Preparing your Device with BigFix
BigFix, Stanford University's computer and security management tool, must be installed on all laptops and desktops used by individuals in the School of Medicine who may access High Risk data (previously Restricted or Prohibited data) —including both Stanford-owned and personally-owned computers. If you use a Stanford-owned or personally-owned device to access the hospitals' EPIC systems, it is subject to the University Data Security policy and must have the required security suite. BigFix, however, should not be installed on computers owned by SHC or LPCH.
Install BigFix on your Mac
Your system needs to meet or exceed these specifications
- Mac OS X 10.9 and above
- RAM: 128 MB
- Free Hard Disk Space: 40 MB
Macs that do not meet the specifications to install BigFix or encryption software cannot be used for Stanford work and will need to be replaced. We understand there are special cases (eg. a specific computer is required to run lab equipment etc). Please contact IRT to work through exception or replacement options by using this form.
You can easily verify whether BigFix is installed on your computer by looking for the BigFix icon. On Mac, the icon will appear in the top nav bar (which will first appear an hour or two after the initial installation of BigFix).
There may be times when the BigFix icon may not appear on your computer though the software is installed. In these cases you can also verify installation by looking in your computer's Applications folder.
For MACS
On your hard drive, navigate to Applications > Utilities > Activity Monitor.
Be sure that All Processes is selected at the top of the window, sort by "Process Name", and look for the BESAgent (BigFix Enterprise Suite agent) in the list of processes.
If you don't see the BESAgent listed, please install BigFix. You can get assistance by contacting IRT Help at 725-8000.
1. Download the Big Fix installer from the Mac tab on the BigFix Guide.
2. Open the Bigfix_90586_SOM.dmg file and you will be given the option of AgentUninstaller and BigFix_Mac.pkg
3. Select "AgentUninstaller" and click to "Open"
4. You will be prompted to verify that you wantto uninstall BigFIx. Click "Ok" to begin the uninstallation process.
5. You wil see a dialogue box stating that the uninstlaler files wants to make changes. Enter your admin password and click "Ok"
6. When the process completes, restart the computer.
-
Double-click the BigFix_Mac.pkg icon in the disk image window. (If you downloaded the the installer using a browser other than Safari, double-click the downloaded .dmg file to open the disk image window.)
-
When the Welcome screen appears, click Continue.
-
Select your hard drive as the destination volume and then click Continue.
-
Click Install (or Upgrade if a previous version of BigFix is already installed).
-
When prompted, enter your administrator account information for the computer and click OK.
-
If a previous version of BigFix is installed, you will be prompted to remove it. Click OK to remove the older software and continue with the current installation.
-
Select the Group ("Medical School") and Sub-Group for your computer location and then click OK. (If no appropriate Sub-Group is listed, select None.)
Note: The Group and Sub-Group selections determine which BigFix administrators will have the responsibility for distributing operating system patches to the computer. Please ensure that the Group and Sub-Group information be correct.
Note: If your network is not available, you will see the following alert instead of the Select Group and Sub-Group window. Click OK and try downloading and running the BigFix installer again.
-
Enter an email address and then click Yes, Notify Me if you would like to be notified of any changes to the BigFix service at Stanford. An example of a notification topic could be the addition of newly retrieved properties (that is, basic inventory information collected about your computer).
note: Subscribing to the email notification list is optional. If you do not want to receive notifications, do not enter your email address and click No, Don't Notify Me.
Manual subscription: After successfully subscribing to the notification list, you will receive an email message from bigfix-users@lists.stanford.edu confirming this transaction. If you do not receive confirmation that your subscription request was successful, or if the Receive Email Notification dialog box does not appear, and you still want to receive notifications, send an email message to bigfix-users-join@lists.stanford.edu. The subject and body of the message can be left blank.
-
While BigFix is installing, a message is displayed
. -
After the has been successfully installed, click Close.
Note: The BigFix client installer opens port UDP 52311 inbound because BigFix will not work properly if your firewall isn't configured to accommodate it. Click here for more information about the Mac OS X firewall.
BigFix needs to run an "initial provisioning" process when it's been installed. This process takes 1-2 hours of the computer being up and running and online. Once this process has been completed, the BigFix icon should appear.
Install BigFix on your PC
Your system needs to meet or exceed these specifications
- Supported Operating Systems: Windows 10, upgraded to the latest Service Pack level
- All use of Windows XP must be eliminated (Microsoft discontinued support on April 8, 2014).
