Update Remediation of Windows Clients With Ibm Bigfix Patch: Lab Exercises

®
Lab Exercises
Update Remediation of Windows Clients
with IBM BigFix Patch
Course code LBL0020X (SEC9702)
IBM Training
January 2017 edition
NOTICES
This information was developed for products and services offered in the USA.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM
representative for information on the products and services currently available in your area. Any reference to an IBM product, program,
or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent
product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this
document does not grant you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
United States of America
The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local
law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF
ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of
express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein;
these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s)
and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an
endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those
websites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other
publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other
claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those
products.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible,
the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to
the names and addresses used by an actual business enterprise is entirely coincidental.
TRADEMARKS
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems
Incorporated in the United States, and/or other countries.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used
under license therefrom.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and
Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
IT Infrastructure Library is a Registered Trade Mark of AXELOS Limited.
ITIL is a Registered Trade Mark of AXELOS Limited.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and
other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries,
or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
© Copyright International Business Machines Corporation 2017.

This document may not be reproduced in whole or in part without the prior written permission of IBM.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Exercise 1 Starting the environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Exercise 2 Explore the Patch Management domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Exercise 3 Applying a Windows patch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Exercise 4 Using the Microsoft Rollback Task wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Exercise 5 Configuring patch constraints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Exercise 6 Creating patch offers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Exercise 7 Creating baselines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
© Copyright IBM Corp. 2017 iii

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Introduction
IBM® BigFix® Patch is a comprehensive solution for delivering Microsoft, UNIX, Linux, Mac, and
select vendor application patches through a single console. Built on the IBM BigFix platform, you
get unified, near real-time visibility and enforcement to deploy and manage patches to all
distributed endpoints. You can use the patch management solution by itself, but it is also included
with other IBM BigFix solutions such as IBM BigFix Lifecycle.
In these exercises, you learn how to use IBM BigFix Patch to apply patches to Windows based
systems across the enterprise through practical, end-to-end, hands-on experience. The exercises
in this lab session demonstrate how to leverage the BigFix Patch offering on Windows clients.
© Copyright IBM Corp. 2017 1

V7.0
Exercises
Exercise 1 Starting the environment
Uempty
Exercises
In these exercises, you use the IBM BigFix Patch content to assess the number and types of
patches that are required in the enterprise. You apply a Windows security patch and then roll back
that patch. You also learn how to create patch constraints and offers.
Exercise 1 Starting the environment

In this exercise, you start the required virtual machines and open the IBM BigFix console.
1. Verify that the following virtual machines are started:
– msadserver
– bfxserver
– bfxclient1
– bfxclient2
2. Switch to the bfxserver virtual machine, and log in to the server as IBMEMM\Administrator
with a password of P@ssw0rd.
3. Double-click the IBM BigFix Console icon on the desktop.
4. Ensure that the user name is set to bfxadmin and enter the password P@ssw0rd. Click Login to
log in to the console.
Exercise 2 Explore the Patch Management

domain
In this exercise, you review the content in the Patch Management domain.
1. In the lower-left section of the console, click the Patch Management domain.
The Patch Overview dashboard is displayed.
2. In the Patch Overview dashboard, review the various statistics in the panel All Patches at a
Glance.

V7.0
Exercises
Exercise 2 Explore the Patch Management domain
Uempty
3. Position your cursor over the critical patches section of the bar graph for each site in the
Overview of Critical Patches vs Other Patches by Site panel. Determine the number of critical
patches that are outstanding for each site that is displayed.
Note: The information that is displayed in the Patch Overview dashboard varies, depending on
the latest released patches. Because the lab environment is isolated from the Internet, the Patch
Overview dashboard might not show any recent patch content.
4. Review the information in the other panels of the Patch Overview dashboard.
5. In the Patch Management navigation view, expand the OS Vendors node.
6. Review the list of vendors and the relevant Fixlet counts shown in parenthesis by each.
7. In the Patch Management navigation view, expand the Application Vendors node.
8. Review the list of vendors and the relevant Fixlet counts of these.
Note: Enabling additional patch sites in a live environment can and will impact the lists shown and
counts shown. An installation in your environment may appear slightly different due to the dynamic
nature of the product. In fact, BigFix Patch supports many additional operating systems that were
not enabled for these labs and thus, are not present in the list.
9. Expand the All Patch Management > Dashboards node and select the Patches for Windows
Overview node.
The Patches for Windows Overview dashboard is displayed.

