Skip to main content

1E 9.x (on-premises)

Administration menu

Creating and configuring Guaranteed State Policies.

Note

Guaranteed State can be reached directly using the following URL:

https://<tachyon DNS Name FQDN>/Tachyon/App/#/guaranteedstate/

where <tachyon DNS Name FQDN> is the one set up during the preparation phase, as described under the heading Preparation: DNS Names.

Policies page

The Policies page lets you view and manage the current Guaranteed State policies. From this page you can:

  • Create a New policy and assign and unassign existing rules

  • Edit an existing policy and assign and unassign existing rules

  • Clone an existing policy

  • Delete an existing policy

  • Enable or Disable an existing policy

  • Assign (or unassign) an existing policy to one or more Management Groups.

Policies page
Creating a new policy

To create a new policy from selected Instructions:

<some instructions here>

Editing an existing policy

<some instructions here>

Cloning a policy

<some instructions here>

Deleting an existing policy

<some instructions here>

Enabling or Disabling an existing policy

<some instructions here>

Assigning or unassigning an existing policy

<some instructions here>

Rules page

The Rules page lets you view and manage the Guaranteed State rules. From this page you can:

  • Create a New rule and configure it

  • Edit an existing rule and configure it

  • Clone an existing rule with a new name

  • Delete an existing rule

  • Enable or Disable an existing rule

<picture>

Devices page

The Devices page provides a list of all devices visible to Guaranteed State. You can display a Device view for a selected device by clicking on its link in the Device Name column. You can also select one or more entry from the list and choose to use that selection as the scope for an Explorer session.

Devices page
The Devices view Policies tab

The default view in the Guaranteed State devices view is Policies. The remaining tabs display information corresponding to an app, feature or data set implemented in Introducing 1E. Other tabs are visible if an app has been installed and licensed, and the user has permissions to use the app.

Clicking on one of the links in the Device Name column of the Devices page displays the Device view for the selected device. The aim of the Device view is to provide a combined overview of all the information known about a device along with the ability to retrieve information about the device in real time. When displaying the Device view from a Guaranteed State page the view defaults to the Policies tab. The Policies tab contains information derived from and useful for using Guaranteed State.

The Summary banner toggle at the top of the page (the default toggle setting is off), shows general device details, and the Explore button navigates you to the Explorer app, refer to Using 1E Endpoint Troubleshooting for details.

Devices view policies tab
Is the Device is online and connected to Tachyon

In the picture opposite the device 1ETRNW72 is showing as online and connected to Tachyon, this is indicated by the green traffic light next to the device name at the top of the page. Hovering your mouse over the traffic light displays the message This device is online and connected to 1E Tachyon.

Device online and connected to Tachyon

In the picture opposite the device 1ETRNW101 is showing as not connected to Tachyon, this is indicated by the gray traffic light next to the device name at the top of the page. Hovering your mouse over the traffic light displays the message This device is not connected to 1E Tachyon.

Device not connected to Tachyon
Device View table

In the Device View you can see if a device is compliant to the rules deployed in your environment, if they are effective and view information to assist with troubleshooting.

Column

Description

Traffic light

Traffic light status relates to the State column.

  • Green - Device is Compliant

  • Orange - Device is Noncompliant

  • Blue -Device is Not Applicable.

Rule Name

Name of a specific rule.

State

Device state per rule, for example:

  • Compliant - rule check passed.

  • Noncompliant - rule check failed.

  • Not Applicable - rule precondition did not pass.

Type

Whether the rule is one of two types:

  • Fix - allows you to define a desired state for the device and then enforce that state. For example, you could mandate that a registry key exists and contains a specific value. Again, you can report on the application of these fix rules to devices.

  • Check - allows you to verify that a device has a particular state, such as a registry key having a specific value. You can then view summary and detail reports which show devices that are compliant and not compliant with the check rules.

Effectiveness

Rule effectiveness, either:

  • Effective - the rule has been deployed and at least one device has changed its compliance position for this rule in the last thirty days

  • Ineffective - the rule has been deployed, but no devices have changed their compliance position for this rule in the last thirty days.

History

Clicking View history displays the related history per rule for the selected device.

  • Timestamp - for example 29-04-2021 11:34:01 UTC

  • Status - if the Check or Fix failed or passed

  • Data - details related to the event.

For example, a message related to the rule Check Nomad's share directory is accessible , with a Check Failed message showing as the Status might return a message like, Permissions on the Nomad share are not valid.

Rule effectiveness
Policies filter

You can use the policies filter to differentiate between device compliance for the different policies you have deployed in your environment, the default view is All Policies.

In our example we have deployed three policies:

  • MEMCM Client Health

  • Nomad Client Health

  • Windows Client Health.

