Editing the Masthead on Linux systems
To modify the masthead, run the following command as super user:
./BESAdmin.sh -editmasthead -sitePvkLocation=<path+license.pvk>
[ -sitePvkPassword=<password> ]
[ -display ] [ -advGatherSchedule=<0-10> ] [ -advController=<0-2> ]
[ -advInitialLockState=<0|2> | -advInitialLockState=1 -advInitialLockDuration=<num> ]
[ -advActionLockExemptionURL=<url> ] [ -advRequireFIPScompliantCrypto=<true|false> ]
where:- -sitePvkLocation=<path+license.pvk>
- Specifies the private key file (filename.pvk).
This private key file and its password are required to run the Administration
Tool. Only users with access to the site level signing key and password
are able to create new Endpoint Manager operators.Note: The notation <path+license.pvk> used in the command syntax stands for path_to_license_file/license.pvk.
- -sitePvkPassword=<password>
- Specifies the password associated to the private key file (filename.pvk). This setting is optional, if you omit it you’ll be asked to specify the password interactively when the command runs.
- -display
- Displays the current settings for the masthead.
- advGatherSchedule (optional, integer)
- Determines how long the clients wait without hearing from the
server before they check whether new content is available. In general,
whenever the server gathers new content, it attempts to notify the
clients that the new content is available through a UDP connection,
circumventing this delay. However, in situations where UDP is blocked
by firewalls or where network address translation (NAT) remaps the
IP address of the client from the servers perspective, a smaller interval
becomes necessary to get a timely response from the clients. Higher
gathering rates only slightly affect the performance of the Server,
because only the differences are gathered; a client does not gather
information that it already has. Valid values are:
0=Fifteen Minutes, 1=Half Hour, 2=Hour, 3=Eight Hours, 4=Half day, 5=Day, 6=Two Days, 7=Week, 8=Two Weeks, 9=Month, 10=Two Months
- advController (optional, integer)
- Determines who can change the action lock state. The default is Console,
which allows any Console operator with management rights to change
the lock state of any client in the network. If you want to delegate
control over locking to the user, you can select Client,
but this is not recommended. Valid values are:
0=console, 1=client, 2=nobody
- advInitialLockState (optional, integer)
- Specifies the initial lock state of all clients. Locked clients
report which Fixlet messages are relevant for them, but do not apply
any actions. The default is to leave them unlocked and to lock specific
clients later on. However, you might want to start with the clients
locked and then unlock them on an individual basis to give you more
control over newly-installed clients. Alternatively, you can set them
to be locked for a certain period of time. Valid values are:
0=Locked, 1=timed (specify duration), 2=Unlocked
- advInitialLockDuration (optional, integer)
- Defines the period of time in seconds the clients must be locked.
- advActionLockExemptionURL (optional, string)
- In rare cases, you might need to exempt a specific URL from any
locking actions. Check this box and enter the exempt URL. Note: You can specify only one site URL and it must begin with http://.
- advRequireFIPScompliantCrypto (optional, boolean)
- Implements the Federal Information Processing Standard on your network. This changes the masthead so that every IBM Endpoint Manager component attempts to go into FIPS mode. By default, the client continues in non-FIPS mode if it fails to correctly enter FIPS, which might be a problem with certain legacy operating systems. Be aware that checking this box can add a few seconds to the client startup time