Skip to main content

1E 23.11 (SaaS)

Client Health page

The Client Health page shows information from two Integrated Product Packs provided with the Tachyon Platform:

These Integrated Product Packs are represented on the Client Health page by two sets of panels that can be explored in the Rules and Devices pages in Introducing 1E Endpoint Automation.

Introduction to Guaranteed State concepts

Guaranteed State allows you to easily check and enforce device state. Device state can represent just about anything you'd like to be set in a certain way for a collection of devices. Once you have imported an Integrated Product Pack you can configure and deploy policies to manage various device attributes. For example:

  • Registry keys

  • Services

  • Config Manager metrics such as client cache usage

  • Disk free space

  • WMI namespaces and classes.

Before using Guaranteed State you need to upload some policies (with their rules, triggers and preconditions). Please refer to Installing the Nomad app and 1E Content Distribution - 1E Nomad product packs for details about Nomad feature-related Product Packs.

Product Packs are required to support various features of Nomad:

Client Health

The state of devices where Guaranteed State policies have been deployed is represented in this form.

The user has the ability to drill down into the percentage of failures for each group of device states. For example, where the meaning of device states and their precedence is as follows:

State

Description

Unknown

The device has yet to receive, evaluate or report back on its compliance state for at least one rule.

Error

The device has failed to evaluate at least one deployed rule.

For example a device may report 97% of deployed rules as Not Applicable, but since 3% of the deployed rules reported as Error this means the whole Device State is marked as Error.

Not Applicable

At least one rule deployed to the device is not applicable.

For example, this would occur if a Windows-specific rule was deployed to a non-Windows device.

Non-compliant

At least one rule deployed to the device failed compliance checks.

For example in the example above 86% of policy rules are compliant for the high-lighted device, but since 8% of the rules are Non-compliant the state of the whole device is marked as Non-compliant.

Compliant

The device passed compliance checks for every deployed policy rule.

The drill down navigates to the Devices report filtered on the selected Device State such as Noncompliant.

The Device State panel is shown on the Guaranteed State Overview page.

Refer to Guaranteed State Overview page page for details about other Guaranteed State Dashboard charts.

MEMCM Client Health Policy

Many businesses rely on Microsoft Endpoint Manager Configuration Manager (MEMCM) to deploy software, patches and updates across their company networks. It is crucial that Configuration Manager is working effectively.

The MEMCM Client Health policy monitors Configuration Manager client health and performance. It checks for cache availability, inventory cycles, service availability and Configuration Manager WMI integrity - common causes of Configuration Manager client problems on devices.

The MEMCM Client Health policy replaces the previous SCCM Client Health policy and covers the following:

  • Ensure the correct version of the CM client is installed and running and assigned to the correct site

  • Ensure the CM client is not stuck in provisioning mode

  • Ensure that heartbeat discovery, inventory and state messages are being sent regularly

  • Ensures the CM client cache is set to the correct size

  • Ensure the CM client log settings are correct

  • Ensure the BITS service exists, configured to start up automatically and is running

  • Ensure the Windows Time service exists with correct startup settings

  • Ensure the Windows Management Instrumentation (WMI) service exists, configured to start automatically and is running

  • Ensure WMI is healthy, the core CIMv2 and ccm namespaces and classes exist and that the WMI repository is consistent

  • Ensure the Windows Update service exists with correct startup settings, is configured to use the correct source (CM, WSUS or Microsoft Update) and that the service can connect to the source

Note

This policy is intended for deployment to Windows devices only.

MEMCM Client Health Policy
MEMCM Client Health Rule Status example

A user has the ability to drill down into a segment, for example, to examine exactly which policy rules reported failures across all the devices for which it was deployed.

In our example, a member of the Nomad Administrator role wants to investigate why Policy Rule Status is showing as Non-compliant for 14.5% of the 16 assigned rules.

By clicking on the Non-compliant segment they open the Guaranteed State app on the Rules page which displays the associated rules, in this case these are:

  • MEMCM Client FileCollectionSent

  • MEMCM Client IDMIFCollectionSent

  • MEMCM Client Logging

  • Service wuauserv TriggerStart.