V7.0
Exercises
Exercise 2 Explore the Patch Management domain
Uempty
10. On the Patches for Windows Overview tab of the dashboard, review the information.
Note: The Patches for Windows Overview tab shows the number and types of Microsoft
patches that are required in the environment, which includes both security and non-security
patches.
11. In the Patches for Windows Overview dashboard, click the Security Patches Overview tab
and review the information.
Note: The Security Patches Overview tab shows detailed information about the Microsoft
security patches that are required in the environment. The required security patches are listed by
severity.
12. In the Patches for Windows Overview dashboard, click the Non-Security Patch Overview tab
and review the information.
This completes the domain exploration exercise.
Note: The Non-Security Patch Overview tab shows detailed information about the Microsoft
non-security patches that are required in the environment. Various graphs report the information
based on category, product family, and operating system.

V7.0
Exercises
Exercise 3 Applying a Windows patch
Uempty
Several methods and paths are available for locating and applying a required patch. In this
exercise, you locate and apply a Windows update, whose Knowledge Base number (KB3170455 )
you identified on the Microsoft support site while trying to solve a client problem.
1. In the Patch Management navigation view, expand the nodes OS Vendors > Microsoft
Windows and select the node Microsoft OS and Application Patches.
The available patches are displayed in the list view.
2. Reduce the number of items in the list by verifying that the Show Non-Relevant Content
button at the top of the IBM BigFix console is disabled.
Note: When the Show Non-Relevant Content button is enabled, the button will appear recessed
and all content that is available for the selected node is shown, even if that content is not relevant
to the computers in your environment. Clicking the button to disable it will make it appear flat and
only relevant content will be shown in the list. The following screen captures demonstrate the two
button states.
Enabled appears like this.
Disabled appears like this.
3. In the live search field in the upper-right corner, enter KB3170455 to show only patches that
contain the string for the desired Microsoft Windows knowledge base article in the name or
description.
The list of relevant Fixlets is filtered to show only two with nearly identical names.
4. From the list, select the update that is only applicable to the Windows 7 client named
bfxclient1.
Hint: If you scroll right, you will see that it is applicable to only 1 computer. Selecting the Fixlet,
then selecting the Applicable Computers tab in the work area below will show only bfxclient1.
5. Click the Description tab and review the information about the selected patch.

V7.0
Exercises
Uempty
Hint: Note that the Knowledge Base number that is associated with this patch is KB3170455. You
use this number to uninstall the patch in a later exercise.
6. Click Take Action and select Click here to initiate the deployment process.
The Take Action window opens.
7. Click the Target tab, select bfxclient1 from the list of available targets, and click OK.
The Action panel opens.
Hint: If bfxclient1 is not in the list of available targets, verify that you have selected the correct
Fixlet based on the ID in the Properties section of the Details tab.
8. Monitor the status of the action. Wait until the status is Pending Restart before continuing,
which may take up to 5 minutes. You can periodically click Refresh Console at the top of the
console to update the console view.
When taking action on a Fixlet, you can specify that clients automatically reboot. For the sake of
demonstrating the steps initially, you will need to restart the client manually.
9. Switch to the bfxclient1 virtual machine.

V7.0
Exercises
Uempty
10. Select the red arrow in the lower right corner next to the power icon, and select Restart from
the menu.
Observe that Windows indicates it is installing updates and wait until the client has restarted
before proceeding.
11. Log in to the workstation as IBMEMM\tivuser with a password of P@ssw0rd.
12. Click the Windows Start menu and select Control Panel.
The Control Panel window opens.
13. In the Control Panel window, click Programs and Features, then select View installed
updates.
The Control Panel window updates to show a list of installed updates.
14. Using the KB number KB3170455 identified previously, verify that the update you installed is
listed under the Microsoft Windows list.
15. Close the Control Panel window.
16. Switch to the bfxserver virtual machine and return to the console.

V7.0
Exercises
Exercise 4 Using the Microsoft Rollback Task wizard
Uempty
17. Monitor the status of the action. It may already have changed to Fixed. If not, allow a few
moments for it to update to Fixed before continuing.
This completes the patch deployment exercise.
Exercise 4 Using the Microsoft Rollback Task

wizard
You can use the Microsoft Rollback Task wizard to uninstall Windows patches from managed
endpoints. This may be the case where an update is unexpectedly causing conflicts with another
application of feature on a client. In this exercise, you will use the wizard to remove the patch that
you applied in Exercise 3, “Applying a Windows patch,” on page 5.
1. In the Patch Management navigation view, expand All Patch Management > Wizards. Select
Microsoft Rollback Task Wizard.
The Microsoft Rollback Task wizard is displayed.
2. In the Specify Knowledge Base Number field, enter KB3170455 and select Windows 7 x64
for the applicable operating system.

