfile.txt and should not be left on during normal operation especially on the root server where its performances can be compromised.
Default value 0 (disabled)
Setting type Boolean
Value range (True) - Enable Verbose Logs 0 (False) - Disable Verbose Logs
Task available ? No
Relay Enabling debug/verbose logging for the BES Root Server and BES Relay services
_BESClient_LinuxPatch_enable_debug_log
This configuration setting will:
  • Enable/disable DEBUG mode for deployment logs (EDR_DeploymentResults.txt), which generates on BigFix client (/var/opt/BESClient/EDRDeployData) while patching.
  • Generate/delete EDR deployment files like EDR_Yumconfig, EDR_RepomdRequest, EDR_RepomdMapping, EDR_RepoRefresh, EDR_MetadataRequest, and EDR_MetadataMapping on BigFix client after patching.
Default value 0 (disabled)
Setting type Boolean
Value range
  • 0
    • Disable DEBUG mode for deployment logs while patching.
    • EDR deployment files are deleted after patching.
  • 1
    • Enable DEBUG mode for deployment logs while patching.
    • EDR deployment files are retained even after patching is completed.
Task available ? No
Client 9.2 and later
Auditing
Name/Description Values Component(s) affected Version(s) applicable References
_BESRootServer_Audit_Verbosity

It controls whether SSL connections are logged in the server audit log. Specify _BESRootServer_Audit_Verbosity = all to log the all information about both failed and successful SSL connections. Specify _BESRootServer_Audit_Verbosity = null or remove the option from the settings to disable the logging of SSL connections.

You can specify this setting either in the besclient.config file or on the Console by accessing the Computers domain, right-clicking the Client where you want to log SSL information and selecting Edit Settings.
Default value None
Setting type String
Value range all, null
Task available ? No
Server components All

Top

CPU Usage

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_Resource_WorkIdle
The BigFix Client works (evaluate relevance) for a designated amount of time then sleeps for a designated amount of time. This setting controls how many milliseconds to work before going to sleep in each cycle. If this number is high in comparison to the _BESClient_Resource_SleepIdle setting, then the BigFix Client will evaluate Fixlet relevance faster, but the CPU usage is higher.
Default value 10
Setting type Numeric (milliseconds)
Value range 1 - 500
Task available ? Yes
Platform All
Client All
_BESClient_Resource_WorkNormal
The BigFix Client controls the CPU work limit in normal evaluation mode. It represents the number of milliseconds to work to balance CPU when in normal mode. By default the BigFix Client works for 50 milliseconds, then sleeps for 50 milliseconds (_BESClient_Resource_SleepNormal) when in normal mode.
Default value 50
Setting type Numeric (milliseconds)
Value range 1 - 500
Platform All
Component restart required ? No
Client All How should I configure the Bigfix Client to run on an virtual server that hosts multiple images?
_BESClient_Resource_SleepIdle
The BigFix Client works (evaluate relevance) for a designated amount of time then go to sleep for a designated amount of time. This setting controls how many milliseconds to sleep after working in each cycle. If this number is high in comparison to the _BESClient_Resource_WorkIdle setting, then the BigFix Client takes longer to evaluate Fixlet relevance, but the CPU usage is lower.
Default value 480
Setting type Numeric (milliseconds)
Value range 1 - 500
Platform All
Task available ? Yes
Client All Configuring Client CPU Utilization
_BESClient_Resource_SleepNormal
The BigFix Client controls the CPU sleep interval in normal evaluation mode (as opposed to 'Idle' mode). It represents the number of milliseconds to sleep after evaluating for _BESClient_Resource_WorkNormal milliseconds. The BigFix Client only sleeps for up to 1000 milliseconds to balance the CPU usage.
Default value 50
Setting type Numeric (milliseconds)
Value range 1 - 3,600,000 (1 hour)
Task available ? No
Platform All
Component restart required ? No
Client All How should I configure the Bigfix Client to run on an virtual server that hosts multiple images?
_BESClient_Resource_QuietEnable
Quiet mode causes the BigFix Client to not actively process Fixlets, send in reports, respond to commands, etc. It will basically sit idle until the wakeup time is enabled. A BigFix Client can be put in quiet mode for a maximum of 20 hours a day.
Note: If you put a BigFix Client in quiet mode, it will not send any reports to the BigFix Server or respond to any commands so use caution when enabling this setting.
Default value 0 (false)
Setting type Boolean
Value range 1 (True) - enable quiet mode 0 (False) - disable quiet mode
Platform All
Task available ? No
Client All Virtualized environments and virtual machines
_BESClient_Resource_QuietSeconds
If quiet mode is enabled, you can specify the number of seconds the BigFix Client should stay quiet. This number must be greater than 0 and less or equal to 72000 (20 hours) in order for the BigFix Client to enter quiet mode. In quiet mode, the BigFix Client checks once a minute to determine if the quiet time has elapsed. However, the BigFix Client will quickly respond to service shutdown requests at any time.
Default value 0
Setting type Numeric (seconds)
Value range 0 - 72,000(20 Hours)
Platform All
Task available ? No
Client All Virtualized environments and virtual machines
_BESClient_Resource_QuietStartTime
If quiet mode is enabled, you can specify a time for the BigFix Client to enter quiet mode. Set the time as a string in the form hh:mm where hh is number between 0 and 23, and mm is a number between 0 and 59. This is the local time for which the BigFix Client will quiet down to no activity. If the value is not properly formatted, the client will not enter quiet mode.
Default value None
Setting type String
Value range hh:mm
Platform All
Task available ? No
Client All Virtualized environments and virtual machines
_BESClient_Resource_InterruptSeconds
When a BigFix Client receives a UDP message but is too busy processing a relevance clause, this configuration setting determines the length of time the BigFix Client will wait before it stops evaluating the relevance clause to deal with the UDP message.
Default value 60
Setting type Numeric (seconds)
Value range 1 - 600
Platform All
Task available ? Yes
Client All
_BESClient_Resource_StartupNormalSpeed
It sets the new client to do work (evaluate relevance) until it gets through a complete pass of all the content. In this way a new client can subscribe to sites and complete a full first pass quickly.
Default value 0
Setting type Boolean
Value range 0 or 1
Task available ? No
Platform All
Component restart required ? Yes
Client All
_BESClient_Resource_PowerSaveDeepSleepEnable
It sets the client in deep sleep mode for a designated amount of time. The client ignores UDP messages, queuing them except for send client alert request message. When setting to 1, the client switches to the deep sleep mode.
Default value 0
Setting type Boolean
Value range 0 or 1
Task available ? No
Platform All
Component restart required ? No
Client All
_BESClient_Resource_AccelerateForPendingMessage
This setting affects how _BESClient_Resource_PowerSaveEnable behaves when it receives UDP messages. When set to 1, the client avoids sleeping when it detects pending commands. That is, the client wakes up immediately if there are pending commands. When setting to 0, the client always waits for timer expiration.
Note: This setting does not affect the _BESClient_Resource_PowerSaveDeepSleepEnable setting in any manner.
Default value 0
Setting type Boolean
Value range 0 or 1
Task available ? No
Platform All
Component restart required ? No
Client All
_BESClient_Resource_PowerSaveEnable
It sets the client in sleep mode for a designated amount of time. The client continues to process the UDP messages based on the value set for _BESClient_Resource_AccelerateForPendingMessage. When set to 1, the client switches to the simple sleep mode. This option is useful for tablets and laptops.
Default value 0
Setting type Boolean
Value range 0 or 1
Task available ? No
Platform All
Component restart required ? No
Client All
There are six values of BESClient_Resource_PowerSaveTimeoutX (where X ranges from 0 to 5) that control how many minutes the client sleeps; they will be applied based on both Network and Power Supply conditions.
Network Power Applied timeout Default value
Connected AC or Battery - High BESClient_Resource_PowerSaveTimeout0 10
Connected Battery - Medium BESClient_Resource_PowerSaveTimeout1 20
Connected Battery - Low BESClient_Resource_PowerSaveTimeout2 60
Not connected AC or Battery - High BESClient_Resource_PowerSaveTimeout3 720
Not connected Battery - Medium BESClient_Resource_PowerSaveTimeout4 1,440
Not connected Battery - Low BESClient_Resource_PowerSaveTimeout5 2,880
In cases where the network is "Connected", if there is at least one network interface with internet connection, the battery power is evaluated as follows:
OS Battery - High Battery - Medium Battery - Low
Windows / OS X BatteryLifePercent > 66% 33% <= BatteryLifePercent <= 66% BatteryLifePercent < 33%
Unix / Android BatteryLifePercent = 100% 100% <= BatteryLifePercent <= 20% BatteryLifePercent < 20%
Note:
  • For enterprise servers (which usually do not have a battery), only _BESClient_Resource_PowerSaveTimeout0 and _BESClient_Resource_PowerSaveTimeout3 are used.
  • These parameters take effect only if _BESClient_Resource_PowerSaveEnable or _BESClient_Resource_PowerSaveDeepSleepEnable is set to 1.
_BESClient_Resource_PowerSaveTimeout0
This setting controls how many minutes the client sleeps when the network is present at high power.
Default value 10
Setting type Numeric (minutes)
Value range 0 - 2,147,483,647
Task available ? No
Platform All
Component restart required ? No
Client All Virtualized environments and virtual machines
_BESClient_Resource_PowerSaveTimeout1
This setting controls how many minutes the client sleeps when the network is present at medium power.
Default value 20
Setting type Numeric (minutes)
Value range 0 - 2,147,483,647
Task available ? No
Platform All
Component restart required ? No
Client All Virtualized environments and virtual machines
_BESClient_Resource_PowerSaveTimeout2
This setting controls how many minutes the client sleeps when the network is present at low power.
Default value 60
Setting type Numeric (minutes)
Value range 0 - 2,147,483,647
Task available ? No
Platform All
Component restart required ? No
Client All Virtualized environments and virtual machines
_BESClient_Resource_PowerSaveTimeout3
This setting controls how many minutes the client sleeps when the network is not present at high power.
Default value 720
Setting type Numeric (minutes)
Value range 0 - 2,147,483,647
Task available ? No
Platform All
Component restart required ? No
Client All Virtualized environments and virtual machines
_BESClient_Resource_PowerSaveTimeout4
This setting controls how many minutes the client sleeps when the network is not present at medium power.
Default value 1,440
Setting type Numeric (minutes)
Value range 0 - 2,147,483,647
Task available ? No
Platform All
Component restart required ? No
Client All Virtualized environments and virtual machines
_BESClient_Resource_PowerSaveTimeout5
This setting controls how many minutes the client sleeps when the network is not present at low power.
Default value 2,880
Setting type Numeric (minutes)
Value range 0 - 2,147,483,647
Task available ? No
Platform All
Component restart required ? No
Client All Virtualized environments and virtual machines
_BESClient_Query_WorkTime

