CBI Blog - IBM BigFix

IBM BigFix: Automated Software Removal

blog_bigfix-software-removal.jpg

So in the world of BigFix, there is a tremendous amount of flexibility – your imagination is normally the limit. In my conversations with customers, I would frequently get asked a question that I didn’t have a good answer for, so I decided to fix that problem.

What’s the problem?

Within BigFix, I can gather tons of useful information about the machine and everything that happens on it.  If I leverage the BigFix Inventory module, I can see all of my software and how often it is being used. For freeware applications, most people don’t care, but when we get into licensed software, that is a completely different story. Do I care if I own 1,000 copies of Microsoft Visio Professional and only 50 have been used in the last 6 months?  Yep.  I have a couple of distinct concerns when it comes to licensed software. I care if I have more copies deployed that I own, and once a year or so when I do my true-ups or renewals, I care how those copies are being used.  I can save a lot of money if I know how my licensed software is actually being used.

Within BigFix Inventory, it is very simple to see Installed vs. Owned vs. Used. The missing piece of the puzzle has been dealing with the unused software automatically.  So how cool would it be if I could take some select pieces of software and automatically uninstall them if they aren’t being used?  Very cool. How cool would it be if I could allow exemptions to this process so that the person that only uses the software once a year – but must always have it installed – is allowed to keep it? Even cooler.

When someone requests a piece of software, the questions are always the same:

Do I have any licenses available?

  • Yes
    • Deploy the software
  • No 
    • Either purchase additional software
    • Find a “volunteer” to have the software removed from their system. This is the issue that we are going to automate.

This will allow the license compliance team to always know the true state of their licensed software.  If it is deployed, then it is being used.

Also, look at this from a security perspective.  How many patches no longer have to be deployed to patch apps that aren’t being used at all? Holes don’t need to be closed if they aren’t there to begin with.

This is where I get to leverage the inherent power of BigFix and the ability to solve just about any problem through the use of the native language of BigFix - Relevance.

This solution is designed for smaller scale – 50-75 applications would probably be pushing it. This is designed to work at the specific individual application level, but you can always toss things into a baseline to leverage multiple automated uninstalls at once. The purpose of this solution is to focus on a specific niche that needs some love and attention.

Automatic Removal of Unused Software

Issue

When discussing BigFix Inventory with customers, both technical folks, managers and executives, they are often very happy with the capability of knowing how much licensed software is deployed that isn’t being used within their organization.

This is almost always followed up by someone asking if we can automatically uninstall the unused software. My standard response is that we could do this, but the content doesn’t exist out of the box and it might be fairly complicated to do so. This is frequently a big let-down for them.

This is an important capability that is missing from our bag of tricks.

Solution

By leveraging the application usage data from BigFix Inventory that is stored locally on each client, we can identify applications that haven’t been used in X days.

We can then use the inherent goodness of BigFix to remove the software automatically by leveraging software distribution. We can even skip systems that should be excluded from this process.

This solution is designed to deal with this problem from an individual application perspective – we aren’t going to start blindly ripping applications off of machines.

This is a very straight forward solution that will be easy to implement and bring value to the customer.

Use Case

The use case for this demonstration is to identify systems that have Microsoft Visio Professional 2013 installed that haven’t used it in 90+ days and automatically remove it.

Assumptions

There are some assumptions that I'm making. The biggest one is that there is a fixlet that will properly perform the uninstall. If the customer is using BigFix to deploy software – which they probably are, then this fixlet will exist. For every software installation I created in BigFix, I always create an uninstall. I validate both the installs and the uninstalls at the same time – makes life easier before I get pulled off on another task.  If the installation is MSI based, BigFix Software Distribution will automatically create the uninstall for you – including all of the awesome relevance to make sure that the uninstall fixlet is only applicable to systems with the application installed.

I am also assuming that BigFix Inventory scans are enabled and running within the environment. For us to be completely sure that the software hasn’t been used in 90+ days, the customer would need to have scans running for 90 days before fully implementing this concept.

High Level Details

To properly identify systems that have software installed that isn’t being used, there are a couple of things that we need to do.

  1. Verify that the application is installed
  2. Verify that the app isn’t listed in the BigFix Inventory app usage file as being used within the last 90 days
  3. Verify that the install date of the application is more than 90 days ago

All of this is done through relevance and systems that match the above criteria will be placed into an automatic group (Group 1).

Next we need to create a manual group for the systems that should be excluded from this process (Group 2). Exceptions are a key component of this – don’t give the squeaky wheel a reason to squeak.

The final step to identifying the systems that haven’t used the app and that can have it removed is to create another automatic group (Group 3). This group is simply the delta of Group 1 and Group 2.

Now that we have the systems with unused Visio properly identified, we can leverage the existing fixlet to uninstall Visio by enabling a policy action against Group 3.

As the customer begins to implement more of these types of actions, we can simply throw all of these Group 3s into another automatic group and then leverage a baseline of all of the uninstalls against this “master” group if we wanted to.  Some customers prefer to keep them separate.

Technical Details

Let’s talk about the specifics on how this truly works. The key logic for all of this functionality is inside Group 1.

Group 1 – Visio is Installed and Not used in 90 days

This group relies upon three relevance queries to evaluate to True.