V7.0
Exercises
Exercise 4 Using the Microsoft Rollback Task wizard
Uempty
Hint: When entering the Knowledge Base number, make sure to include KB before the number.
For example, KB3170455 where 3170455 is the knowledge base number.
3. Click Finish.
The Create Task window opens.
4. Click OK to create the rollback task.

The rollback task is displayed.
5. Click the Applicable Computers tab. Wait for bfxclient1 to show in the Applicable
Computers list before continuing to the next step. It might take up to 5 minutes for the client to
evaluate the task and show as relevant. You can periodically click Refresh Console at the top
of the IBM BigFix console to update the console.
6. Click Take Action.

7. Click the Post-Action tab.

a. Select Restart computer after action completes.
b. For the Set deadline value, select 1 minute to reduce the wait time for the restart.

V7.0
Exercises
Exercise 5 Configuring patch constraints
Uempty
9. Monitor the status of the action, noting that the restart will be performed automatically this time.
Wait until the status is Completed before continuing. You can periodically click Refresh
Console at the top of the IBM BigFix console to update the console view or watch the
bfxclient1 as it performs the automated tasks.
10. Switch to the bfxclient1 virtual machine.
11. Log in to the workstation as IBMEMM\tivuser with a password of P@ssw0rd.
12. Click the Windows Start menu and select Control Panel.
The Control Panel window opens.
13. Click Programs and Features > View installed updates.

The Control Panel window updates to show a list of installed updates.
14. Verify that the patch for the previously applied knowledge base number KB3170455 is no
longer shown under the Microsoft Windows list and thus, has been removed from the system.
15. Close the Control Panel window.
This completed the patch rollback exercise.

You can use Take Action parameters to control how and when a patch is installed. For example,
you can use time constraints to patch Windows servers during a preset maintenance window.
In this exercise, you define various constraints for the deployment of patches that you save to reuse
in the future, then use those constraints in the immediate action.
1. In the Patch Management navigation view, expand the OS Vendors > Microsoft Windows >
Microsoft OS and Application Patches > Critical Updates nodes.
The available patches are displayed in the list view.
2. In the live search field, enter KB3138612 to list patches with the string KB3138612 in the name
or description.
The list is filtered and shows the relevant Fixlets that include the search string.
3. In the list view, select the Fixlet that contains the string Windows 7 SP1 in the name. Optionally
you may select each, then verify that bfxclient1 is listed in the Work area’s Applicable
Computers tab.
4. Click the Details tab. In the Properties section, verify that the ID of the selected Fixlet is
313861203.

V7.0
Exercises
Uempty
5. Click Take Action and select the option, Click here to initiate the deployment process.
6. Click the Execution tab to perform the following configuration of the Execution settings for an
off hours window to reduce the business impact of the patch installation:
a. Clear the Ends on option.
b. Select Run between and specify the times as 1:00:00 AM and 4:00:00 AM.
c. Select Run only on and ensure only Fri and Sat are enabled. Clear any other days of the
week that are defaulted.
d. Select Start client downloads before constraints are satisfied.
7. Click the Users tab.

a. Verify that the Run independently of user presence, and display the user interface to
the selected user and All users options are already selected.
8. Click the Messages tab and perform the following steps to notify the user through the Message
settings of the criticality of the update:
a. Select the Display message before running action option. In the Description field, enter
Required patch must be installed in the next 10 minutes.
b. Set the deadline to 10 minutes. For the At deadline option, select Run action
automatically.

V7.0
Exercises
Uempty
c. Select the Display message while running action option. In the Description field, enter
Required patch is being installed.
9. Click the Post Action tab and define the Post Action settings while considering that a user
may be working late on the system and an immediate restart would be disruptive:
a. Select Restart computer after action completes.
b. Select Allow user to cancel restart.
c. Set the deadline to 15 minutes.

In the real world scenario described for this step, it may be practical to allow a deadline of
12 hours or more, depending on the criticality.