This setting is used, together with _BESClient_Query_SleepTime, to configure the QnA CPU throttling. It determines how long the QnA processing a query runs before sleeping.
Default value 10
Setting type Numeric (milliseconds)
Value range 1 - 500
Platform All
Component restart required ? No
Client 9.5 and later Query
_BESClient_Query_SleepTime

This setting is used, together with _BESClient_Query_WorkTime, to configure the QnA CPU throttling. It determines how long the QnA processing a query sleeps before continuing to run.
Default value 480
Setting type Numeric (milliseconds)
Value range 1 - 3,600,000
Component restart required ? No
Platform All
Client 9.5 and later

Top

Proxy agent

Name/Description Values Component(s) affected Version(s) applicable References
_ProxyAgent_ManagementRights_MinRefreshInterval
When enabled, it controls the minimum frequency at which the Proxy Agent evaluates the Management Rights actions. By default it is disabled. If enabled, the devices managed by the Proxy Agent will report faster on the BigFix console but changes against the operators management rights will not be evaluated immediately.
Default value 0 (disabled)
Setting type Numeric (Hours)
Value range 1 - 8,760 (1 hour - 356 days)
Task Available No
Component restart required ? Yes
Proxy agent From 9.5.16

Proxy configuration

Client
Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_Comm_ProxyServer
Sets the hostname that is used to reach the proxy.
Default value None
Setting type String
Value range N/A
Platform All
Component restart required ? No
Client All Setting up a proxy connection on a client
_BESClient_Comm_ProxyPort
Sets the port that is used to communicate with the proxy.
Default value None
Setting type Numeric
Value range 0 - 65,535
Platform All
Component restart required ? No
Client All Setting up a proxy connection on a client
_BESClient_Comm_ProxyUser
Sets the user name that is used to authenticate with the proxy if the proxy requires authentication.
Default value None
Setting type String
Value range N/A
Platform All
Component restart required ? No
Mandatory ? No (depending on the authentication method)
Client All Setting up a proxy connection on a client
_BESClient_Comm_ProxyPass
Sets the password that is used to authenticate with the proxy if the proxy requires authentication.
Default value None
Setting type String
Value range N/A
Platform All
Component restart required ? No
Mandatory ? No (depending on the authentication method)
Client All Setting up a proxy connection on a client
_BESClient_Comm_ProxyManualTryDirect
Specifies whether direct connections can be used. This setting applies if the connection to the proxy uses the hostname or IP Address and port number that are specified in _BESClient_Comm_ProxyServer and _BESClient_Comm_ProxyPort. These values are available:
Default value 0
Setting type Numeric
Value range 0 - 2
0
Do not try direct connection.
1
Try direct connection if a proxy connection cannot be established.
2
Try direct connection first.
Platform All
Component restart required ? No
Mandatory ? No
Client All Setting up a proxy connection on a client
_BESClient_Comm_ProxyAutoDetect
Specifies whether the system uses the proxy configuration settings that are specified for Internet Explorer.
Important: Ensure that at least one user is logged in to the client to be able to get the Internet Explorer configuration settings.
Default value 1
Setting type Boolean
Value range 0 - 1
0
Use the values that are specified in _BESClient_Comm_ProxyServer and _BESClient_Comm_ProxyPort.
1
Use the Internet Explorer configuration settings.
Component restart required ? No
Platform Windows
Mandatory ? No
Client All Setting up a proxy connection on a client
_BESClient_Comm_ProxyAutoDetectTryDirect
Specifies whether direct connections can be used when the system uses the proxy configuration settings that are specified for Internet Explorer. This setting is valid only if _BESClient_Comm_ProxyAutoDetect = 1.
Default value 1
Setting type Numeric
Value range 0 - 2
0
Do not try direct connection.
1
Try direct connection if a proxy connection cannot be established.
2
Try direct connection first.
Platform Windows
Component restart required ? No
Mandatory ? No
Client All Setting up a proxy connection on a client
AutoProxyRawProxyList
Specifies a blank space delimited list of proxies to try to connect to.
Note: This setting is saved in the registry under the following key HKLM\Software\BigFix\EnterpriseClient\GlobalOptions and not user-configured. The information provided here is only for troubleshooting purposes.
Default value None
Setting type String
Value range NA
Platform Windows
Component restart required ? No
Mandatory ? No
Client All Setting up a proxy connection on a client
AutoProxyRawBypassList
Specifies a blank space delimited list of URLs to contact directly without passing through the proxy. You can use the "*" as a wildcard.
Note: This setting is saved in the registry under the following key HKLM\Software\BigFix\EnterpriseClient\GlobalOptions and not user-configured. The information provided here is only for troubleshooting purposes.
Default value None
Setting type String
Value range NA
Platform Windows
Component restart required ? No
Mandatory ? No
Client All Setting up a proxy connection on a client

Top

Server/Relay

Name/Description Values Component(s) affected Version(s) applicable References
_Enterprise Server_ClientRegister_ProxyServer
A BigFix relay can be set up to use a proxy server when downloading files. This could be useful if there is a proxy between the BigFix relay and the BigFix server or if the BigFix relay is connecting directly to the internet for downloads and must use a proxy. This setting controls the hostname used to reach the proxy.
Default value None
Setting type String
Value range N/A
Task available ? No
Server, Relay 9.2 and later
_Enterprise Server_ClientRegister_ProxyPort
A BigFix relay can be set up to use a proxy server when downloading files. This could be useful if there is a proxy between the BigFix relay and the BigFix server or if the BigFix relay is connecting directly to the internet for downloads and must use a proxy. This setting controls the port used by the proxy server.
Default value None
Setting type Numeric
Value range 0 - 65,535
Task available ? No
Server, Relay 9.2 and later
_Enterprise Server_ClientRegister_ProxyUser
A BigFix relay can be set up to use a proxy server when downloading files. This could be useful if there is a proxy between the BigFix relay and the BigFix server or if the BigFix relay is connecting directly to the internet for downloads and must use a proxy. This setting controls the username used to authenticate with the proxy if the proxy requires authentication.
Default value None
Setting type String (username)
Value range N/A
Task available ? No
Server, Relay 9.2 and later
_Enterprise Server_ClientRegister_ProxyPass
A BigFix relay can be set up to use a proxy server when downloading files. This could be useful if there is a proxy between the BigFix relay and the BigFix server or if the BigFix relay is connecting directly to the internet for downloads and must use a proxy. This setting controls the password used to authenticate with the proxy if the proxy requires authentication. Warning: The password will be stored in plain text within the registry.
Default value None
Setting type String
Value range N/A
Task available ? No
Server, Relay 9.2 and later
_Enterprise Server_ClientRegister_ProxySecureTunnel
If set, it defines whether or not the proxy is enforced to attempt tunneling. By default the proxy does not attempt tunneling.
Default value false
Setting type Boolean
Value range 0 | 1
Mandatory ? No
Relay, Server 9.2 and later Setting up a proxy connection on a relay
_Enterprise Server_ClientRegister_ProxyAuthMethodsAllowed
Restricts the set of authentication methods that can be used. You can specify more than one value separated by a comma. For information about restrictions affecting the supported authentication methods when using FIPS, see Setting a proxy connection on the server.
Default value None (Any)
Setting type String
Value range basic | digest | negotiate | nltm
Mandatory ? No
Relay, Server 9.2 and later Setting up a proxy connection on a relay
_Enterprise Server_ClientRegister_ProxyUseForDownstreamComm
If set to 1, this setting indicates that all downstream communications in your Endpoint Manager environment pass through the proxy.
Default value 0
Setting type Boolean
Value range 0 (false) | 1 (true)
Mandatory ? No
Relay, Server 9.2 and later Setting up a proxy connection on a relay
_Enterprise Server_ClientRegister_ProxyExceptionList
Specifies the computers, for example the parent relay, domains and subnetworks that must be reached by the relay without passing through the proxy. Use the following format: 
"localhost, 127.0.0.1, hostname1, hostname2, IP_Addr_A, IP_Addr_B,domain_Z, domain_Y, ..."
By default internal communications are not diverted towards the proxy. To maintain this behavior, ensure that you include localhost, 127.0.0.1 in the list of exceptions when specifying a value for this setting.
Note: Ensure that you read Setting up a proxy connection to learn more about using the proxy exception list on a relay thru the samples.
Default value localhost, 127.0.0.1 (internal communications are not diverted towards the proxy)
Setting type String
Value range N/A
Mandatory ? No
Relay, Server 9.2 and later Setting up a proxy connection on a relay

Top

Registration

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_Register_StopOnFlushError
To prevent that duplicated computers are generated on the Console when the BESClient file system goes temporarily in read-only mode.
Default value 0 (false)
Setting type Boolean
Value range 0 (false) - 1 (true)
Client 9.5.8 and later
_BESClient_Register_IntervalSeconds
The BigFix Client will contact the ClientRegister CGI on the BigFix Server periodically to report its IP address (this is important if the BigFix Client changes IP addresses through DHCP), get the BigFix Server time, and get the BigFix Server version. If this setting is set too high, the BigFix Client may not receive UDP "pings" that tell it to gather the latest sites when new actions or new Fixlet content is available. If this setting is set too low, the BigFix Client will flood the BigFix Server with registration requests.
Default value 21,600 (6 hours)
Setting type Numeric (seconds)
Value range 600 - 82,800 (23 Hours)
Task available ? No
Client All What is the meaning of the message "skipping relay select. Registering with current relay" in BES Client Debug log?
_BESClient_SecureRegistration

To set the value for the password needed to perform a manual registration to an authenticating relay. This setting is useful when a new client needs to be registered to an existing authenticating relay, and the authenticating relay uses a password to perform the key exchange. This setting is read at client startup time only.

