Integrated Product Packs
Guaranteed State includes a set of out-of-the-box policies known as Integrated Product Packs.
This section provides information on these Integrated Product Packs which are provided with the Tachyon release and includes details on how to upload them into Tachyon.
Note
The Integrated Product Packs provided with the Tachyon release include predefined values determined through testing at 1E. Some of these values can be modified to meet specific environmental requirements. You should review the Integrated Product Pack pages below for guidelines, details of the predefined values and the available customization options, prior to deploying in your environment.
If you need to further customize any of the Policies, please contact 1E.
Note
A list of the instructions, policies, rules, and fragments is provided on each of the Integrated Product Pack pages. For more detailed information, please click on the link for an instruction, policy, rule, or fragment, to see a description in the Tachyon Product Packs reference.
MEMCM Client Health Policy
Many businesses rely on Microsoft Endpoint Manager Configuration Manager (MEMCM) to deploy software, patches and updates across their company networks. It is crucial that Configuration Manager is working effectively.
The MEMCM Client Health policy monitors Configuration Manager client health and performance. It checks for cache availability, inventory cycles, service availability and Configuration Manager WMI integrity - common causes of Configuration Manager client problems on devices.
The MEMCM Client Health policy replaces the previous SCCM Client Health policy and covers the following:
Ensure the correct version of the CM client is installed and running and assigned to the correct site
Ensure the CM client is not stuck in provisioning mode
Ensure that heartbeat discovery, inventory and state messages are being sent regularly
Ensures the CM client cache is set to the correct size
Ensure the CM client log settings are correct
Ensure the BITS service exists, configured to start up automatically and is running
Ensure the Windows Time service exists with correct startup settings
Ensure the Windows Management Instrumentation (WMI) service exists, configured to start automatically and is running
Ensure WMI is healthy, the core CIMv2 and ccm namespaces and classes exist and that the WMI repository is consistent
Ensure the Windows Update service exists with correct startup settings, is configured to use the correct source (CM, WSUS or Microsoft Update) and that the service can connect to the source
Note
This policy is intended for deployment to Windows devices only.
Important considerations
Before deploying the MEMCM Client Health Policy you need to be familiar with its contents and comfortable that you want to apply it to the devices in your network.
By default, automated fixes in the Policies provided by 1E are not enabled, this means you will have to specifically enable the ones you want to use before they can take effect.
A new or updated Policy should first be verified by deploying it to a Management Group containing a small number of devices, reviewing the Guaranteed State reports, and confirming the checks and enabled fixes are working as expected.
When you are comfortable with the results you can then deploy to larger Management Groups.
MEMCM Client Health Policy reference
For details on the policy, rules, triggers, preconditions, checks and fixes available in the MEMCM Client Health Policy please refer to MEMCM Client Health Integrated Product Pack.
Implementing MEMCM Client Install fix
Nomad Client Health Policy
Nomad is included as part of the 1E Client, and as part of that integration, we offer a Nomad client health compliance policy in Guaranteed State. This verifies common Nomad requirements such as ACP registration, disk availability, firewall exceptions, crash notifications and cache monitoring.
The Nomad client health policy replaces the client health tile in the Nomad dashboard plus additional remediation steps:
Keeps content distribution services up and running on Nomad clients, so that users are secure and productive
Ensures Alternative Content Provider (ACP) registration configuration is set
Maintains optimal disk availability and monitors cache size for storage capacity planning
Enforces Firewall exceptions.
Note
This policy is intended for deployment to Windows devices only.
Important considerations
Configuring and verifying
Before deploying the Nomad Health Policy you need to be familiar with its contents and comfortable that you want to apply it to the devices in your network.
By default, automated fixes in the Policies provided by 1E are not enabled, this means you will have to specifically enable the ones you want to use before they can take effect.
A new or updated Policy should first be verified by deploying it to a Management Group containing a small number of devices, reviewing the Guaranteed State reports, and confirming the checks and enabled fixes are working as expected. When you are comfortable with the results you can then deploy to larger Management Groups.
Please review the following specific considerations before verifying and deploying:
Rule | Considerations |
|---|---|
Check rule: Ensure Nomad does not have its content indexed by ConfigMgr software inventory checks | Disable this check rule if the Nomad cache location has been changed from the default C:\ProgramData\1E\NomadBranch. The corresponding fix rule is disabled by default. |
Deploying
Target the Policy at separate Management Groups for Distribution Points and Nomad clients, containing only Windows devices.
If you have deployed your Nomad clients with different baseline settings then consider creating different Management Groups for them, so that it will be easier to identify the potental differences in compliance. Target all clients to begin with and then target different groups as required.
Note
This policy is intended for deployment to Windows devices only, so in a cross-platform estate it is advisable to deploy this policy to a Management Group that is scoped to Windows devices. If you do target non-Windows devices then preconditions for the rules ensure those devices are unaffected and rules are reported as Not Applicable.
Nomad Client Health Policy reference
For details on the following instructions, policies, check rules, fix rules, triggers and preconditions, that are included in the Nomad Client Health Policy, please refer to Nomad Client Health Integrated Product Pack.
Note
Check Nomad can generate LSZ files on ConfigMgr distribution points
Check Nomad does not have its content indexed by ConfigMgr software inventory checks
Check Nomad has a virtual directory on ConfigMgr distribution points to perform LSZ generation
Check Nomad is not using the Windows temp directory for caching
Check Nomad is registered as an Alternate Content Provider with ConfigMgr
Windows Client Health Policy
Over time Windows devices can develop performance problems related to device or service availability. This policy verifies the available storage capacity on devices, notifies of application crashes, monitors WMI health and service function and also checks the behavior of core Windows services.
The Windows client health policy covers all of the following:
Manages Windows devices and service availability performance problems
Safeguards disk space integrity, ensuring sufficient storage capacity
Ensures optimum performance of the Configuration Manager client and that WMI is active and integrated
Notifies of application crashes and remediation assists. Investigates root cause for specific issues.
Note
This policy is intended for deployment to Windows devices only.
Important considerations
Before deploying the Windows Client Health Policy you need to be familiar with its contents and comfortable that you want to apply it to the devices in your network.
By default, automated fixes in the Policies provided by 1E are not enabled, this means you will have to specifically enable the ones you want to use before they can take effect.
A new or updated Policy should first be verified by deploying it to a Management Group containing a small number of devices, reviewing the Guaranteed State reports, and confirming the checks and enabled fixes are working as expected.
When you are comfortable with the results you can then deploy to larger Management Groups.
The policy contains the rule Check application crash count which by default specifies the Application Name as MyApplication.exe. You do not need to change this before deployment, but you can edit the rule to specify an the executable that you want to monitor, or clone the rule to monitor other executables. You will need to edit the rule and change the name in the Trigger and the Check tabs.
Windows Client Health Policy reference
For details on the policy, rules, triggers, preconditions, checks and fixes available in the Windows Client Health Policy please refer to Windows Client Health Integrated Product Pack.
Note
Tachyon Core Utilities
Overview
This Integrated Product Pack does not include any instructions, policies or rules. However, it does contain a number of triggers, preconditions, checks and fixes that can be used to help build your own policies, as described in Defining your own policy.
Core Utilities reference
For details on the triggers, preconditions, checks and fixes available in the Core Utilities please refer to Tachyon Core Integrated Product Pack.
Instructions
No Instructions.
Policies
No Policies.
Rules
No Rules.