Client Health page
The Client Health page shows information from two Integrated Product Packs provided with the Tachyon Platform:
These Integrated Product Packs are represented on the Client Health page by two sets of panels that can be explored in the Rules and Devices pages in Introducing 1E Endpoint Automation.
Introduction to Guaranteed State concepts
Guaranteed State allows you to easily check and enforce device state. Device state can represent just about anything you'd like to be set in a certain way for a collection of devices. Once you have imported an Integrated Product Pack you can configure and deploy policies to manage various device attributes. For example:
Registry keys
Services
Config Manager metrics such as client cache usage
Disk free space
WMI namespaces and classes.
Before using Guaranteed State you need to upload some policies (with their rules, triggers and preconditions). Please refer to Installing the Nomad app and 1E Content Distribution - 1E Nomad product packs for details about Nomad feature-related Product Packs.
Product Packs are required to support various features of Nomad:
Classic Product Packs - contain instructions, for use in Explorer and other Tachyon applications
Integrated Product Packs - contain policies, rules and fragments for use by Guaranteed State, and may also include instructions.
The state of devices where Guaranteed State policies have been deployed is represented in this form.
The user has the ability to drill down into the percentage of failures for each group of device states. For example, where the meaning of device states and their precedence is as follows:
State | Description |
---|---|
Unknown | The device has yet to receive, evaluate or report back on its compliance state for at least one rule. |
Error | The device has failed to evaluate at least one deployed rule. For example a device may report 97% of deployed rules as Not Applicable, but since 3% of the deployed rules reported as Error this means the whole Device State is marked as Error. |
Not Applicable | At least one rule deployed to the device is not applicable. For example, this would occur if a Windows-specific rule was deployed to a non-Windows device. |
Non-compliant | At least one rule deployed to the device failed compliance checks. For example in the example above 86% of policy rules are compliant for the high-lighted device, but since 8% of the rules are Non-compliant the state of the whole device is marked as Non-compliant. |
Compliant | The device passed compliance checks for every deployed policy rule. |
The drill down navigates to the Devices report filtered on the selected Device State such as Noncompliant.
The Device State panel is shown on the Guaranteed State Overview page.
Refer to Guaranteed State Overview page page for details about other Guaranteed State Dashboard charts.
MEMCM Client Health Policy
Many businesses rely on Microsoft Endpoint Manager Configuration Manager (MEMCM) to deploy software, patches and updates across their company networks. It is crucial that Configuration Manager is working effectively.
The MEMCM Client Health policy monitors Configuration Manager client health and performance. It checks for cache availability, inventory cycles, service availability and Configuration Manager WMI integrity - common causes of Configuration Manager client problems on devices.
The MEMCM Client Health policy replaces the previous SCCM Client Health policy and covers the following:
Ensure the correct version of the CM client is installed and running and assigned to the correct site
Ensure the CM client is not stuck in provisioning mode
Ensure that heartbeat discovery, inventory and state messages are being sent regularly
Ensures the CM client cache is set to the correct size
Ensure the CM client log settings are correct
Ensure the BITS service exists, configured to start up automatically and is running
Ensure the Windows Time service exists with correct startup settings
Ensure the Windows Management Instrumentation (WMI) service exists, configured to start automatically and is running
Ensure WMI is healthy, the core CIMv2 and ccm namespaces and classes exist and that the WMI repository is consistent
Ensure the Windows Update service exists with correct startup settings, is configured to use the correct source (CM, WSUS or Microsoft Update) and that the service can connect to the source
Note
This policy is intended for deployment to Windows devices only.
MEMCM Client Health Rule Status example
A user has the ability to drill down into a segment, for example, to examine exactly which policy rules reported failures across all the devices for which it was deployed.
In our example, a member of the Nomad Administrator role wants to investigate why Policy Rule Status is showing as Non-compliant for 14.5% of the 16 assigned rules.
