Skip to main content

Posts

Showing posts from July, 2013

How to prevent tampering or screwing with TEM (BigFix) Agents

In a typical Tivoli Endpoint Manager (TEM or aka BigFix) deployment, end users shouldn't be having the administrative rights else they may just uninstall the TEM agent or stop the TEM agent.


TEM Clients listen for UDP commands which have been sent to them by their parent Relay or Server.  Many times UDP commands may not reach the TEM Client, as when UDP has been blocked by a firewall or there is a significant amount of network traffic. For such cases the TEM Client has been configured to poll its parent Relay or Server and check if there is any command for it.

If the TEM agent service is stopped, the machine will be grayed out in the TEM console after the default client poll time ( typically it is every 4 hours ) ... For a secure endpoint management we need to prevent user from disabling TEM (BigFix) agent.

On Windows, we can prevent the TEM Client service from being stopped or disabled.
We can also configure the service to automatically restart incase it is killed/stopped.

DENY …