PowerShell Exec MCP Server

generate_bigfix_action_script

Creates PowerShell remediation scripts for IBM BigFix that follow enterprise best practices including proper exit codes, logging, error handling, and system restore points.

Instructions

Generate a BigFix action script to perform remediation or configuration changes.

Creates a PowerShell action script that follows IBM BigFix best practices:
- Proper exit codes (0=success, 1=retryable failure, 2=non-retryable failure)
- BigFix client log integration for monitoring
- System restore point creation before changes
- Comprehensive error handling and logging
- Event log integration for troubleshooting

⚠️ IMPORTANT: For complete BigFix deployments, you need BOTH relevance and action scripts.
Consider using 'generate_bigfix_script_pair' instead to create both scripts together.

IBM BigFix References:
- Action Scripts: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_creating_action_scripts.html
- Exit Codes: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_action_script_exit_codes.html
- Best Practices: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_best_practices_for_creating_fixlets.html
- Client Logging: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Installation/c_bes_client_logging.html

Args:
    description: Clear description of what the script should accomplish (e.g., 'Install Chrome browser', 'Configure Windows firewall')
    action_logic: PowerShell code that performs the action. Use 'Complete-Action -Result "Success/RetryableFailure/NonRetryableFailure" -Message "details"' to indicate completion
    output_path: Optional file path where the script will be saved. If not provided, returns script content
    timeout: Command timeout in seconds (1-300, default 60)
    
Returns:
    Generated script content or path where script was saved
    
Example:
    Generate a script to install Chrome:
    ```
    result = await generate_bigfix_action_script(
        description="Install Chrome browser to latest version",
        action_logic='''
        try {
            $installer = "$env:TEMP\ChromeSetup.exe"
            Write-BigFixLog "Downloading Chrome installer..."
            Invoke-WebRequest -Uri "https://dl.google.com/chrome/install/latest/chrome_installer.exe" -OutFile $installer -UseBasicParsing
            Write-BigFixLog "Installing Chrome silently..."
            Start-Process -FilePath $installer -Args "/silent /install" -Wait
            Remove-Item $installer -Force
            Complete-Action -Result "Success" -Message "Chrome installation completed successfully"
        } catch {
            Complete-Action -Result "RetryableFailure" -Message "Chrome installation failed: $($_.Exception.Message)"
        }
        ''',
        output_path="chrome_action.ps1"
    )
    ```
    
Tips:
    - Always use Complete-Action function to set proper exit codes
    - Use "Success" for completed actions
    - Use "RetryableFailure" for temporary issues (network, locks, etc.)
    - Use "NonRetryableFailure" for permanent issues (unsupported OS, etc.)
    - Test action logic in safe environments first
    - Consider creating system restore points for major changes
    - Use Write-BigFixLog for detailed logging and troubleshooting
    - Make actions idempotent (safe to run multiple times)

Input Schema

TableJSON Schema

Name	Required	Description	Default
`description`	Yes
`action_logic`	Yes
`output_path`	No
`timeout`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Implementation Reference

server.py:659-735 (handler)

The primary handler function for the 'generate_bigfix_action_script' MCP tool. Decorated with @mcp.tool() for automatic schema generation and registration. Generates BigFix action scripts by populating the 'bigfix_action' template with provided parameters and logic.

@mcp.tool()
async def generate_bigfix_action_script(
    description: str,
    action_logic: str,
    output_path: Optional[str] = None,
    timeout: Optional[int] = 60
) -> str:
    """Generate a BigFix action script to perform remediation or configuration changes.
    
    Creates a PowerShell action script that follows IBM BigFix best practices:
    - Proper exit codes (0=success, 1=retryable failure, 2=non-retryable failure)
    - BigFix client log integration for monitoring
    - System restore point creation before changes
    - Comprehensive error handling and logging
    - Event log integration for troubleshooting
    
    ⚠️ IMPORTANT: For complete BigFix deployments, you need BOTH relevance and action scripts.
    Consider using 'generate_bigfix_script_pair' instead to create both scripts together.
    
    IBM BigFix References:
    - Action Scripts: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_creating_action_scripts.html
    - Exit Codes: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_action_script_exit_codes.html
    - Best Practices: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_best_practices_for_creating_fixlets.html
    - Client Logging: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Installation/c_bes_client_logging.html
    
    Args:
        description: Clear description of what the script should accomplish (e.g., 'Install Chrome browser', 'Configure Windows firewall')
        action_logic: PowerShell code that performs the action. Use 'Complete-Action -Result "Success/RetryableFailure/NonRetryableFailure" -Message "details"' to indicate completion
        output_path: Optional file path where the script will be saved. If not provided, returns script content
        timeout: Command timeout in seconds (1-300, default 60)
        
    Returns:
        Generated script content or path where script was saved
        
    Example:
        Generate a script to install Chrome:
        ```
        result = await generate_bigfix_action_script(
            description="Install Chrome browser to latest version",
            action_logic='''
            try {
                $installer = "$env:TEMP\\ChromeSetup.exe"
                Write-BigFixLog "Downloading Chrome installer..."
                Invoke-WebRequest -Uri "https://dl.google.com/chrome/install/latest/chrome_installer.exe" -OutFile $installer -UseBasicParsing
                Write-BigFixLog "Installing Chrome silently..."
                Start-Process -FilePath $installer -Args "/silent /install" -Wait
                Remove-Item $installer -Force
                Complete-Action -Result "Success" -Message "Chrome installation completed successfully"
            } catch {
                Complete-Action -Result "RetryableFailure" -Message "Chrome installation failed: $($_.Exception.Message)"
            }
            ''',
            output_path="chrome_action.ps1"
        )
        ```
        