By clicking on the Non-compliant segment they open the Guaranteed State app on the Rules page which displays the associated rules, in this case these are:
MEMCM Client FileCollectionSent
MEMCM Client IDMIFCollectionSent
MEMCM Client Logging
Service wuauserv TriggerStart.
You can reference a table showing the policies included in the MEMCM Client Health Integrated Product Pack at Nomad Client Health integrated product pack.
In the Compliance column the Nomad Administrator sees there are no compliant computers for the Configuration Manager Client rules. From this point, they can click on the Compliance color bar for the Configuration Manager Client Logging Rule Name, and expose the individual devices affected.
To assist troubleshooting the Nomad Administrator can click on a device name to see its Device View. This is the same view you can see in the Devices Page - Nomad Configuration in the Nomad app, but here it is focused on the Polices tab as the focus is in the Guaranteed State app, filtered on the Configuration Manager Client Health policy.
Note
Clicking the Device Status navigates to the Devices page in the Guaranteed State app filtered based on the chart segment clicked on. From the filtered Devices page, you can then explore an individual Device View as shown in the picture opposite.
Nomad Client Health Policy
Nomad is included as part of the 1E Client, and as part of that integration, we offer a Nomad client health compliance policy in Guaranteed State. This verifies common Nomad requirements such as ACP registration, disk availability, firewall exceptions, crash notifications and cache monitoring.
The Nomad client health policy replaces the client health tile in the Nomad dashboard plus additional remediation steps:
Keeps content distribution services up and running on Nomad clients, so that users are secure and productive
Ensures Alternative Content Provider (ACP) registration configuration is set
Maintains optimal disk availability and monitors cache size for storage capacity planning
Enforces Firewall exceptions.
Note
This policy is intended for deployment to Windows devices only.
Nomad Client Health Rule Status example
A user has the ability to drill down into a segment, for example, to examine exactly which policy rules reported failures across all the devices for which it was deployed.
In our example, a member of the Nomad Administrator role wants to investigate why Policy Rule Status is showing as Not Applicable for 14.3% of the 10 assigned rules.
By clicking on the Not Applicable segment they open the Guaranteed State app on the Rules page which displays the associated rules, in this case these are:
Check Nomad can generate LSZ files on ConfigMgr distribution points
Check Nomad has a virtual directory on ConfigMgr distribution points to perform LSZ generation.
You can reference a table showing the policies included in the Nomad Client Health Integrated Product Pack at Nomad Client Health integrated product pack.
In the Compliance column the Nomad Administrator sees there are no compliant computers for the two Check Nomad rules. From this point they can click on the Compliance colour bar for the Check Nomad can generate LSZ files on ConfigMgr distribution points Rule Name, and expose the individual devices affected.
To assist troubleshooting the Nomad Administrator can click on a device name to see its Device View. This is the same view you can see in the Devices Page - Nomad Configuration in the Nomad app, but here it is focused on the Polices tab as the focus is in the Guaranteed State app filtered on the Nomad Client Health policy.
Note
Clicking the Device Status navigates to the Devices page in the Guaranteed State app filtered based on the chart segment clicked on. From the filtered Devices page, you can then explore an individual Device View as shown in the picture opposite.
Integrated Product Packs overview
Integrated Product Packs are Zip files containing Guaranteed State policies, but can also contain instructions (as an alternative to classic Product Packs which can only contain instructions).
You can upload these Zip files into Tachyon using the Tachyon Product Pack deployment tool, please refer to Uploading Integrated Product Packs for details.
1E provides a number of ready-made policies which are described on the Integrated Product Packs pages:
MEMCM Client Health Policy
Nomad Client Health Policy
Windows Client Health Policy
Tachyon Core Utilities.
These pages include lists of instructions, policies, rules, fragments (preconditions, checks, and fixes), and trigger templates. The lists have links to more detailed information about each pack in the 1E DEXPacks reference.
You can also create your own policies using rules, fragments, and triggers from other Integrated Product Packs, for example, the Tachyon Core Integrated Product Pack.