In case of failure, the client tries to register again to an existing authenticating relay and follows the same behavior of the relay selection.
Default value None
Setting type String
Value range Only ASCII characters
Platform All
Client 9.5.7 and later
_BESRelay_Selection_AutoSelectableRelay
A value of "0" makes the BigFix relay unavailable for auto selection after the next actionsite propagation. A value of "1" allows the BigFix relay to be used by BigFix clients for auto selection.
Default value 1 (enabled)
Setting type Boolean
Value range 1 (enabled) - Enable Auto Selection

0 (disabled) - Disable Auto Selection
Task available ? No
Relay All How can I control client relay selection for a particular Relay or DSA Server?
_BESClient_RegistrationManager_RegisterWith51Relays
This configuration setting enables a BigFix 6.0 Client to gather from a BigFix 5.1 Relay for troubleshooting purposes (TEM 6.0+).
Default value 0 (disabled)
Setting type Boolean
Value range 1 (enabled)

0 (disabled)
Task available ? No
Client All How can I control client relay selection for a particular Relay or DSA Server?
_Enterprise Server_ClientRegister_ClientRegistrationExpirationPeriod
This setting controls how quickly BigFix relays mark BigFix clients as expired. BigFix clients have this length of time to register again before their license is made available for use by another BigFix client. This setting could be used to increase the rate at which licenses are transferred from offline BigFix clients to active BigFix clients when the total number of clients gets above the license seat count.
Default value 1,440 (1 day)
Setting type Numeric (minutes)
Value range 1 - 4,294,967,295
Task available ? No
Relay, Server All Proxy Configuration (Server/Relay)
_Enterprise Server_ClientRegister_MaxRelayPathLength
This setting is used to control the maximum length a chain of BigFix relays can extend. The setting prevents circular chains of BigFix relays from forming by automatic BigFix relay selection. This setting could be used to stop long chains of BigFix relays from forming or create a maximum depth a BigFix relay can be from the BigFix server.
Default value 32
Setting type Numeric
Value range 1 - 4,294,967,295
Task available ? No
Relay, Server All

Top

Relay selection
Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_RelaySelect_AlwaysOnIPListChange

If a client is temporarily on a sub-network from where it cannot register to the desired relay, the client registers with the root server. By default an auto relay selection is not triggered even if, later on, the client IP situation changes and the client can communicate again with the desired relay. This means that the client will continue to be registered with the root server until a new explicit relay selection occurs.

You can assign the value 1 to this configuration setting to change the default behavior and trigger automatically a new relay selection when the IPList addresses changes after the registration even if the IP used for the current registration is still available.
Default value 0 (false)
Setting type Boolean
Value range 0 (false) - 1 (true)
Client 9.2.8 and later
_BESClient_RelaySelect_IntervalSeconds
The BigFix Relay selection algorithm will run this often. If a closer BigFix Relay is found, the closer BigFix Relay will be used.
Note: If the BigFix Relay selection is failing, this interval is ignored.
Default value 21,600 (6 hours)
Setting type Numeric (number of seconds)
Value range 600 - 31,536,000 (1 year)
Task available ? Yes
Client, Relay All What is the meaning of the message "skipping relay select. Registering with current relay" in BES Client Debug log?
_BESClient_RelaySelect_MinRetryIntervalSeconds
If the BigFix Relay selection algorithm fails (no BigFix Relays are found), the BigFix Client will try again after this many seconds. The BigFix Client will double this value on each successive retry that fails to locate a BigFix Relay.
Default value 60
Setting type Numeric (number of seconds)
Value range 0 - 31,536,000 (1 year)
Task available ? Yes
Client All
_BESClient_RelaySelect_MaxRetryIntervalSeconds
After failing to find a BigFix Relay, the BigFix Client will continue to try to find a BigFix Relay. Each time it fails, the BigFix Client will double the time it spends until this maximum is exceeded. Then the BigFix Client will try with this maximum retry interval until it successfully selects a BigFix Relay.
Default value 7,200 (2 Hours)
Setting type Numeric (Seconds)
Value range 0 - 31,536,000 (1 year)
Task available ? Yes
Client All
_BESClient_RelaySelect_MaximumTTLToPing
The maximum number of network hops (Time To Live) a BigFix Client will search over before considering its automatic relay selection attempt a failure. A BigFix Client will be able to find only BigFix Relays that are less than the maximum number of network hops away from the BigFix Client. This setting can be used to limit the ICMP traffic generated by the automatic relay selection algorithm.
Default value 20
Setting type Numeric
Value range 1 - 255
Task available ? Yes
Client, Relay All Automatic relay selection in a high latency and/or high hop network is failing
_BESClient_RelaySelect_PingDelayMicroSeconds
During the automatic relay selection algorithm, the BigFix Client will wait this long between each iteration. On each iteration the BigFix Client sends ICMP packets with a TTL greater than the last iteration. This setting can be used to slow down the automatic relay selection algorithm and reduce the network traffic generated.
Default value 200
Setting type Numeric (microseconds)
Value range 0 - 1,000,000 (1 second)
Task available ? No
Client All Automatic relay selection in a high latency and/or high hop network is failing
_BESClient_RelaySelect_ResistFailureIntervalSeconds
This setting controls the time interval that the BigFix Client will ignore communications errors before performing BigFix Relay selection. Once a BigFix Relay has been selected and the BigFix Client has successfully registered, it will ignore errors when it attempts to post its results to the BigFix Relay or BigFix Server for this long before deciding to choose another BigFix Relay.
Default value 600 (10 minutes)
Setting type Numeric (seconds)
Value range 0 - 21,600 (6 hours)
Task available ? Yes
Client All Configuring relay failover
_BESClient_RelaySelect_FailoverRelay
This setting determines what the BigFix Client will do in the event that no BigFix Relays respond to TTL pings up to the maximum configured distance. In this event, the BigFix Client will attempt to register with the defined failover BigFix Relay before trying the BigFix Server. This setting was first introduced in BigFix 5.1.
Note: This format is the same as for the __RelayServer1 and __RelayServer2 settings. For example: http://servername:port/bfmirror/downloads/.
Default value None
Setting type String (URL of the failover relay)
Task available ? No
Client All What manual Relay selection options do I have for my clients and Relays?
_BESClient_RelaySelect_FailoverRelayList
This setting contains a list of failover relays to choose from when no relay listed as primary, secondary or specified in the tertiary list responded to pings. This setting, first introduced in BigFix 9.0, is a semi-colon delimited list of relays to try. For automatic relay selection, see Relay Affiliation. If specified, this setting overrides _BESClient_RelaySelect_FailoverRelay. (Example: relay1.company.com;192.168.123.32;relay2.company.com)
Default value None
Setting type String
Value range A semicolon-separated list
Task available ? No
Platform All
Component restart required ? No
Client All
__RelaySelect_Automatic
Use this setting to specify if the client is configured for automatic parent relay selection. Setting "__RelaySelect_Automatic = 1" means that the client uses the automatic parent relay selection.
Note: Clients that are configured for automatic parent relay selection cannot communicate through a proxy with their parent relay because they must be able to ping the relay.
Default value 0 (disabled)
Setting type Boolean
Value range 1 (enabled), 0 (disabled)
Task available ? Yes
Client All
_BESClient_RelaySelect_TertiaryRelayList
When using manual relay selection, this setting is a way to specify a list of failover relays to choose from when the primary and secondary relays are not reachable. This setting is a semi-colon delimited list of relays to try. Manual selection goes in this order, primary/secondary/tertiary list/failover/root. For automatic relay selection, see Relay Affiliation. (Example: relay1.company.com;192.168.123.32;relay2.company.com)
Default value None
Setting type String
Value range A semicolon-separated list
Task available ? No
Client All What manual Relay selection options do I have for my clients and Relays?

Top

Relay management
Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_Relay_NameOverride
If the BigFix Relay is using a DNS name that is not accessible by all BigFix Clients, an override can be used. If this value is set on the BigFix Relay computer, it will return this setting for the dns name inspector, which will be reported to the BigFix Server and used by other BigFix Clients to locate the BigFix Relay. You can also use this value if you want your BigFix Clients to locate their relays by IP address, rather than DNS name lookup. For example, if the BigFix Relay is reported at relay1:52311, you can use this setting to make the BigFix Relay be accessible at relay1.company.com:52311 or even 192.168.100.123:52311.
Note: This value needs to be set on only the one BigFix Relay computer and not on all the BigFix Client computers.
Default value None
Setting type String (override name)
Value range hostname OR ipaddress (do not include port number)
Task available ? Yes
Relay All Why are my BigFix Clients not choosing their specified BigFix Relay?
_BESClient_Relay_Chain_Days
The relay chain information is stored in .txt files within a new client folder named RelayChain located in the BES Global directory. Use this setting to specify the number of days for which the files should be retained in the folder.
Default value 10
Setting type Numeric (days)
Value range 0 - 366
Client 9.5.13 and later Viewing the relay chain on the client

Top

Affiliation
Name/Description Values Component(s) affected Version(s) applicable References
_BESRelay_Register_Affiliation_AdvertisementList

This BigFix Client setting should also be set to a semi-colon (;) delimited list of relay affiliation groups. For example: AsiaPacific;DMZ;*

Note: The labels, defined in the client setting _BESRelay_Register_Affiliation_AdvertisementList and delimited by semi-colon ( ; ), must not be bigger than 64 characters.
Default value None
Setting type String (A semicolon-separated list)
Task available ? No
Relay All
_BESClient_Register_Affiliation_SeekList

This BigFix Client setting should be set to a semi-colon (;) delimited list of relay affiliation groups. For example: AsiaPacific;Americas;DMZ
Default value None
Setting type String (A semicolon-separated list)
Task available ? No
Client All

