Skip to main content

1E 23.11 (SaaS)

Integrated Product Packs

Guaranteed State includes a set of out-of-the-box policies known as Integrated Product Packs.

This section provides information on these Integrated Product Packs which are provided with the Tachyon release and includes details on how to upload them into Tachyon.

Note

The Integrated Product Packs provided with the Tachyon release include predefined values determined through testing at 1E. Some of these values can be modified to meet specific environmental requirements. You should review the Integrated Product Pack pages below for guidelines, details of the predefined values and the available customization options, prior to deploying in your environment.

If you need to further customize any of the Policies, please contact 1E.

Note

A list of the instructions, policies, rules, and fragments is provided on each of the Integrated Product Pack pages. For more detailed information, please click on the link for an instruction, policy, rule, or fragment, to see a description in the Tachyon Product Packs reference.

MEMCM Client Health Policy

Many businesses rely on Microsoft Endpoint Manager Configuration Manager (MEMCM) to deploy software, patches and updates across their company networks. It is crucial that Configuration Manager is working effectively.

The MEMCM Client Health policy monitors Configuration Manager client health and performance. It checks for cache availability, inventory cycles, service availability and Configuration Manager WMI integrity - common causes of Configuration Manager client problems on devices.

The MEMCM Client Health policy replaces the previous SCCM Client Health policy and covers the following:

  • Ensure the correct version of the CM client is installed and running and assigned to the correct site

  • Ensure the CM client is not stuck in provisioning mode

  • Ensure that heartbeat discovery, inventory and state messages are being sent regularly

  • Ensures the CM client cache is set to the correct size

  • Ensure the CM client log settings are correct

  • Ensure the BITS service exists, configured to start up automatically and is running

  • Ensure the Windows Time service exists with correct startup settings

  • Ensure the Windows Management Instrumentation (WMI) service exists, configured to start automatically and is running

  • Ensure WMI is healthy, the core CIMv2 and ccm namespaces and classes exist and that the WMI repository is consistent

  • Ensure the Windows Update service exists with correct startup settings, is configured to use the correct source (CM, WSUS or Microsoft Update) and that the service can connect to the source

Note

This policy is intended for deployment to Windows devices only.

Important considerations

Before deploying the MEMCM Client Health Policy you need to be familiar with its contents and comfortable that you want to apply it to the devices in your network.

By default, automated fixes in the Policies provided by 1E are not enabled, this means you will have to specifically enable the ones you want to use before they can take effect.

A new or updated Policy should first be verified by deploying it to a Management Group containing a small number of devices, reviewing the Guaranteed State reports, and confirming the checks and enabled fixes are working as expected.

When you are comfortable with the results you can then deploy to larger Management Groups.

MEMCM Client Health Policy reference

For details on the policy, rules, triggers, preconditions, checks and fixes available in the MEMCM Client Health Policy please refer to MEMCM Client Health Integrated Product Pack.

Implementing MEMCM Client Install fix
Nomad Client Health Policy

Nomad is included as part of the 1E Client, and as part of that integration, we offer a Nomad client health compliance policy in Guaranteed State. This verifies common Nomad requirements such as ACP registration, disk availability, firewall exceptions, crash notifications and cache monitoring.

The Nomad client health policy replaces the client health tile in the Nomad dashboard plus additional remediation steps:

  • Keeps content distribution services up and running on Nomad clients, so that users are secure and productive

  • Ensures Alternative Content Provider (ACP) registration configuration is set

  • Maintains optimal disk availability and monitors cache size for storage capacity planning

  • Enforces Firewall exceptions.

Note

This policy is intended for deployment to Windows devices only.

Important considerations
Configuring and verifying

Before deploying the Nomad Health Policy you need to be familiar with its contents and comfortable that you want to apply it to the devices in your network.

By default, automated fixes in the Policies provided by 1E are not enabled, this means you will have to specifically enable the ones you want to use before they can take effect.

A new or updated Policy should first be verified by deploying it to a Management Group containing a small number of devices, reviewing the Guaranteed State reports, and confirming the checks and enabled fixes are working as expected. When you are comfortable with the results you can then deploy to larger Management Groups.

Please review the following specific considerations before verifying and deploying:

Rule

Considerations

Check rule: Ensure Nomad does not have its content indexed by ConfigMgr software inventory checks

Disable this check rule if the Nomad cache location has been changed from the default C:\ProgramData\1E\NomadBranch.

The corresponding fix rule is disabled by default.

Deploying

Target the Policy at separate Management Groups for Distribution Points and Nomad clients, containing only Windows devices.

If you have deployed your Nomad clients with different baseline settings then consider creating different Management Groups for them, so that it will be easier to identify the potental differences in compliance. Target all clients to begin with and then target different groups as required.

Note

This policy is intended for deployment to Windows devices only, so in a cross-platform estate it is advisable to deploy this policy to a Management Group that is scoped to Windows devices. If you do target non-Windows devices then preconditions for the rules ensure those devices are unaffected and rules are reported as Not Applicable.

Nomad Client Health Policy reference

For details on the following instructions, policies, check rules, fix rules, triggers and preconditions, that are included in the Nomad Client Health Policy, please refer to Nomad Client Health Integrated Product Pack.

Note

InstructionsPoliciesRulesFragmentsTrigger templates
Windows Client Health Policy

Over time Windows devices can develop performance problems related to device or service availability. This policy verifies the available storage capacity on devices, notifies of application crashes, monitors WMI health and service function and also checks the behavior of core Windows services.

The Windows client health policy covers all of the following:

  • Manages Windows devices and service availability performance problems

  • Safeguards disk space integrity, ensuring sufficient storage capacity

  • Ensures optimum performance of the Configuration Manager client and that WMI is active and integrated

  • Notifies of application crashes and remediation assists. Investigates root cause for specific issues.

Note

This policy is intended for deployment to Windows devices only.

Important considerations

Before deploying the Windows Client Health Policy you need to be familiar with its contents and comfortable that you want to apply it to the devices in your network.

By default, automated fixes in the Policies provided by 1E are not enabled, this means you will have to specifically enable the ones you want to use before they can take effect.

A new or updated Policy should first be verified by deploying it to a Management Group containing a small number of devices, reviewing the Guaranteed State reports, and confirming the checks and enabled fixes are working as expected.

When you are comfortable with the results you can then deploy to larger Management Groups.

The policy contains the rule Check application crash count which by default specifies the Application Name as MyApplication.exe. You do not need to change this before deployment, but you can edit the rule to specify an the executable that you want to monitor, or clone the rule to monitor other executables. You will need to edit the rule and change the name in the Trigger and the Check tabs.

Windows Client Health Policy reference

For details on the policy, rules, triggers, preconditions, checks and fixes available in the Windows Client Health Policy please refer to Windows Client Health Integrated Product Pack.

Tachyon Core Utilities
Overview

This Integrated Product Pack does not include any instructions, policies or rules. However, it does contain a number of triggers, preconditions, checks and fixes that can be used to help build your own policies, as described in Defining your own policy.

Core Utilities reference

For details on the triggers, preconditions, checks and fixes available in the Core Utilities please refer to Tachyon Core Integrated Product Pack.

Instructions

No Instructions.

Policies

No Policies.

Rules

No Rules.

Fragments
Trigger templates