Policies filter

In the example we have filtered the view on the Windows Client Health policy which shows two Rules:

  • Check free disk space

  • Check WMI repository health.

For more information about Guaranteed State policies and using them refer to Using Guaranteed State for the following:

Filtered Device View
The Device View Summary banner

The Summary banner displays a quick summary of the information provided in the various tabs displayed in the Device View. It can be viewed by toggling the Summary banner switch to on.

Summary_Banner_Switch.png

The following image shows the Summary banner displayed for a particular device.

Summary_Banner.png
Launching the Explorer from the Device View

You can click on the Explore button in the Device View to launch Explorer with the current device set as the scope.

Explore_Button.png
Closing the Device View

The Device View is a popup that is displayed when clicking on the name of a device on a page where devices are displayed. To return to the page you came from you need to click the x button.

Close_Button.png
Additional Device View tabs

In addition to the Policies tab, there are a number of other tabs, each corresponding to an app, feature or data set implemented in Introducing 1E:

The Overview and 1E Client tabs are always present in the Device View. Other tabs are visible if an app has been installed and is licensed.

Each tab has one or more panels with tiles populated with data from various sources, some by instructions that are run instantly, with results cached for 3 minutes. An appropriate error message is displayed instead of a tile in the following circumstances:

  • If the device is offline, as indicated by the color of the icon in the top left

  • The user does not have at least Viewer permission to view use the license the tab or panel

  • The user does not have questioner permission to run the instruction

  • An instruction has not been uploaded.

The Device View tabs and panels page lists the names of tabs and their panels, and a description of each tile indicating how the tile is populated.

Tab

Panel

Description

Data source

OverviewDetails

Displays a number of tiles sorted into Identification, Hardware and Operating System and Connectivity and Activity columns that show information for the selected device retrieved from the online status information stored in the Tachyon Master database.

The columns and tiles are shown in the following table:

Column

Tile

Description

Identification

Identification

Display's the current device:

  • FQDN

  • Name

  • Domain

  • Criticality

  • Serial Number

  • 1E Client

  • Tachyon GUID.

Location

Displays the device's:

  • Timezone

  • Offset

  • Location

  • Locale.

Grouping

Displays the device:

  • Tags - freeform tags applied to the device

  • Coverage Tags - any device tags applied to the device

  • Mgmt. Groups - lists the management groups the device is a member of.

Hardware and Operating System

Hardware

Shows hardware details for the device:

  • Virtual/Phyiscal

  • Manufacturer

  • Model

  • Device Type

  • Chassis Type

  • RAM

  • CPU Type

  • CPU Architecture

  • SMBIOS GUID.

Operating System

Shows operating system, type and version for example:

  • Type

  • Version

  • Version Number

  • Architecture

  • Installation.

Connectivity and Activity

Connectivity

Shows current device connectivity status:

  • Status

  • Last Connected

  • First Connected

  • Certificate Type

  • Certificate Expiry

  • Connection State

  • Local IP Address

  • MAC Address

  • Connecting IP.

Activity

Shows Last Boot date and time and current user.

Data from Tachyon Master (the latest online status message)

Env. Variables

Shows a list of the environment variables set on the device.

Resource Usage

Two panels:

  • Resource Usage over the last hour - shows system disk, CPU and memory usage per minute for the last one hour

  • Resource Usage at day/month/year time - shows executable resource usage for a specific minute:

Column

Description

Product

Resource name, for example 1E Client

Executable

Resource executable, for example 1e.client.exe

Instance Count

Number of currently running instances.

Cpu Percent

Perentage of CPU currently being consumed.

Memory Virtual Mb

Virtual memory consumed in Mb.

Memory Physical Mb

Physical memory consumed in Mb.

Io Read Kb Per Second

Number of associated read input/output operations per second.

Io Write Kb Per Second

Number of associated write input/output operations per second.

Handle Count

The number of object handles.

1E-TachyonPlatform-Hardware-ResourceUsage

1E-TachyonPlatform-Hardware-ResourceUsageByMinute

DownloadsSummary

Download activity and status for the device. Whenever you click on an FQDN on any of the Nomad pages then the Device View will be displayed with the Downloads tab selected.

Data from Content Distribution.

Content

Content Titles on the selected device, the default view is from All Sources, All Types and All Status.

Note

You may see a difference in the number of items in a device’s Nomad cache versus that displayed in the Content Distribution app Device View. This is because if downloaded content has been deleted from Configuration Manager, the content titles cannot be resolved in the Content Distribution app and are not displayed. This is under consideration for re-design and may be revised in future versions of Content Distribution.

Data from Content Distribution.