Top

Child Number Limit
Name/Description Values Component(s) affected Version(s) applicable References
_Enterprise Server_ClientRegister_MaxChildCount
Maximum number of clients the BigFix relay will allow to register. Once this limit is reached, connections will be rejected. This limit also includes the registered BigFix clients that are not running but that are in the registration list. The not running BigFix clients are removed from the registration list after 24 hours.
Note: The setting should be applied before the clients are registered.
Default value 0 (unlimited)
Setting type Numeric
Value range 0 - 4,294,967,295
Task available ? No
Server, Relay All Logics about automatic relay selection
_Enterprise Server_ClientRegister_MaxChildRelayCount
Maximum allowed number of BigFix clients that are BigFix relays registered to the parent. This limit also includes the registered BigFix relays that are not running but that are in the registration list. The not running BigFix relays are removed from the registration list after 24 hours. This limit is calculated independently of the MaxChildCount setting.
Note: The setting should be applied before the relays are registered.
Default value 0 (unlimited)
Setting type Numeric
Value range 0 - 4,294,967,295
Task available ? No
Server, Relay All Logics about automatic relay selection

Top

Client notification

Command polling
Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_Comm_CommandPollEnable

When this configuration setting is enabled, computers will poll their parent relay for UDP commands they may have missed. If you set it to '1', the BigFix Client will check with its BigFix Relay for any new gathers or refreshes when the number of seconds specified in “_BESClient_Comm_CommandPollIntervalSeconds elapses.999999"
Default value 0
Setting type Boolean
Value range 1 (True) - 0 (False)
Task available ? Yes
Client 9.2 and later
_BESClient_Comm_CommandPollIntervalSeconds
When 'BESClient_Comm_CommandPollEnable = 1', this configuration setting determines how often the BigFix Client will check with its BigFix Relay for any gathers or refreshes. Avoid setting this to be less than 900 seconds due to performance implications.
Default value 900
Setting type Numeric (seconds)
Value range 60 - 31,536,000 (1 Year)
Task available ? Yes
Client 9.2 and later Changing the gather interval for a BigFix Client via the command polling client settings

Top

UDP Notification
Name/Description Values Component(s) affected Version(s) applicable References
_Enterprise Server_ClientRegister_BatchCount
This setting controls the number of UDP pings the BigFix relay will send before delaying for a period of time. The length of the delay is controlled by _Enterprise Server_ClientRegister_BatchDelay. This setting could be used to limit the rate at which a BigFix relay sends out UDP pings if this network traffic is harmful in some way.
Default value None
Setting type String
Value range N/A
Task available ? No
Component restart required ? Yes
Server, Client, Relay 9.2 and later
_Enterprise Server_ClientRegister_BatchDelay
This setting controls how long the BigFix relay will wait between sending out a batch of UDP pings to BigFix clients. This setting could be used to limit the rate at which a BigFix relay sends out UDP pings if this network traffic is harmful in some way.
Default value 1,000
Setting type Numeric (milliseconds)
Value range 1 - 4,294,967,295
Task available ? No
Component restart required ? Yes
Server, Client, Relay 9.2 and later
_Enterprise Server_ClientRegister_DisableChildUDPMessages

A client setting that you can set on the BigFix server or a BigFix relay to control the UDP notifications sent to the BigFix clients children.

If set to 1, no UDP notifications are sent from that machine to the attached BigFix Clients. In this case the BigFix Client subscribed to that parent relay must periodically poll the parent to look for notifications and downloads. See also _BESClient_Comm_CommandPollEnable and _BESClient_Comm_CommandPollIntervalSeconds client settings.

This setting does not affect the behavior of the BigFix Client installed on the relay or on the server which continues to receive UDP messages.
Default value 0
Setting type Boolean
Value range 0 - 1
Task available ? No
Component restart required ? Yes
Server, Client 9.2 and later
_BESClient_Comm_ListenEnable
When set to 0 the BigFix Client will not listen for UDP messages. If the BigFix Client does not receive UDP messages it will not receive gather pings sent from the BigFix Server notifying the BigFix Client of new actions and content.
Default value 1 (True)
Setting type Boolean
Value range 1 (True) - Listen for UDP 0 (False) - Ignore UDP
Task available ? No
Client 9.2 and later

Top

Persistent TCP connections

For detailed documentation on how to manage persistent TCP connections, see Persistent connections.

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_PersistentConnection_Enabled
Controls the ability to create a persistent connection on the client.

Set the value for this setting to 1 (True) if you want to enable the process for creating a persistent connection on the client. The TCP persistent connection is established between a client and its parent relay.
Default value 0 (False)
Setting type Boolean
Value range 0 - 1
Task available ? No
Client 9.5.11 and later Persistent connections
_BESRelay_PersistentConnection_Enabled
Controls the ability to create a persistent connection on the relay. Set the value for this setting to 1 (True) if you want to enable the process for creating a persistent connection on the relay. The TCP persistent connection is established between a client and its parent relay.
Default value 0 (False)
Setting type Boolean
Value range 0 - 1
Task available ? No
Relay 9.5.11 and later Persistent connections
_BESRelay_PersistentConnection_NumberPerSubnet
It defines the number of simultaneous persistent connections that the relay can establish for each subnet. From this value depends the fault-tolerance capability of the relay if connection failures occur in the subnet which affect the clients.
Default value 3
Setting type Numeric (seconds)
Component restart required ? Yes
Relay 9.5.11 and later Persistent connections
_BESRelay_PersistentConnection_MaxNumber
It defines the maximum overall number of simultaneous persistent connections that the relay can establish. This setting prevents that a relay keeps too many connections open.
Default value 100
Setting type Numeric (seconds)
Component restart required ? Yes
Relay 9.5.11 and later Persistent connections
_BESRelay_PersistentConnection_KeepAliveSeconds
It determines how often the relay performs the health check of the established persistent connections.
Default value 600
Setting type Numeric (seconds)
Component restart required ? Yes
Relay 9.5.11 and later Persistent connections
_BESClient_PersistentConnection_SubnetCidrOverride

It overrides the subnet value detected by the client and has only effect in the context of the persistent connection. This setting is useful within more complex networks where the value of the subnet detected by the client might prevent persistent connections from working properly. The setting is effective only on clients having

_BESClient_PersistentConnection_Enabled set to 1.
Default value NA
Setting type valid CIDR format (For example 192.168.1.0/24)
Component restart required ? No
Note: The setting takes effect after the following client registration.
 Client 9.5.11 and later Persistent connections

Top

Communication

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_Comm_SkipInternetActiveTest
Before the BigFix Client tries to gather it will check the Windows API connection test to determine if an internet connection is available. This setting will allow the BigFix Client to ignore the results of the connection test and attempt to gather anyway.
Default value 0 (False)
Setting type Boolean
Value range 1 (True) - ignore connection test 0 (False) - perform connection test
Task available ? No
Client 9.2 and later
_BESClient_Comm_IPCommunicationsMode
This setting determines the network topology preference. Available values for this settings are: "Ipv4ThenIpv6", "Ipv6ThenIpv4", "OnlyIpv4". This setting was first added in BigFix 9.0.
Note: PeerNest is not affected by the address family order and it uses IPv6 if available, otherwise it uses IPv4. If you want to force it on IPv4, then you must use the "OnlyIpv4" setting value.
Default value Ipv4ThenIpv6
Setting type String
Value range Ipv4ThenIpv6, Ipv6ThenIpv4, OnlyIpv4
Task available ? No
Component restart required ? No
Client 9.2 and later

Top

Authentication
Name/Description Values Component(s) affected Version(s) applicable References
_BESRelay_Comm_KeyExchangePassword
If an agent does not have a certificate and can only reach an authenticating relay on the network, connected through the internet, you can enable the key exchange with an authenticating relay. The client includes the password in its key exchange with the authenticating relay, which verifies it before forwarding the key exchange to its parent.
Default value None
Setting type String
Component restart required ? No
Relay 9.2 and later Manual key exchange
_BESRelay_Comm_Authenticating
Set to 1 to configure an authenticating relay or use the related task in the BES Support site. To configure an open relay, set the parameter to 0 or use the related task in the BES Support site.
Default value 0
Setting type Boolean
Value range 0 (disabled)

1 (enabled)
Component restart required ? Yes
Relay 9.2 and later

Top

Download

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_Download_SizeLimitMB

Use this setting to specify the size in MB that must not be exceeded by the total size of the downloads associated to an action. If the total size of the downloads associated with the action exceeds the specified value, the action is prevented from running. This check is done by the target agent for each action requiring the download of one or more than one files.

Condition `download <url>`:

Not being predictable the size of the download, it is considered by default the maximum value (4,294,967,295). Therefore, if the connected Relay is not a preferred Relay in the download condition mentioned above, the action is prevented from running.

Condition `download now <url>`:

Does not use the Relay Hierarchy, the check will not be executed. It is the same condition as when the setting is not defined.

In case of a dynamic download, for each action, the check is done on the total size of the files downloaded in the prefetch passes. When the threshold is reached, the download stops.
Default value max unsigned int32 (4,294,967,295)
Setting type Numeric (MB)
Value range 0 - 4,294,967,295
Task available ? No
Component restart required ? No
Client 9.5.9 and later Managing Downloads
_BESClient_Download_Direct
Normally, BigFix Clients will contact their BigFix Relay to receive downloads from the internet. This setting forces the BigFix Client to download files directly from the internet using the url specified. This setting takes precedence over other download settings.
Default value 0 (False)
Setting type Boolean
Value range 1 (True) - download from the Internet; 0 (False) - download normally
Task available ? No
Client All Managing Downloads
_BESClient_Download_DirectOnFail
When the BigFix Client fails to download a file from the BigFix Server or BigFix Relay, it can attempt to download the file directly from the Internet.
Note: If there is a proxy in your network that blocks unauthenticated access to the Internet, turning this setting to 1 (True) may not work.
Default value 0 (False)
Setting type Boolean
Value range 1 (True) - download from the Internet on failure 0 (False) - do not download from Internet on failure
Task available ? No
Client All Managing Downloads
_BESClient_Download_MinimumDiskFreeMB
This setting stops both stages of downloading (normal stage and pre-caching stage) if the free space of the disk on which the client stores downloads is less than the value of this setting.
Default value 20
Setting type Numeric (in MB)
Value range 0 - 4,294,967,295
Task available ? No
Client All Managing Downloads
_BESClient_Download_NormalStageDiskLimitMB
This setting stops normal stage downloading if the client is already using this much normal stage download disk space. Actions marked for normal downloads will report constrained if the total space used for downloads exceeds this limit.
Note: Normal stage downloads may exceed this limit by borrowing some space from the pre-cache stage space if it is not full.
Default value 2,048
Setting type Numeric (in MB)
Value range 0 - 4,294,967,295
Task available ? No
Client All
_BESClient_Download_PreCacheStageContinueWhenDiskLimited

This setting indicates whether files that are pre-cached for a group action can be removed on the Client system to allow the Agent to continue with action download requests for subsequent sub actions in the group. Files that are removed from the pre-cache area on the Client have to be downloaded again at run time from the parent relay, if required by a sub action.