PCs that do not meet the specifications to install Bigfix or encryption software cannot be used for Stanford work and will need to be replaced. There are special cases (eg. a specific computer is required to run lab equipment etc). Please contact IRT to work through exception or replacement options by using this form.
You can easily verify whether BigFix is installed on your computer by looking for the BigFix icon. On Windows, the icon (which will first appear an hour or two after the initial installation of BigFix) will appear in the Windows task tray.
There may be times when the BigFix icon may not appear on your computer though the software is installed. In these cases you can also verify installation by looking in your computer's Applications folder.
For PCS
Open the Windows Task Manager by pressing CTRL + ALT + DELETE and clicking the Task Manager button.Click the Processes tab and look for BESClient.exe in the list of processes.
Note: You can get assistance by contacting IRT Help at 725-8000.
Removing Big Fix (Windows)
1. Open Add and Remove Programs by clicking the Start button and typing “Add and Remove Programs.”
2. Located the program called “Tivoli Endpoint Manager Client;" this is the same as BigFix. Click on the program and select “Uninstall.”
3. You will be asked to verify that you want to uninstall the Tivoli Endpoint Manager Client. Click "yes" to begin the uninstall process.
4. When the process completes, restart the computer.
-
Download and run the BigFix client installer. 16.7 MB
Note: You must install the BigFix client software while logged in to your PC with an account that has administrator privileges.
-
Select the Group ("Medical School") and Sub-Group for your computer location and then click OK. (If no appropriate Sub-Group is listed, select None.)
Note: Your Group and SubGroup selection determines which BigFix administrators will be responsible for distributing operating system patches to your computer, so it is important that this information be correct.
Note: The BigFix client installer opens port UDP 52311 inbound for Windows because BigFix will not work properly if your firewall isn't configured to accommodate it.
-
The installer will next ask you to provide your preferred email address if you want to be notified of any changes to the BigFix service at Stanford, such as the addition of new retrieved properties (that is, basic inventory information collected about your computer). To learn more about retrieved properties please see the BigFix Retrieved Properties List.
-
Manual subscription: When you are successfully subscribed to the notification list, you will receive an email message from bigfix-users@lists.stanford.edu informing you of this fact. If you do not receive confirmation that your subscription request was successful, or if the Request Email Notification dialog box pictured below does not appear in the first place, and you still want to receive notifications, send an email message to bigfix-users-join@lists.stanford.edu. The subject and body of the message can be left blank because they are ignored.
-
While BigFix is installing, a message is displayed. The installation could take up to a minute or two.
-
When BigFix has finished installing, click OK.
BigFix needs to run an "initial provisioning" process when it's been installed. This process takes 1-2 hours of the computer being up and running and online. Once this process has been completed, the BigFix icon should appear.
BigFix FAQs
1. You can easily verify whether BigFix is installed on your computer by looking for the BigFix icon (which will first appear an hour or two after the initial installation of BigFix).
On Windows, the icon will appear in
the Windows task tray.
On Mac, the icon will appear in the top nav bar.
2. There may be times when the BigFix icon may not appear on your computer though the software is installed. In these cases you can also verify installation by looking in your computer's Applications folder.
For MACS
On your hard drive, navigate to Applications > Utilities > Activity Monitor.
Be sure that All Processes is selected at the top of the window, sort by "Process Name", and look for the BESAgent (BigFix Enterprise Suite agent) in the list of processes.
If you don't see the BESAgent listed, please install BigFix.
For PCS
Open the Windows Task Manager by pressing CTRL + ALT + DELETE and clicking the Task Manager button.Click the Processes tab and look for BESClient.exe in the list of processes.
Note: If you do not have BigFix, please install. You can get assistance by contacting IRT Help at 725-8000
The BigFix security management tool is a small software program that enables the enterprise management of software updates and provides a central mechanism for auditing compliance with School of Medicine policies. This is critical since a wide variety of data is used at the School of Medicine that carry legal requirements for rigorous protections and the consequences of not being able to definitively prove that protections are in place can have severe consequences. In the case of Protected Health Information, for example, HIPAA requires that proof of encryption be provided in the event a computer is lost or stolen. BigFix can provide such proof.