V7.0
Exercises
Uempty
d. For the At deadline option, select Restart automatically.
10. Optionally, review the other tabs, but do not make any additional changes.
11. In the upper-right section of the Take Action window, leaving the domain set to Patch
Management, click Save Preset
The Save Action Preset window opens.
12. For the New Preset Name, enter Maintenance Window and select Make this preset available
to all operators.
13. Click Save.
Note: You can use this saved preset of the Take Action parameters for other Fixlets and tasks in
the future that should be applied during the same maintenance window.
14. Click the Target tab.
15. Ensure the Select devices option is set and select the bfxclient1 computer.

V7.0
Exercises
Exercise 6 Creating patch offers
Uempty
16. Click OK to initiate the action.
17. Monitor the status of the action. Wait until the status is Waiting before continuing. You can
periodically click Refresh Console at the top of the IBM BigFix console to update the console
view.
Note: The action remains in Waiting status and does not start until all of the constraint conditions
are met. As the maintenance window was defined between 1 AM and 4 AM of Friday and
Saturday, you will likely find that due to the date time of your virtual machines, this will NOT be
running anytime soon.
This completes the patch constraints exercise.

While the many Action options can be applied to any supported OS, you will again leverage
Windows as it is most familiar to users and this exercise demonstrating more configuration options.
You can make the installation of certain updates or configuration changes, optional to users by
configuring them as offers.
In this exercise, you create an offer for users to update Mozilla Firefox. As this is a user application
and not a system component, consideration should be given to users who may be working with the
application at the time this update is distributed. Thus, you create it as an offer, but do so in a way
that ensures it will get applied within 48 hours.
1. In the Patch Management navigation view, expand the Application Vendors > Recent
Content nodes.
The most recent content gathered by the server for Patch Management is displayed in the list
view.
2. In the live search field, enter firefox to show only the patches that contain the string Firefox
in the name or description. Case is not important.
3. In the patches list view, select the Fixlet named Mozilla Firefox 51.0.1 Available.
The details for the selected patch are displayed in the work area at the bottom of the console.
Observe that it is applicable to at least 2 of the Windows systems, in your environment.
4. Click Take Action. Select Click here to upgrade Firefox regardless of whether or not
Firefox is currently running. Observe this is not the default action.

V7.0
Exercises
Uempty
5. Click the Execution tab.
a. Ensure the Ends on and default date and time are selected. Using the defaults, this
should provide an expiration date of midnight, 2 days from the time the action was taken.
6. Click the Messages tab. Perform the following steps to set the Message settings:
a. Select the Display message before running action option. In the Description field, enter
A Firefox update is required within 48 hours. Note that a reboot will be
performed after the upgrade.
b. Select Allow user to cancel action, as some of your development team may not want to
install it at this time.
c. Set the Deadline to 4hours.
d. For the At deadline option, select Keep message topmost until user accepts action.
e. Select the Display message while running action option. In the Description field, enter
You may experience performance issues while installing.
7. Click the Offer tab.

a. Select the Make this action an offer option.
b. In the Category field, enter Optional Updates.
8. Click the Post Action tab. Perform the following steps to set the Post Action settings:
a. Select the Restart computer after action completes option.
b. Select the Allow user to cancel restart option as it may not be convenient for the user to
do so at the time.
Canceling the restart is only applicable for that moment. The system will still mandate a
restart at some time soon after.
c. Set the deadline to 1hour.
d. For the At deadline option, select Keep user interface topmost until user accepts
restart.
9. Optionally, review the other tabs. Do not change any other settings.
10. Click the Target tab and select the Dynamically target by property.
11. You need to target all Windows domain computers to ensure security compliance across the
enterprise, so expand the nodes All Computers > Active Directory > edu.
Note: The demonstrates that you could control distribution of patches using Active Directory
options to prevent distribution to some server groups or even systems belonging to a security
evaluation team. The dynamic property options is a very powerful feature.

V7.0
Exercises
Uempty
12. Click OK to initiate the action.
Monitor the status of the action. Wait until the status is Pending Offer Acceptance before
continuing. Applicable systems, including the bfxserver you are on, will receive this update!
13. Observe the appearance of the BigFix icon in the task bar with the hover text of Click to open
IBM BigFix Support Center and click it.
The IBM BigFix Support Center will open.
14. You do NOT want to install this to the server as this system is would be disruptive to your labs.
Simply close the window at this time.
15. Switch to the bfxclient1 virtual machine. If you are logged off, log on as IBMEMM\tivuser with
the password of P@ssw0rd.
16. Click the IBM BigFix client user interface icon in the task bar.
The IBM BigFix Support Center window opens and shows the Offers tab.
17. Select the offer, Mozilla Firefox 51.0.1 Available, then click Accept.
The IBM BigFix Support Center window clears the offers list indicating There are no offers to
show at this time.