Default value 0 (Disabled)
Setting type Boolean
Value range 0 (Disabled) or 1 (Enabled)
Task available ? No
Client 9.5.10 and later Enabling data pre-cache
_BESClient_Download_PreCacheStageDiskLimitMB

This setting stops pre-cache stage downloading if the client is already using this much pre-cache stage download disk space. Actions marked for pre-caching will report constrained if the total space used for downloads exceeds this limit.
Default value 250
Setting type Numeric (in MB)
Value range 0 - 4,294,967,295
Task available ? No
Client All
_BESClient_Download_PreCacheStageEnabled

This setting determines if pre-cache download functionality is enabled. Set this to zero (0) to disable pre-caching of downloads.
Default value 1 (Enabled)
Setting type Boolean
Value range 1 (Enabled), 0 (Disabled)
Task available ? No
Client All
_BESClient_Download_RetryMinutes
When the BigFix Client fails to download a file from the BigFix Server or a BigFix Relay during an action, it will wait for the specified amount of time then try again. After each failed attempt, it will double the previous retry interval used until is reached an upper bound limit of 480 minutes (8 hours) hard-coded.
Note: The RetryMinutes value means: another download attempt does not start for a period of x minutes; when the attempt actually occurs might vary depending on the client activities and load.
Default value 1
Setting type Numeric (minutes)
Value range 0 -10 (minutes)
Task available ? No
Client All BigFixTroubleshooting Downloads
_BESClient_Download_RetryLimit

When the BigFix Client fails to download a file from the BigFix Server or a BigFix Relay during an action, it will retry the specified number of times. The retry interval is managed by the _BESClient_Download_RetryMinutes setting.
Default value 6
Setting type Numeric (retry limit)
Value range 0 - 100
Task available ? No
Client All BigFixTroubleshooting Downloads
_BESClient_Download_ChannelThreshold

The BigFix Client can simultaneously download two files at a time by using one "main channel" and one "thin channel" when the BigFix Client is attached to the BES Root Server. The main channel is used for all downloads, but if the main channel is currently downloading a large file, the thin channel can be used to download smaller files if the download size is less than the specified threshold. If this setting is set high, the BigFix Client will use the thin channel to download larger files, which could slow down actions because two large files may be downloading at the same time (each using half the bandwidth) instead of one file after the other. If this setting is set low, the thin channel will be used for only very small file downloads.
Default value 500,000
Setting type Numeric (bytes)
Value range 1 - 100,000,000 (Set to 0 to disable the thin channel)
Task available ? No
Client All
_BESClient_Download_InactivityTimeout

When the BigFix Client is downloading a file from the BigFix Server or BigFix Relay, it sometimes will experience some inactivity because of network problems, disconnections, etc. When there is inactivity, the BigFix Client will wait for the specified number of seconds to receive more data before aborting the download.
Default value 300 (5 minutes)
Setting type Numeric (seconds)
Value range 0 - 4,294,967,295
Task available ? No
Client All BigFixTroubleshooting Downloads
_BESClient_Download_DownloadsCacheLimitMB

This configuration setting sets the BigFix client download cache limit. The BigFix client keeps all files that were cached in the same day, regardless of the download cache limit. If there is only one file which is larger than the configured download cache size, the BigFix client keeps this file, regardless of the age or the download cache limit.
Default value 20
Setting type Numeric (in MB)
Value range 0 - 4,294,967,295
Task available ? No
Client All
_BESClient_Download_UtilitiesCacheLimitMB

This configuration setting sets the Utility cache limit.
Default value 10
Setting type Numeric (in MB)
Value range 0 - 4,294,967,295
Task available ? No
Client All
_BESRelay_Downloads_OlderThanInDays
This setting specifies which rows listing the downloaded files must be deleted by the cleanup task in the Mirror Server/Config/DownloadState.db database on the Relay. The rows representing files older than the value specified in this setting are deleted from that database.
Note:

The information about the downloaded files is visible at: http://server_host:52311/cgi-bin/bfenterprise/BESMirrorRequest.exe.
Default value 60
Setting type Numeric (days)
Value range 0 - 2,147,483,647
Task available ? No
Relay All Download Status Report Clean-up

Top

Reports management

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_Report_MinimumInterval

When the BigFix Clients are performing an action, they will send reports of the status of the action (Evaluating, Waiting, Running, Fixed, etc.). This setting controls the minimum number seconds between sending reports. If this number is too high, the BigFix Clients will take a long time update their action status. If this number is too low, it will put extra load on the BigFix Server to process the extra action status reports.
Default value 60
Setting type Numeric (in seconds)
Value range 0 - 86,400
Task available ? No
Client All
_BESRelay_PostResults_ResultTimeLimit
The BigFix relay accumulates reports from the BigFix clients and then compresses them and sends them to the parent BigFix relay or BigFix server after waiting a specified amount of time. This setting sets the amount of time to wait before sending the reports. The longer the wait, the more latency before the BigFix server receives the reports from the BigFix clients, but the greater the efficiency of the system (lower network traffic).
Default value 3
Setting type Numeric (seconds)
Value range 1 - 4,294,967,295
Task available ? No
Relay All BES Client report interval vs BES Relay post
_BESRelay_PostResults_RawCarbonCopyPath
If specified, this setting defines the path on the relay where a copy of the BigFix reports must be saved for troubleshooting purposes. By default no copy is saved.
Default value None
Setting type String (path)
Relay All
_BESRelay_PostResults_QueryRawCarbonCopyPath
If specified, this setting defines the path on the relay where a copy of the BigFix Query reports must be saved for troubleshooting purposes. By default no copy is saved.
Default value None
Setting type String (path)
Relay 9.5.2 and later
_BESRelay_PostResults_ResultSizeLimit
This is the maximum size in bytes of inputs to an archive that a relay submits to its parent. No more files will be added to the archive once this limit has been exceeded (although the last file added cab push the size over the limit).
Note:
  • The archive of uncompressed and unencrypted reports are themselves compressed, so the output of the archiving process may be smaller than ResultSizeLimit even when the limit gets hit.
  • The Relay does *not* immediately start posting the next repost after running into this limit, so this setting can serve as a throughput limiter on the relay.
Default value 1024*1024
Setting type Numeric (size in bytes)
Component restart required ? Yes
Relay All

Top

Query

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_Query_MOMaxQueryTime

This setting determines how long the QnA can process a query submitted by a Master Operator before stopping, discarding the request and responding to the agent that the request could not be completed because the maximum processing time has elapsed.
Default value 60
Setting type Numeric (seconds)
Value range 1 - 3,600
Client 9.5.2 and later
_BESClient_Query_NMOMaxQueryTime

This setting determines how long the QnA can process a query submitted by a Non Master Operator before stopping, discarding the request and responding to the agent that the request could not be completed because the maximum processing time has elapsed.
Default value 10
Setting type Numeric (seconds)
Value range 1 - 3,600
Client 9.5.2 and later
_BESClient_Query_IdleTimeout

This setting determines how long the QnA will wait for new reports to be processed before stopping. The QnA will start automatically when a new query to process is received by the agent.
Default value 600
Setting type Numeric (seconds)
Value range 60 - 3,600
Client 9.5.2 and later Getting client information by using BigFix Query
_BESRelay_Query_RemovalTask
This setting determines how often the BigFix Query requests cleanup task runs to free up space in the cache on the relay.
Default value 10
Setting type Numeric (minutes)
Relay 9.5.2 and later Getting client information by using BigFix Query
_BESRelay_Query_MinTime
This setting determines the criteria used by the cleanup task for removing BigFix Query requests. When the cleanup task runs, it removes the requests whose age is older or equal to the value specified in the setting.
Default value 60
Setting type Numeric (minutes)
Relay 9.5.2 and later Getting client information by using BigFix Query
_BESRelay_Query_MemoryLimit
This setting specifies the maximum size of the cache that can be used on the relay to store the BigFix Query requests. When the specified threshold is exceeded, the older entries are removed until the threshold is satisfied again.
Default value 100
Setting type Numeric (MB)
Relay 9.5.2 and later Getting client information by using BigFix Query
_BESRelay_Query_ResultsMemoryLimit
This setting specifies the maximum size of the cache that can be used on the relay to store the BigFix Query results. When the specified threshold exceeds the older entries, regardless of their age, are removed until the threshold is satisfied again.
Default value 100
Setting type Numeric (MB)
Relay 9.5.2 and later Getting client information by using BigFix Query

Top

Application Usage Collection

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_UsageManager_EnableAppUsage
If you set this configuration setting to 1, you enable the application usage tracking on the Client system. By doing so you allow application usage tracking inspectors to report the time intervals when the instances of the applications are running.
Default value 0 (false)
Setting type Boolean
Value range 0 or 1
Platform All
Component restart required ? No
Client 9.2 and later
_BESClient_UsageManager_EnableAppUsageSummaryApps

In this configuration setting you can specify the list of names of the applications that the agent should collect usage summary information about. Use the ':' character as separator, for example:

"+:app1:app2" means to track app1 and app2

"-:app1:app2" means to track all applications but app1 and app2

This setting requires the _BESClient_UsageManager_EnableAppUsageSummary to be set to 1.
Default value Null
Setting type String
Value range Null
Platform All
Component restart required ? No
Client 9.2 and later
_BESClient_UsageManager_EnableAppUsageSummary

Set this configuration setting to 1 to enable collecting application usage summary data on the Client system.
Default value 0 (false)
Setting type Boolean
Value range 0 or 1
Platform All
Component restart required ? No
Client 9.2 and later Application usage summary
_BESClient_UsageManager_EnableAppUsageSummaryPath

This setting is used to determine whether or not the Client must collect and save the full path information of the executable of an application. You can retrieve this information by running the application usage summary inspector on the Client system.

When this setting is turned on (value 1), the Agent collects and saves the executable full path data in the UsageData stat files.

When the setting is turned off (value 0), the saved full path data is deleted and the used disk space is released.