Relevance 1

This relevance query will look in the Add/Remove programs area of the registry to see if the app is listed there.

BigFix_Automated1.jpg

Relevance 2

This relevance query will look in the app_usage_data file from BigFix Inventory to check for a couple of things.

  • Visio.exe is listed there and it shows not being used for 90+ days
  • Visio.exe is not listed there at all.

This will allow the solution to work properly even if the application is installed but has never been launched.

BigFix_Automated2.jpg

Relevance 3

This relevance query will look for the date that the app was installed. This will ensure that an application that has been installed – but never used – will not be uninstalled before the 90 day mark. This is a key piece of protection.  Standard application installations should insert this date into the registry by default.  Double-check your app in question to ensure that it does have this info listed in the registry. This key will change for each application.

BigFix_Automated3.jpg

Group 2 – Exemptions to the automated Visio removal policy

This is simply a manual group. When systems are identified as being allowed to keep an application installed even if they hardly ever (or never) use it should be placed in this group.

Group 3 – Systems that we can automatically remove Visio from if they don’t use it.

This is an automatic group that is simply the delta of Group 1 and Group 2

BigFix_Automated4.jpg

Now we can:

  • Automatically identify systems that aren’t using Visio
  • Automatically uninstall it and allow for exemptions.

From here we can simply create a Policy action – dynamically targeting Group 3 above that will uninstall the application using the Visio Uninstall fixlet that has already been validated to function properly.

As the customer grows this implementation, they could easily throw the desired uninstall fixlets into a baseline and leverage a policy action from there. Again – controlled, predictable and repeatable actions.

Screenshots

Group 1

Here we can see that we have two systems that haven’t used Visio in 90+ days.

BigFix_Automated5.jpg

Group 2

This is a system that has been excluded from the automatic uninstalls.

BigFix_Automated6.jpg

Group 3

This is a list of the systems that will have Visio uninstalled automatically. Again, this group is simply the delta of the other two groups.

BigFix_Automated7.jpg

I can see here that both of the systems that have Visio installed are applicable to the Uninstall fixlet. If this fixlet doesn’t exist in the customer’s environment, they can easily leverage the Software Distribution dashboard to create it.

BigFix_Automated8.jpg

This is the policy action that I could enable to automatically remove Visio from systems that have not used it in 90+ days and are not on the exemptions list.

BigFix_Automated9.jpg

Relevance Queries

Here are the contents of the relevance queries that I used in Group 1.

(exists keys “HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallOffice15.VISPRO” whose (exists values whose(name of it = “DisplayName” AND it as string as lowercase = “Microsoft Visio Professional 2013” as lowercase ) of it) of registry)

(exists lines whose ((((preceding text of first “;” of following text of first “;” of it) as time) <= (now – 90*day)) and ((preceding text of first “;” of it) as lowercase = “visio.exe”)) of file “C:Program Files (x86)BigFix EnterpriseBES ClientLMTCITapp_usage_data” or not exists lines whose ((preceding text of first “;” of it) as lowercase = “visio.exe”) of file “C:Program Files (x86)BigFix EnterpriseBES ClientLMTCITapp_usage_data”)

(value “InstallDate” of key “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products0005109150000000000000000F01FECInstallProperties” of native registry) as integer <= (((year of it as string & month of it as two digits & day_of_month of it as two digits) of date (local time zone) of it) of (now – 90*day)) as integer

Summary

This solution will fill a gap within the tools that is important to customers – again, I get asked all the time about this. Until now, we could automatically tell them which apps aren’t being used, but we couldn’t automatically leverage that information. Now we can.

This will allow customers to easily implement a process to automatically remove applications that aren’t being used. The relevance for this can easily be modified to look for any other application. This solution will provide controlled, predictable and repeatable actions – again this highlights the tremendous power of BigFix.

Think of the power that this brings to the customer for license compliance.  Someone requested a copy of Visio.  They can look at their contract compliance for Visio and see if they have available licenses – and know that their existing licenses are actually being used. This makes the decision to authorize the user’s request very simple.

This solution isn’t designed for massive numbers of automated uninstallations, but can easily scale to 50-75 or so applications – maybe even 100 before you start seeing an impact depending on what you use BigFix for.

The customer can easily take these individual groups/actions and build a baseline to easily manage this from an enterprise perspective. This process can easily fit into an existing Change Management process.

One of the side benefits of this type of solution is that this shows the customer the true power and flexibility of BigFix and hopefully begins to get them to think outside of the box. This is where BigFix can truly dominate. There is so much power with BigFix, but many don’t realize the full power of the tools.

Before I could only say “we could do this”. Now I can clearly change this to “we can do this, let me show you how”. Spread the word and help our customers achieve their goals.

If you want to learn even more, be sure to check out our other blog posts about IBM BigFix:

CBI Jason Cordell

Jason Cordell

Jason Cordell is the Strategic Manager for IBM and is responsible for leading and executing the IBM vision at CBI. Jason brings 20 years of real world industry experience with him to CBI. Prior to joining CBI, he was a BigFix pre-sales engineer at IBM. Jason has managed a wide variety of environments using a diverse set of tools over the years and understands the challenges based upon first-hand experience.