To support the need for auditing and rigorous data management, School of Medicine policy mandates the installation of BigFix on all laptop, desktop computers and VM machines used for Stanford business regardless of whether the computer is used to access Restricted or Prohibited data. This includes both Stanford owned and personally owned computers.
BigFix will have no measurable impact on the performance of your computer.
More information on BigFix can be found at http://patching.stanford.edu/
BigFix must be installed on all laptops and desktops used for Stanford High Risk data. This includes both Stanford-owned and personally-owned computers that may store or access High Risk Data, even if it's just through email. If you use a Stanford or personally owned machine to access the hospitals' Epic and Cerner systems, it is subject to the school's Data Security policy and must have all school-mandated security services. BigFix, however, should not be installed on computers owned by SHC or LPCH.
Uninstalling BigFix (Mac)
1. Download the BigFix installer by going to: https://med.stanford.edu/datasecurity/bigfix.html
2. Open the Installer file and you will be given the option of AgentUninstaller and BigFix_Mac.pkg
3. Select "AgentUninstaller" and click to "Open"
4. You will be prompted to verify that you wantto uninstall BigFix. Click "Ok" to begin the uninstallation process.
5. You wil see a dialogue box stating that the uninstlaler files wants to make changes. Enter your admin password and click "Ok"
6. When the process completes, restart the computer.
Removing BigFix (Windows)
1. Open Add and Remove Programs by clicking the Start button and typing “Add and Remove Programs.”
2. Located the program called “Tivoli Endpoint Manager Client;" this is the same as BigFix. Click on the program and select “Uninstall.”
3. You will be asked to verify that you want to uninstall the Tivoli Endpoint Manager Client. Click "yes" to begin the uninstall process.
4. When the process completes, restart the computer.
Yes. The Data Security policy mandates that all computers used for Stanford business, including VM machines, run the BigFix management software. If the host machine is used to work with High Risk data (previously Restricted or Prohibited Data), it must have enterprise backup and encryption software installed, and any associated VM machine will by definition be compliant. You will be sent a survey through the BigFix software asking you to identify the host machine and its compliance status.
The BigFix device dashboard provides you up-to-date information on a given computer and its compliance status, including BigFix registration, and backup and encrpyption completion. For information on the compliance status of all of your devices, see the AMIE tool at https://med.stanford.edu/datasecurity/amie/
The BigFix dashboard also gives you access to the Data & Device Attestation and the Device Identification Survey for that particular machine, should you wish to change your answers.
You can open the BigFix device dashboard by clicking the BigFix icon on your machine. NOTE: When you first install BigFix, the BigFix icon will take an hour or two to appear (of your computer being up and online).
On Windows, the icon will appear in
the Windows task tray.
On Mac, the icon will appear in the top nav bar.
BigFix is used to report basic system information such as operating system version, amount of memory, software applications installed and security patches applied. We have also added some SoM specific properties around backup status, encryption status, and information that you have provided though BigFix-generated surveys.
For a full list of standard properties retreived by BigFix, see: https://itservices.stanford.edu/service/bigfix/retrieved_properties
No. BigFix has no measurable impact on computer performance.
BigFix runs on all Windows and Macintosh computers running an OS from the past 5 years (and maybe more).
Computers which are too old to comply should be replaced with modern, securable, and supportable equipment. If you have an older computer which CANNOT be replaced (i.e.: it's hooked up to an expensive piece of equipment, which can only be run from an older computer), then contact IRT to work through the exception process.
Yes, if you access or store Stanford High Risk data on it (run an email application, download email attachments, etc.). Any personally owned machine used to access the hospitals' Epic and Cerner systems is also subject to the school’s Data Security policy and must have BigFix and all other school-mandated security services.
A personally owned computer does not need to run BigFix if you ONLY use the computer remotely (not on campus) AND if you do not ever access High Risk data.
Not directly. Once BigFix has been installed, your computer will become part of the set of devices managed by the School of Medicine's IT staff.
The BigFix program will be used to identify the specific computer(s) you use and your preferred deployment option for installing the required backup and encryption services to your computer(s).
Yes. BigFix is licensed for use by Stanford affiliates, and it permits Stanford IT staff to centrally manage your computer. When your Stanford affiliation ends, it would be appropriate to uninstall BigFix. For assistance removing BigFix, please submit a Help Ticket.
For assistance removing BigFIx, please submit a Help Ticket.