If _BESClient_UsageManager_EnableAppUsageSummaryPath is set to 0, the application usage summary inspector returns "nonexistent object" errors.

This setting requires the_BESClient_UsageManager_EnableAppUsageSummary to be set to 1.
Default value 0 (false)
Setting type Boolean
Value range 0 or 1
Platform All platforms except AIX
Component restart required ? No
Client 9.5.5 and later

Top

Bandwidth throttling

Set on the BigFix Server or on the BigFix Relays to control how to download files during the gathering phase.

Name/Description Values Component(s) affected Version(s) applicable References
_BESGather_Download_LimitBytesPerSecond
BigFix Gather can "throttle" the download speed by limiting the amount of bytes it downloads per second. This setting is especially effective if network bandwidth is a concern (such as with a dial-up connection). When this setting is used on the BigFix Relay, the BigFix Relay will limit its download speed when downloading from the BigFix Server or parent BigFix Relay. This setting throttles all downloading traffic.
Default value 0 (disabled)
Setting type Numeric (bytes)
Value range 0 - 4,294,967,295 (Set to 0 to disable download throttling and use the maximum possible bandwidth)
Component restart required ? Yes
Task available ? Yes
Server, Relay All Bandwidth throttling
_BESGather_Download_ThrottleGroup
The parent considers this Relay to be part of the group that is specified here.
Default value An empty string
Setting type String
Platform Windows
Relay All
_BESClient_Download_ThrottleGroup
The parent considers this client to be part of the group that is specified here.
Default value An empty string
Setting type String
Client All
_BESRelay_HTTPServer_ThrottleKBPS
'Global' throttling on outgoing data to BigFix clients from the BigFix relay/server (0 means no limit). If its value is 1000 and there are 100 clients downloading simultaneously, the BigFix relay/server will send data to each BigFix client at 10KBPS (for a total of 1000KBPS). Throttling is implemented by sending a chunk of data at full speed, and then waiting chunksize/KBPS seconds before sending the next chunk so if all requests are smaller than the chunk size, then there may be no throttling at all. Uploaded data to other BigFix relays/server is not throttled by this setting (PostResults data).
Default value 0 (disabled)
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Server, Relay All Bandwidth throttling
_BESClient_Download_LimitBytesPerSecond

The BigFix Client can "throttle" the download speed by limiting the amount of bytes it downloads per second. This setting is especially effective if network bandwidth is a concern (such as with a dial-up connection). If the BigFix Server or BigFix Relay is also set to use throttling, the lower of the two values will be used as the download speed.
Default value 0 (disabled)
Setting type Numeric (bytes/second)
Value range 0 - 4,294,967,295 (Set to 0 to disable download throttling)
Task available ? Yes
Component restart required ? No
Client All Bandwidth throttling
_WebReports_HTTPServer_ThrottleKBPS
Server-side static throttling settings control the total amount of download traffic that a server will send out to clients using static throttling. This setting denotes the amount of bandwidth allocated to any given write connection divided by the number of active write connections.
Default value 0 (disabled)
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Web Reports All Bandwidth throttling
_BESRelay_HTTPServer_DynamicThrottleEnabled
When you enable dynamic throttling for any given link, BigFix monitors and analyzes the existing data throughput to establish an appropriate data rate. If there is no competing traffic, the throughput is set to the maximum rate. In the case of existing traffic, it throttles the data rate to the specified percentage or the minimum rate, whichever is higher.
Default value 0 (disabled)
Setting type Boolean
Value range 0 - 1
Task available ? Yes
Component restart required ? Yes
Server, Relay All
_BESRelay_HTTPServer_DynamicThrottleMaxKBPS
This setting usually defaults to the maximum unsigned integer value, which indicates full throttle. Depending on the link, this value sets the maximum data rate in bits or kilobits per second.
Default value 0 (No limit)
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Server, Relay All
_BESRelay_HTTPServer_DynamicThrottleMinKBPS
This setting defaults to zero. Depending on the link, this value sets the minimum data rate in bits or kilobits per second. This value places a lower limit on the percentage rate given below.
Default value 0
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Server, Relay All
_BESRelay_HTTPServer_DynamicThrottlePercentage
Specify a target percentage from 1 to 100 (0 is treated the same as 100).
Default value 0
Setting type Numeric
Value range 1 - 100
Task available ? Yes
Component restart required ? Yes
Server, Relay All
_BESClient_Download_DynamicThrottleEnabled
Same as _BESRelay_HTTPServer_DynamicThrottleEnabled
Default value 0 (disabled)
Setting type Boolean
Task available ? Yes
Component restart required ? Yes
Client All
_BESClient_Download_DynamicThrottleMaxBytesPerSecond
Default value 0 (No limit)
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Client All
_BESClient_Download_DynamicThrottleMinBytesPerSecond
Default value 0
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Client All
_BESClient_Download_DynamicThrottlePercentage
Specify a target percentage from 1 to 100 (0 is treated the same as 100).
Default value 0
Setting type Numeric
Value range 0 - 100
Task available ? Yes
Component restart required ? Yes
Client All
_BESGather_Download_DynamicThrottleEnabled
Same as _BESRelay_HTTPServer_DynamicThrottleEnabled
Default value 0 (disabled)
Setting type Boolean
Task available ? Yes
Component restart required ? Yes
Relay All
_BESGather_Download_DynamicThrottleMaxBytesPerSecond
Default value 0 (No limit)
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Relay All
_BESGather_Download_DynamicThrottleMinBytesPerSecond
Default value 0
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Relay All
_BESGather_Download_DynamicThrottlePercentage
Specify a target percentage from 1 to 100 (0 is treated the same as 100).
Default value 0
Setting type Numeric
Value range 0 - 100
Task available ? Yes
Component restart required ? Yes
Relay All

Top

Airgap Mode

Name/Description Values Component(s) affected Version(s) applicable References
_BESServer_AirgapMode_Enabled

With this setting, you specify if your server will access the Internet for updating the license and gathering the sites or not.

This setting does not have an impact on the actions containing prefetch or download instructions.

Set to 1 to prevent your server from accessing the Internet for updating its license and gathering new sites. In this case, the log files will not display any errors.

Set to 0 to allow your server to connect to the Internet to verify if some license updates are available and if new sites versions can be gathered. In this case, if the server does not have Internet connectivity, the log files will display some errors.
Default value 0
Setting type Boolean
Value range 0 (disabled) and 1 (enabled)
Component restart required ? Yes
Server 9.5.11 and later

Top

HTTP server

Name/Description Values Component(s) affected Version(s) applicable References
_BESRelay_HTTPServer_MaxConnections
The maximum number of connections the Relay or RootServer HTTP Server can handle. It can be used as throttling parameter.
Default value 2,048 (Windows)

512 (Linux)
Setting type Numeric (number of threads)
Value range 1 - 65,536
Task available ? No
Relay, Root Server All
_HTTPServer_Referrer_CheckEnabled
Enable or disable the check on an optional header of the HTTP protocol. It identifies the address of the web page (that is the URI or IRI) that linked to the resource being requested. If the referrer check is enabled, BigFix checks if the referrer does not exist or, if it exists, if it contains the hostname that originated the request. If neither of these two conditions is satisfied, the requested is rejected due to an "Invalid Referrer". If SAML is enabled, BigFix automatically does not check the referrer when running Web Reports because, otherwise, the requests coming from the SAML backend would be rejected. For fresh BigFix installations, this setting is set to 1 at installation time.
Default value 0 (disabled)
Value range 0 (disabled)

1 (enabled)
Setting type Boolean
Relay, Root server, Web Reports 9.5.2 and later
_HTTPServer_HostHeader_CheckEnabled
Enable or disable the check on the host header of the HTTP protocol. When enabled, the host header is compared against the value of _WebReports_HTTPServer_HostName or localhost or the server IP. This helps prevent any possible attempts to manipulate the mapping between an IP address and a DNS host name (FQDN) in WebReports. When SAML is enabled, BigFix does not automatically check the referrer while running WebReports; otherwise, the requests coming from the SAML backend are rejected.
Default value 0 (disabled)
Value range 0 (disabled)

1 (enabled)
Setting type Boolean
Relay, Root server, Web Reports 9.5.15 and later

Top

HTTPS
Name/Description Values Component(s) affected Version(s) applicable References
_WebReports_HTTPServer_UseSSLFlag
If enabled, this setting enforces the use of HTTPS with 443 as the default port number when building the host URL.
Default value 0 (disabled)
Setting type Boolean
Value range 0 (disabled) and 1 (enabled)
Component restart required ? Yes
Web Reports All
_WebReports_HTTPServer_SSLCertificateFilePath
This setting indicates the Web Reports SSL certificate file location.
Default value Empty
Setting type String
Task available ? No
Web Reports All
_WebReports_HTTPServer_SSLPrivateKeyFilePath
This setting indicates the Web Reports SSL private key file location.
Default value Empty
Setting type String
Task available ? No
Web Reports All
_WebReports_HTTPServer_PortNumber
This setting indicates the Web Reports HTTP port.
Value range The value is 443 if _WebReports_HTTPServer_UseSSLFlag is enabled, or 80 otherwise.
Setting type Numeric
Web Reports All
_WebReports_HTTPRedirect_Enabled
This setting indicates whether HTTP redirect is enabled for Web Reports.
Default value 1 (enabled)
Value range 0 (disabled)

1 (enabled)
Setting type Boolean
Component restart required ? Yes
Web Reports All
_WebReports_HTTPRedirect_PortNumber
This setting indicates the HTTP port number for Web Reports.
Default value 80
Setting type Numeric
Web Reports All
_WebReports_HTTPServer_RequireTLS12
This setting enables or disables the use of TLS 1.2.
Default value 0 (disabled)
Value range 0 (disabled)

1 (enabled)
Setting type Boolean
Component restart required ? Yes
Web Reports All
_BESRelay_HTTPServer_UseSSLFlag
Default value 0 (disabled)
Setting type Boolean
Component restart required ? Yes
Relay, Root server All
_BESRelay_HTTPServer_SSLCertificateFilePath
This setting indicates the path to the SSL certificate file.