V7.0
Exercises
Uempty
In a moment or two, the IBM BigFix Action Requests window opens.
Note: It may take several minutes for the files associated with the offer to be downloaded from the
server to the client, and then for the IBM BigFix Action Requests window to open. This is a
real-time process and will vary.
18. As there is not a list of offers at this time, simply click Take All Actions to install the update.
The Progress tab in the IBM BigFix Support Center is displayed to monitor the status changes.
The custom messages that were defined when the action was initiated on the servers are
shown on the desktop as the action is run.
When the action completes, the IBM BigFix Action Request window is again displayed, but this
time shows the restart action.
19. In the Action Requests window, click Take All Actions to perform the restart.
The Confirmation Required window opens.
20. Click Restart Now.

Wait until the bfxclient1 virtual machine completes the restart before continuing.
22. Monitor the status of the Action.

Observe that you are only changing the status of the single machine that you accepted the offer
for. The status should show Pending Restart and will change to Fixed before continuing. You
can periodically click Refresh Console at the top of the IBM BigFix console to see the status
changes.
This completes the patch offer exercise.

V7.0
Exercises
Exercise 7 Creating baselines
Uempty
A baseline is a collection of Fixlets and tasks that you want to apply with a single action. They
provide a reusable common base for all targeted computers. You can use baselines to group
patches and push the patches to the target computers in one action. This is helpful for newly
installed systems or even establishing monthly security roll-ups for your enterprise.
Within a baseline, you can specify the Fixlet order so that patches are applied in the correct
sequence. If one or more of the patches requires a restart, you may be able to set a baseline action
to restart after all patches are installed, though this trick is dependent on the patch prerequisites.
It is suggested that you use custom sites to distribute baseline content to better track your
enterprise work as well as for moving between test and production environments.
In this exercise, you create a custom site to organize your baselines, then create a baseline within
that site for applying Windows patches.
Note: Creating a baseline as a master operator can affect system performance. In a production
environment, it is suggested that you create baselines as a non master operator. The impact to
this lab environment is minimal. Therefore, for simplicity, you use the bfxadmin account that has
been granted master operator rights.
1. From the IBM BigFix console menu, click Tools > Create Custom Site.
The Create Custom Site panel is displayed.
2. In the Name field, enter Windows Workstation Baselines. Click OK.

The Custom Site: Windows Baselines panel is displayed.
3. Click the Computer Subscriptions tab and select the Computers which match the
condition below option. Set the options to OS contains Win7.
4. Click Save Changes.
5. From the IBM BigFix Console menu, select Tools > Create New Baseline.
The Create Baseline window opens.

V7.0
Exercises
Uempty
6. Set the basic parameters for the custom baseline as follows:
a. In the Name field, enter Win7 2017 Rollup.
b. For the Create in site field, select Windows Workstation Baselines.
c. In the Description field, enter Last Updated <today>, replacing <today> with the current
date in mmm yyyy format.
7. Click the Components tab.
8. Next to Component Group 1, click the edit name link.
9. For the Group Name, enter Patches for Windows. Click Save Group Name.
10. Under Patches for Windows, click the add components to group link.
The Add Baseline Components window opens.
11. In the Add Baseline Components window, expand the nodes All Relevant Fixlet Messages >
By Site > Patches for Windows.
12. In the Fixlet list, scroll to the right, then click the column header Source Release Date, to sort
the list of relevant Fixlets and tasks by date, ensuring all 2017 Fixlets are at the top.
13. Select all of the 2017 Fixlets for clarity, then scroll to the left so the Name column is visible.

V7.0
Exercises
Uempty
14. Hold the CTRL key to keep the list but de-select the Fixlets that do not show Windows 7, and
click OK.
The Components tab of the new baseline shows the selected updates.
15. Verify that Action1 (Default) is selected for all of the components that you added.
16. Click OK to create the baseline.