You can reference a table showing the policies included in the MEMCM Client Health Integrated Product Pack at Nomad Client Health integrated product pack.Nomad Client Health integrated product pack

MEMCM Policy Rule Status noncompliant

In the Compliance column the Nomad Administrator sees there are no compliant computers for the Configuration Manager Client rules. From this point, they can click on the Compliance color bar for the Configuration Manager Client Logging Rule Name, and expose the individual devices affected.

Policy Rule Status noncompliant
Devices with rule MEMCM Client Client Logging

To assist troubleshooting the Nomad Administrator can click on a device name to see its Device View. This is the same view you can see in the Devices Page - Nomad Configuration in the Nomad app, but here it is focused on the Polices tab as the focus is in the Guaranteed State app, filtered on the Configuration Manager Client Health policy.

Note

Clicking the Device Status navigates to the Devices page in the Guaranteed State app filtered based on the chart segment clicked on. From the filtered Devices page, you can then explore an individual Device View as shown in the picture opposite.

1ETRNW101 Device View
Nomad Client Health Policy

Nomad is included as part of the 1E Client, and as part of that integration, we offer a Nomad client health compliance policy in Guaranteed State. This verifies common Nomad requirements such as ACP registration, disk availability, firewall exceptions, crash notifications and cache monitoring.

The Nomad client health policy replaces the client health tile in the Nomad dashboard plus additional remediation steps:

  • Keeps content distribution services up and running on Nomad clients, so that users are secure and productive

  • Ensures Alternative Content Provider (ACP) registration configuration is set

  • Maintains optimal disk availability and monitors cache size for storage capacity planning

  • Enforces Firewall exceptions.

Note

This policy is intended for deployment to Windows devices only.

Nomad Client Health Policy
Nomad Client Health Rule Status example

A user has the ability to drill down into a segment, for example, to examine exactly which policy rules reported failures across all the devices for which it was deployed.

In our example, a member of the Nomad Administrator role wants to investigate why Policy Rule Status is showing as Not Applicable for 14.3% of the 10 assigned rules.

By clicking on the Not Applicable segment they open the Guaranteed State app on the Rules page which displays the associated rules, in this case these are:

  • Check Nomad can generate LSZ files on ConfigMgr distribution points

  • Check Nomad has a virtual directory on ConfigMgr distribution points to perform LSZ generation.

You can reference a table showing the policies included in the Nomad Client Health Integrated Product Pack at Nomad Client Health integrated product pack.Nomad Client Health integrated product pack

Nomad Client Health Rule Policy Rule Status noncompliant

In the Compliance column the Nomad Administrator sees there are no compliant computers for the two Check Nomad rules. From this point they can click on the Compliance colour bar for the Check Nomad can generate LSZ files on ConfigMgr distribution points Rule Name, and expose the individual devices affected.

Client Health Policy Rule detail
Client Health Policy Rule affected devices

To assist troubleshooting the Nomad Administrator can click on a device name to see its Device View. This is the same view you can see in the Devices Page - Nomad Configuration in the Nomad app, but here it is focused on the Polices tab as the focus is in the Guaranteed State app filtered on the Nomad Client Health policy.

Note

Clicking the Device Status navigates to the Devices page in the Guaranteed State app filtered based on the chart segment clicked on. From the filtered Devices page, you can then explore an individual Device View as shown in the picture opposite.

1ETRNW101 Device View - Client Health
Integrated Product Packs overview

Integrated Product Packs are Zip files containing Guaranteed State policies, but can also contain instructions (as an alternative to classic Product Packs which can only contain instructions).

You can upload these Zip files into Tachyon using the Tachyon Product Pack deployment tool, please refer to Uploading Integrated Product Packs for details.

1E provides a number of ready-made policies which are described on the Integrated Product Packs pages:

  • MEMCM Client Health Policy

  • Nomad Client Health Policy

  • Windows Client Health Policy

  • Tachyon Core Utilities.

These pages include lists of instructions, policies, rules, fragments (preconditions, checks, and fixes), and trigger templates. The lists have links to more detailed information about each pack in the 1E DEXPacks reference.

You can also create your own policies using rules, fragments, and triggers from other Integrated Product Packs, for example, the Tachyon Core Integrated Product Pack.