The .pem file might contain both the certificate and private key for the Relay or Root Server, or only the certificate. The file is not included in Relay Diagnostics for security reasons.
Default value
  • Windows: \\certfile.pem
  • Linux: /var/opt/BESRelay/certfile.pem
Setting type String
Task available ? No
Relay, Root server All
_BESRelay_HTTPServer_SSLPrivateKeyFilePath
This setting indicates the path of the Relay or Root server SSL private key file.
Default value
  • Windows: \\private.key
  • Linux: /var/opt/BESRelay/private.key
Setting type String
Task available ? No
Relay, Root server All
_BESRelay_HTTPServer_RequireTLS12
Default value 0 (disabled)
Setting type Boolean
Component restart required ? Yes
Relay, Root server All

Top

Logging
Name/Description Values Component(s) affected Version(s) applicable References
_BESRelay_HTTPServer_LogFilePath
The path to the log file.
Default value
  • Server
    • <BES Relay Installtion Path>/BESRelay.log (Windows)
    • /var/log/BESRelay.log (Linux)
    Relay
    • <BES Relay Installtion Path>/logfile.txt (Windows)
    • /var/log/BESRelay.log (Linux)
Setting type String
Component restart required ? Yes
Relay, Root server All Get Computer
_BESRelay_HTTPServer_LogFileSizeLimit
This setting is used to control the maximum size, in bytes, of the log file. A maximum of 10 rotated copies of the log file are maintained in addition to the active log file (for example, on Relays, the active log file, logfile.txt and rotated copies, logfile.txt_0, logfile.txt_1, ..., logfile.txt_9 ). The active log file is filled in with logged data until it reaches the specified maximum size. Its content then overwrites the content of the oldest log file. The active log file is then emptied ready to continue to collect new logged data.
For example, if you want your log to rotate across 10 files, each one being at most 100 KB, you must set "LogFileSizeLimit" to 100000.
Default value 52,428,800 (50MB)
Value range 0 - 4,294,967,295
Setting type Numeric (bytes)
Task available ? No
Relay, Root server All
_BESRelay_HTTPServer_LogFileRotationLimit

This setting is used to define the maximum amount of files that the server or the relay should write.
Default value 10
Value range 0 - 4,294,967,295
Setting type Numeric
Task available ? No
Component restart required? Yes
Relay, Root server 9.5.7 and later
_BESRelay_HTTPServer_HttpLogDirectoryPath
If set a connection log will be written to this path. A new log file will be created each day with the days date as the name of the file. Connection logs can get quite big, gigabytes per day, so this setting should be used for only troubleshooting purposes.
Default value Empty
Setting type String (path)
Value range N/A
Task available ? No
Relay, Root server All BigFix Logging Guide
_BESRelay_HTTPServer_HttpLogExpirationDays
Sets the number of days to keep connection logs for. After this many days the older connection logs will be deleted.
Default value 0
Setting type Numeric (days)
Value range 0 - 4,294,967,295
Task available ? No
Relay, Root server All BigFix Logging Guide

Top

Relay diagnostics

You can allow users to access relay diagnostics information by enabling the access to the relay diagnostics page at http://<computer_name>:52311/RelayDiagnostics or http://<computer_name>:52311/rd, where <computer_name> is the address of the workstation where the server or the relay that you want to check is installed. When enabled, the relay diagnostics page shows which settings are enabled and contains information about buffer directory size, site gathering, clients registration and downloads.
Name/Description Values Component(s) affected Version(s) applicable References
_BESRelay_Diagnostics_Enable

Use this setting to enable or disable the relay diagnostics page. If you specify a value in _BESRelay_Diagnostic_Password, the user is requested to enter the specified password to access that page.

After setting the _BESRelay_Diagnostics_Password, the URL to the relay diagnostics page must use the https protocol instead of http, otherwise the browser will show the "403 forbidden" error and the relay diagnostics page will not display.

Starting from V9.5.6, the default value assigned to this setting is 0 (disabled) for fresh installations and when upgrading a version in which this setting was not defined. If you upgrade an version in which a value for this setting was specified, that value is not changed.
Default value 0 (disabled)
Setting type Boolean
Value range 0 (disabled)

1 (enabled)
Component restart required ? No
Relay, Root server

9.2.12 and later

9.5.6 and later
_BESRelay_Diagnostics_Password
Use this setting to specify a password for accessing the relay diagnostics page. This setting is taken into account only if _BESRelay_Diagnostics_Enable=1.

After setting the _BESRelay_Diagnostics_Password, the URL to the relay diagnostics page must use the https protocol instead of http, otherwise the browser will show the "403 forbidden" error and the relay diagnostics page will not display.
Default value None
Setting type String
Component restart required ? Yes
Relay, Root server

9.2.12 and later

9.5.6 and later

 Relay and Server diagnostics
_BESRelay_Diagnostics_MaxLoginAttempts
Use this setting to specify after how many failed attempts the user must be prevented from accessing the relay diagnostic page. When this threshold is reached, the relay diagnostic page is locked for the number on minutes specified in _BESRelay_Diagnostics_LockoutDurationMinutes
Note: For any changes to this value to take effect, restart the BESRelay service.
Default value 5
Setting type Numeric
Value range 0 - 4,294,967,295
Task available ? No
Component restart required ? Yes
Relay, Root server 9.5.10 and later Relay and Server diagnostics
_BESRelay_Diagnostics_LockoutDurationMinutes
Use this setting to specify for how many minutes the relay diagnostic page must remain locked after the maximum number of failed access attempts is reached.
Note: For any changes to this value to take effect, restart the BESRelay service.
Default value 1
Setting type Numeric (minutes)
Task available ? No
Component restart required ? Yes
Relay, Root server 9.5.10 and later Relay and Server diagnostics

Top

User authentication

Name/Description Values Component(s) affected Version(s) applicable References
_BESDataServer_AuthenticationTimeoutMinutes

This setting allows you to specify the duration of the SAML authentication session when logging in to the BigFix Console.

The value for this setting is specified in minutes.

Note: Ensure that you set for this setting a value which is bigger than the values you set for the BigFix Console advanced settings.
Default value 5
Setting type Numeric (minutes)
Value range 0 - 4,294,967,295
Task available ? No
Component restart required ? No
Server components All How to configure BigFix to integrate with SAML 2.0

Top

Web Reports

Name/Description Values Component(s) affected Version(s) applicable References
_WebReports_HTTPServer_HostName

This setting allows you to specify the Web Reports URL to open the Web Reports interface from the BigFix Console.
Default value http://localhost:52311
Setting type String
Component restart required ? Yes, of Web Reports
Web Reports 9.2.5 and later
_WebReports_Properties_Blacklist

This setting allows you to enumerate the set of properties that are blacklisted for Web Reports.

Set the value for this setting from the BigFix Console, by selecting the computer on which the Web Reports component is installed and using the Edit Computer Settings dialog.

Upon start-up, the Web Reports component reads this setting, and while loading properties from the server, it discards any property whose name matches with one of those specified. Use the symbol "|" as a separator.

For example:

_WebReports_Properties_Blacklist=Installed Applications Windows|Services - Windows|OS Type - Windows

means that none of the values associated to these properties will be displayed in Web Reports.

This means also that the specified properties:

- Cannot be selected in the Computer page.

- Cannot be included in a report.

- If any of those were included in a saved report, as soon as the report is opened, the Web Reports component notifies the user that one or more properties specified do not exist, and it does not include them in the report.
Note: Do not specify basic properties, such as the built-in ones, among the blacklisted properties to avoid undesired behaviors.
Default value None (setting not existing)
Setting type String
Component restart required ? Yes, of Web Reports
Web Reports 9.5.9 and later IJ07915: THE WEB REPORTS BLACKLIST FEATURE DOES NOT HIDE PROPERTIES THAT HAVE TRAILING SPACES

Top

Deployment Telemetry

Name/Description Values Component(s) affected Version(s) applicable References
_Enterprise Server_MetricsCollection_Period
This setting indicates the number of days between two data collection and upload intervals. The 0 value means that the metrics collection is disabled.
Default value 7
Setting type Numeric (number of days)
Value range 0 - 60
Task available ? No
Server 9.5.13 and later
_Enterprise Server_MetricsCollection_Schedule

This setting allows you to specify one rule to decide when the task should run. Enter the value in the case-sensitive format <Day><hh:mm> where:

<Day> can be Mon, Tue, Wed, Thu, Fri, Sat, or Sun.

<hh:mm> is in 24 hour clock format.

For example, this value will schedule the collection of metrics every Sunday at 9am: _Enterprise Server_MetricsCollection_Schedule=Sun09:00.
Setting type ASCII (<Day><hh:mm>)
Task available ? No
Server 9.5.13 and later
_Enterprise Server_MetricsCollection_UploadURL
This setting indicates the URL that should point to the deployment metrics server. The default value for this setting is an empty string.
Default value Empty string
Setting type String
Task available ? No
Server 9.5.13 and later
_Enterprise Server_MetricsCollection_UploadTaskCheckPeriod
This setting indicates the time, specified in minutes, that the task will wait before checking if there is new data collected. The default value for this setting is 15.
Default value 15
Setting type Numeric (minutes)
Task available ? No
Server 9.5.13 and later
_Enterprise Server_MetricsCollection_UseRandomInterval
If setting the value to 1, it makes the upload occur anytime in the following 12 hours. Otherwise, it makes the upload occur when there is new data collected. In any case, the upload runs if the last upload occurred before the last run of the collection.

The default value for this setting is 1.
Default value 1
Setting type Numeric
Task available ? No
Server 9.5.13 and later

Top

UI History

Set on the BigFix Server to control the Client UI History.

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_ActionManager_HistoryModeUser

This is the history mode displayed to a normal user of the UI. If this and the "Technician" mode are both set to "none", the Client will not record history information.

Potential history modes:
  • "None": The history option is not enabled, and no action history will be displayed.
  • "UI": The history option is enabled, but the user will only be able to see actions that displayed UI.
  • "NonTrivial": The history option is enabled, but the user will not be able to see some actions that are marked as "trivial" (this includes subscription and settings actions).
  • "All": The history option is enabled, and will display every action that runs on the machine.
Default value UI
Setting type String
Value range None, UI, NonTrivial, All
Platform All
Component restart required ? Yes
Client All
_BESClient_ActionManager_HistoryModeTech

This is the history mode displayed to a "Technician" user of the UI. If this

and the "User" mode are both set to "none", the Client will not record history

information.