    Tips:
        - Always use Complete-Action function to set proper exit codes
        - Use "Success" for completed actions
        - Use "RetryableFailure" for temporary issues (network, locks, etc.)
        - Use "NonRetryableFailure" for permanent issues (unsupported OS, etc.)
        - Test action logic in safe environments first
        - Consider creating system restore points for major changes
        - Use Write-BigFixLog for detailed logging and troubleshooting
        - Make actions idempotent (safe to run multiple times)
    """
    params = {
        "SYNOPSIS": f"BigFix Action Script - {description}",
        "DESCRIPTION": description,
        "DATE": datetime.now().strftime('%Y-%m-%d'),
        "ACTION_LOGIC": action_logic
    }
    
    if output_path:
        output_path = ensure_directory(output_path)
    
    return await generate_script_from_template("bigfix_action", params, output_path, timeout)

server.py:159-195 (helper)

Core helper function used by generate_bigfix_action_script to load and populate the 'bigfix_action.ps1' template file with dynamic parameters.

async def generate_script_from_template(
    template_name: str,
    parameters: Dict[str, Any],
    output_path: Optional[str] = None,
    timeout: Optional[int] = 60
) -> str:
    """Generate a PowerShell script from a template.
    
    Args:
        template_name: Name of the template to use (without .ps1 extension)
        parameters: Dictionary of parameters to replace in the template
        output_path: Where to save the generated script (optional)
        timeout: Command timeout in seconds (1-300, default 60)
        
    Returns:
        Generated script content or path where script was saved
    """
    template_path = os.path.join(TEMPLATES_DIR, f"{template_name}.ps1")
    if not os.path.exists(template_path):
        raise ValueError(f"Template {template_name} not found")
        
    with open(template_path, 'r') as f:
        template_content = f.read()
        
    # Replace template variables
    script_content = template_content
    parameters['DATE'] = datetime.now().strftime('%Y-%m-%d')
    
    for key, value in parameters.items():
        script_content = script_content.replace(f"{{{{{key}}}}}", str(value))
        
    if output_path:
        with open(output_path, 'w') as f:
            f.write(script_content)
        return f"Script generated and saved to: {output_path}"
    
    return script_content

server.py:316-325 (helper)

Helper utility called by generate_bigfix_action_script to ensure output directory exists before writing generated script.

@mcp.tool()
def ensure_directory(path: str) -> str:
    """Ensure directory exists and return absolute path."""
    abs_path = normalize_path(path)
    if os.path.splitext(abs_path)[1]:  # If path has an extension
        dir_path = os.path.dirname(abs_path)
    else:
        dir_path = abs_path
    os.makedirs(dir_path, exist_ok=True)
    return abs_path

server.py:659-659 (registration)
MCP tool registration decorator for generate_bigfix_action_script, which also auto-generates input schema from function signature and docstring.
```
@mcp.tool()
```

Tool Definition Quality

A4.7/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It does an excellent job describing what the tool generates (PowerShell scripts with specific best practices like exit codes, logging, restore points) and includes important warnings about testing in safe environments and making actions idempotent. It doesn't mention rate limits or authentication needs, but covers most critical behavioral aspects for a script generation tool.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured with clear sections (purpose, best practices, warnings, references, args, returns, example, tips) and front-loads the most important information. While comprehensive, some sections like the detailed reference URLs could be trimmed for conciseness. Every sentence adds value, but the overall length is substantial for a tool description.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of generating BigFix action scripts, the description provides exceptional completeness. It covers purpose, best practices, warnings, parameter semantics, return values, examples, and tips. With an output schema present, it doesn't need to explain return values in detail. The description addresses all aspects needed for an AI agent to correctly use this tool, including sibling tool differentiation and implementation guidance.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

With 0% schema description coverage, the description fully compensates by providing detailed explanations for all 4 parameters. Each parameter is clearly documented in the Args section with examples and constraints (e.g., 'Clear description of what the script should accomplish', 'PowerShell code that performs the action', 'Optional file path', 'Command timeout in seconds (1-300, default 60)'). The example further illustrates parameter usage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Generate a BigFix action script to perform remediation or configuration changes.' It specifies the technology (PowerShell), the platform (IBM BigFix), and distinguishes it from sibling tools by mentioning 'generate_bigfix_script_pair' as an alternative for complete deployments. The verb 'generate' and resource 'BigFix action script' are specific and unambiguous.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit guidance on when to use this tool versus alternatives. It states: 'For complete BigFix deployments, you need BOTH relevance and action scripts. Consider using 'generate_bigfix_script_pair' instead to create both scripts together.' This directly addresses when to choose this tool over its sibling, and the Tips section offers additional usage advice like testing in safe environments first.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/DynamicEndpoints/PowerShell-Exec-MCP-Server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server