The Latest Windows Patches baseline is displayed in the Baseline panel.
17. Click the Applicable Computers tab. Wait for bfxclient1 to become relevant and appear in the
Applicable Computers list. It might take several minutes for the multiple relevance statements to
evaluate. You can periodically click Refresh Console at the top of the console to update the
view.

V7.0
Exercises
Uempty
Hint: If bfxclient1 never shows in the Applicable Computers tab, verify that the computer
subscriptions for the custom site that you created in Step 3 on page 18 were assigned correctly.
This is a common mistake for new BigFix users.
18. Click Take Action to deploy the baseline.

The Take Multiple Actions window opens.
19. In the Take Multiple Actions window, click the Execution tab.
a. Verify that the Behavior setting Run all member actions of action group regardless of
errors is selected.
This will ensure that everything that can be applied, will be applied to secure your
environment as best as possible. An experienced Windows administrator should review
erroneous or failed results to resolve problematic nodes or rework deployment plans.
20. Click the Post Action tab.

a. Select the Restart computer after action completes option.
b. Configure the Set deadline option to 1 minute to ensure a quick response.
The Action panel is displayed.
22. Monitor the status of the baseline action, waiting until the status of the action changes to
Complete before continuing. This might take several minutes as you are deploying multiple
updates.
This completes the baseline creation exercise and the Update Remediation of Windows Clients
with IBM BigFix Patch lab.

V7.0
Uempty
IBM Training
© Copyright IBM Corporation 201. All Rights Reserved.

Update Remediation of Windows Clients With Ibm Bigfix Patch: Lab Exercises

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Update Remediation of Windows Clients With Ibm Bigfix Patch: Lab Exercises

Uploaded by

Copyright:

Available Formats

®

© Copyright International Business Machines Corporation 2017.

© Copyright IBM Corp. 2017 iii

© Copyright IBM Corp. 2017 1

Exercise 1 Starting the environment

3. Double-click the IBM BigFix Console icon on the desktop.

Exercise 2 Explore the Patch Management

© Copyright IBM Corp. 2017 2

5. In the Patch Management navigation view, expand the OS Vendors node.

© Copyright IBM Corp. 2017 3

© Copyright IBM Corp. 2017 4

Enabled appears like this.

Disabled appears like this.

© Copyright IBM Corp. 2017 5

9. Switch to the bfxclient1 virtual machine.

© Copyright IBM Corp. 2017 6

11. Log in to the workstation as IBMEMM\tivuser with a password of P@ssw0rd.

15. Close the Control Panel window.

© Copyright IBM Corp. 2017 7

Exercise 4 Using the Microsoft Rollback Task

© Copyright IBM Corp. 2017 8

4. Click OK to create the rollback task.

6. Click Take Action.

7. Click the Post-Action tab.

© Copyright IBM Corp. 2017 9

10. Switch to the bfxclient1 virtual machine.

11. Log in to the workstation as IBMEMM\tivuser with a password of P@ssw0rd.

13. Click Programs and Features > View installed updates.

15. Close the Control Panel window.

Exercise 5 Configuring patch constraints

© Copyright IBM Corp. 2017 10

d. Select Start client downloads before constraints are satisfied.

7. Click the Users tab.

© Copyright IBM Corp. 2017 11

b. Select Allow user to cancel restart.

c. Set the deadline to 15 minutes.

© Copyright IBM Corp. 2017 12

13. Click Save.

14. Click the Target tab.

© Copyright IBM Corp. 2017 13

This completes the patch constraints exercise.

Exercise 6 Creating patch offers

© Copyright IBM Corp. 2017 14

c. Set the Deadline to 4hours.

7. Click the Offer tab.

b. In the Category field, enter Optional Updates.

c. Set the deadline to 1hour.

© Copyright IBM Corp. 2017 15

The IBM BigFix Support Center will open.

© Copyright IBM Corp. 2017 16

20. Click Restart Now.

22. Monitor the status of the Action.

© Copyright IBM Corp. 2017 17

2. In the Name field, enter Windows Workstation Baselines. Click OK.

4. Click Save Changes.

© Copyright IBM Corp. 2017 18

b. For the Create in site field, select Windows Workstation Baselines.

7. Click the Components tab.

8. Next to Component Group 1, click the edit name link.

© Copyright IBM Corp. 2017 19

16. Click OK to create the baseline.

© Copyright IBM Corp. 2017 20

18. Click Take Action to deploy the baseline.

© Copyright IBM Corporation 201. All Rights Reserved.