Potential history modes:
  • "None": The history option is not enabled, and no action history will be displayed.
  • "UI": The history option is enabled, but the user will only be able to see actions that displayed UI.
  • "NonTrivial": The history option is enabled, but the user will not be able to see some actions that are marked as "trivial" (this includes subscription and settings actions).
  • "All": The history option is enabled, and will display every action that runs on the machine.
Default value All
Setting type String
Value range None, UI, NonTrivial, All
Platform All
Component restart required ? Yes
Client All
_BESClient_ActionManager_HistoryDisplayDaysUser

This setting controls the maximum amount of history information the client will send to the UI, if history is enabled.
Default 30
Type Numeric (days)
Value range 0 - 4,294,967,295
Platform All
Component restart required ? Yes
Client All
_BESClient_ActionManager_HistoryDisplayDaysTech

This setting controls the maximum amount of history information the client will send to the UI when the UI is operating in "Technician" mode, if history is enabled.
Default 30
Type Numeric (days)
Value range 0 - 4,294,967,295
Platform All
Component restart required ? Yes
Client All

Top

Relays in DMZ

Parent relay

Name/Description Values Component(s) affected Version(s) applicable References
_BESRelay_DMZ_ParentEnable
If set it to 1 (enabled), the parent relay can establish a persistent TCP connection.
Default value 0
Setting type Boolean
Value range 0 - 1
Task available ? Yes
Component restart required ? Yes
Relay 9.5.13 and later Relays in DMZ
_BESRelay_DMZ_ChildRelayHosts
Used by the parent relay to know who will be the child relays in DMZ that need to use this new capability. By default, it is an empty string. To set a value, you can specify a comma-separated list of 
<Hostname/IP Address>,
<Hostname/IP Address>
Note: If this value remains empty, even if you have enabled the parent relay, the parent relay will not communicate with any child relays.
Default value None
Setting type String
Task available ? Yes
Component restart required ? Yes
Relay 9.5.13 and later Relays in DMZ
_BESRelay_DMZ_ConnectionKeepAliveSeconds
It defines the time (in seconds) that a ping message will be periodically sent between parent and children to ensure that the socket is still open. By default, it is set to 60 seconds. It can be applied to both child and parent. You must set the same value on the parent and on the child relay.
Default value 60
Setting type Numeric (seconds)
Task available ? No
Component restart required ? No
Relay 9.5.13 and later Relays in DMZ
_BESRelay_DMZ_OpenChildIntervalSeconds
It defines the period that the parent relay will wait before attempting a DMZ connection to the child. By default it is set to 60 seconds.
Default value 60
Setting type Numeric (seconds)
Task available ? No
Component restart required ? No
Relay 9.5.13 and later Relays in DMZ
_BESRelay_DMZ_CleanupSeconds
It defines the period of the task that will periodically release the resources allocated to the DMZ connection. By default, it is set to 60 seconds. It can be applied to both child and parent.
Default value 60
Setting type Numeric (seconds)
Task available ? No
Component restart required ? No
Relay 9.5.13 and later Relays in DMZ

Child relay

Name/Description Values Component(s) affected Version(s) applicable References
_BESRelay_DMZ_ChildEnable
If set it to 1 (enabled), the child relay can establish a persistent TCP connection.
Default value 0
Setting type Boolean
Value range 0 - 1
Task available ? Yes
Component restart required ? Yes
Relay 9.5.13 and later Relays in DMZ
_BESRelay_DMZ_ParentRelayIPs
Optionally used by the child DMZ relay to filter the parent relays allowed to start a DMZ communication with the child. By default, it is an empty string. To set a value, a comma separated list of IP addresses can be specified to define which parent relays are allowed to communicate with the DMZ relay.
Default value None
Setting type String
Task available ? No
Component restart required ? No
Relay 9.5.13 and later Relays in DMZ
_BESRelay_DMZ_ConnectionKeepAliveSeconds
It defines the time (in seconds) that a ping message will be periodically sent between parent and children to ensure that the socket is still open. By default, it is set to 60 seconds. It can be applied to both child and parent. You must set the same value on the parent and on the child relay.
Default value 60
Setting type Numeric (seconds)
Task available ? No
Component restart required ? No
Relay 9.5.13 and later Relays in DMZ
_BESRelay_DMZ_CleanupSeconds
It defines the period of the task that will periodically release the resources allocated to the DMZ connection. By default, it is set to 60 seconds. It can be applied to both child and parent.
Default value 60
Setting type Numeric (seconds)
Task available ? No
Component restart required ? No
Relay 9.5.13 and later Relays in DMZ

Peer to peer mode

Name/Description Values Component(s) affected Version(s) applicable References
_BESClient_PeerNest_Enabled
If set it to 1 (enabled), the setting enables the peer to peer mode. The client will try to download files from peers before fallbacking to the relay.
Note: When enabling this setting on a BigFix server or relay, the setting will be ignored and its value will be set to false.
Default value 0
Setting type Boolean
Value range 0 - 1
Component restart required ? Yes
Client 9.5.11 and later Working with PeerNest
_BESClient_PeerNest_IsPassive
If set it to 1 (enabled), the client will only download from the other peers. It will not share content with the other peers.
Default value 0
Setting type Boolean
Value range 0 - 1
Component restart required ? Yes
Client 9.5.11 and later Working with PeerNest
_BESClient_PeerNest_Priority
It defines the priority used by the peers in the same subnet to download from the relay. You can specify a value range between 1 and 1000. The client having the higher priority in the subnet will likely be the client to download files from the relay. The same priority defines also the client that will share content with the other peers.
Default value 100
Setting type Numeric
Component restart required ? No
Client 9.5.11 and later Working with PeerNest
_BESClient_PeerNest_ResponseTimeoutSeconds
It defines the time (in seconds) that the client waits for answers to the request it delivers in broadcast to the peers, for example a request for the availability of a file. The default value is 30 seconds but you can increase it in case of a complex networks with many clients. You can specify a value range between 5 and 300 seconds.
Default value 30
Setting type Numeric (seconds)
Component restart required ? No
Client 9.5.11 and later Working with PeerNest
_BESClient_PeerNest_MaxActiveFileDownloads
It defines the maximum number of allowed simultaneous download operations from the other peers.
Default value 5
Setting type Numeric
Component restart required ? No
Client 9.5.11 and later Working with PeerNest
_BESClient_PeerNest_DownloadsCacheLimitMB
It defines the maximum amount of disk used by the directory containing the files available for the other peers. The default value is 2048 MB.
Default value 2,048
Setting type Numeric (MB)
Value range 0 - 4,294,967,295
Component restart required ? No
Client 9.5.11 and later Working with PeerNest
_BESClient_PeerNest_MinimumDiskFreeMB
This setting stops the caching of files available for the other peers if the free space of the disk on which the client stores the files is less than the value of this setting.
Default value 20
Setting type Numeric (MB)
Value range 0 - 4,294,967,295
Component restart required ? No
Client 9.5.11 and later Working with PeerNest
_BESClient_PeerNest_MinimumCacheDays
Any file older than the value specified for _BESClient_PeerNest_MinimumCacheDays might be removed to make space for new files, driven by the used bytes limit and the free space limit.
Default value 0
Setting type Numeric (days)
Component restart required ? No
Client 9.5.11 and later Working with PeerNest
_BESClient_PeerNest_MaximumCacheDays
Any file older than the value specified for _BESClient_PeerNest_MaximumCacheDays is removed even if space is not needed.
Default value 20
Setting type Numeric (days)
Component restart required ? No
Client 9.5.11 and later Working with PeerNest
_BESClient_PeerNest_DebugOutPath
Enables the following log mechanism. The PeerNest log is written to a dedicated file in the specified directory. Enable the setting as follows: _BESClient_PeerNest_DebugOutPath=<full path of the PeerNest log file>
Note: The full path has to point to a file in an existing folder; the file will be created by the client if not already existing.
Default value None
Setting type String
Component restart required ? No
Client 9.5.11 and later Working with PeerNest

Miscellaneous

Name/Description Values Component(s) affected Version(s) applicable References
EnableLockHints

A new server setting available on Windows under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix\Enterprise Server\Database

If set to 1, it enables the BES Server to use lock hints in its internal queries to the SQL Server.

This setting helps if the Server is involved in deadlocks, but it might cause a small performance decrease.
Default value 0
Setting type Boolean
Value range 0 - 1
Task available ? No
Component restart required ? Yes
Server 9.5.11 and later
_BESServer_Database_Password
Configure to set the password while updating the database. Enclose the password text within double quotation marks.
Default value None
Setting type String
Component restart required ? Yes
Server All
_BESClient_Cryptography_FipsMode
Starting from 9.5.6, each BigFix component initializes OpenSSL in FIPS Mode based on the existence of the client setting _BESClient_Cryptography_FipsMode, and the client masthead.
Note: The client setting _BESClient_Cryptography_FipsMode overrides the FIPS setting specified in the masthead for the BES Client and the Web Reports components. When setting the value to none, the BES Client and the Web Reports components will not use the FIPS libraries. When setting the value to required, they will use the FIPS libraries.
Default value 0
Setting type Boolean
Value range 0 - 1
Task available ? No
Component restart required ? Yes
All All Configuring FIPS 140-2 on the BigFix Server
_BESClient_LicenseType_productname
When you categorize the clients, you assign to the clients non-default metrics for each selected product, from the licensed ones by setting this configuration parameter.
Default value None
Setting type String
Component restart required ? No
Client All Categorizing the clients
_BESClient_Comm_ForceNotActionsiteEvaluation
Keeps evaluating custom and external sites when a new actionsite version is received. By default, when a new version of actionsite, mailbox site or operator site is received, the BigFix client limits the evaluation to these three site types so to send quickly a report. If the BigFix client is subscribed to many operational sites, and the content of the actionsite and of the operational sites changes frequently, the evaluation of the custom and external sites might take a long time to complete. Use caution when enabling this setting because the report could be delayed.
Default value 0 (False)
Setting type Boolean
Value range 0 (False) Disables custom and external sites evaluation - 1 (True) Enables custom and external sites evaluation
Task available ? No
Component restart required ? No
Client 9.5.14 and later

Top