Nomad Configuration

1E Nomad Branch Settings .

1E-Nomad-NomadBranchSettings

ExperienceMetrics

Metrics are the data points that are collected by the 1E Client and sent to the Tachyon server. They are collected at different intervals depending on the type of data that is being collected.

Data from Experience metrics

Trends

The Trends tab shows the changes in the scores over time. Hovering over any of the bars shows the details for that time and event. If the user viewing the device details also has the ability to at least ask a question in Explorer the Explore button will be visible.

Data from Experience metrics

Logs

The Event Logs tab gives you a listing of the Windows Event log entries for that device. This brings that data to this view and is very useful when determining the root cause of an issue that has been reported on the device.

Data from Experience metrics

Application Interactions

Shows user interaction times and ratios across applications measured over the last 30 days

1E-Experience-ApplicationInteraction

User interactions

Shows user interactive sessions with activity over last 30 days.

1E-Experience-UserInteractionHistory

HardwareDisk drives

Shows disk drives, including hardware and usage information.

Column

Description

Drive

Drive letter.

Volume Name

Volume name, if set.

Drive Type

Drive type, for example:

  • Removable Disk

  • Local Disk

  • Compact Disk.

Size Gb

Total disk size in Gb.

Free Space Gb

Current free space in Gb.

Usage Percent

Percentage used of total drive space.

File System

File system, for example NTFS.

Manufacturer

Standard or SSD drive.

Model

Drive manufacturer.

Serial Number

Unique disk serial number.

Partition

Drive and partition of the specific drive.

Firmware Revision

Drive firmware version.

Device ID

Device ID of the specified disk.

1E-TachyonPlatform-Hardware-DiskDrives

Peripherals

Shows the list of plug and play hardware devices (Windows only).

Column

Description

Device Type

Hardware device, including for example things like:

  • Battery

  • Monitor

  • Keyboard

  • Mouse

  • Ports

  • SoftwareDevice.

Name

Device name.

Instance Count

Number of instances of a periperal device.

Service

Associated Windows service, for example atapi, serial, PCI, ACPI.

1E-TachyonPlatform-Hardware-Devices

NetworkThroughput

Shows network throughput on all adapters for the last hour, represented by the following tiles:

  • Average throughput - including Timestamp, Bytes Recieved per Second, Bytes Sent Per Second

  • Bytes received per second

  • Bytes sent per second.

1E-TachyonPlatform-Network-AverageThroughput

Interface configuration

Returns the output from the native network interface configuration command (e.g. ipconfig or ifconfig).

1E-TachyonPlatform-Network-InterfaceConfiguration

DNS

Shows the Cache and Host file tiles:

  • DNS Cache Contents - with the entries from local DNS cache, Host Name and Address.

  • HOSTS file - shows the content of the drivers/etc/hosts file.

1E-TachyonPlatform-Network-DnsCache

1E-TachyonPlatform-Network-HostFileContent

TCP connections

Returns a list of established TCP connections.

Column

Description

Process Name

Local process name.

Process Id

Uniquely identifies an active process.

Class

Class of Internet networking protocol.

Local Address

Local network address.

Local Port

Network port used by a specific process.

Remote Address

Source IP address from which the traffic came from.

Remote Port

Remote port used by a specific process.

Latency Ms

The time taken in milliseconds for data or a request to go from a source to a destination.

1E-TachyonPlatform-Network-TcpConnections

Listening ports

Returns a list of processes which are listening for network connections.

Column

Description

Process Name

Local process name.

Process Id

Uniquely identifies an active process.

Class

Class of Internet networking protocol.

Local Address

Local network address.

Local Port

Network port used by a specific process.

Product

Related product, for example host process for Windows Services, Local Security Authority Process, SCNotification.

1E-TachyonPlatform-Network-ListeningPorts

ARP Cache

Returns a list of processes which are listening for network connections and also shows routing tables.

1E-TachyonPlatform-Network-ArpCache

1E-TachyonPlatform-Network-RoutingTable

WIFI

Shows a list of visible wifi networks, including basic network properties.

Column

Description

SSID

WiFi network name.

Is Connected

Shows as either true or false, dependent on whether the corresponding adapter is connected to the network.

Is Hidden

Shows as true if the WiFi network is not broadcasting a public SSID.

Is Secure

Shows as either true or false:

  • true - if the WiFi network is secure

  • false - if the network is open.

Signal

Shows WiFi signal quality; from 0 (worst) to 100 (best).

Authentication

The default authentication mechanism supported by the network.

BSSI IDs

The Service Set Identifier (SSID) of the network, it will be empty if the network is hidden.

Encryption

Shows the default encryption mechanism supported by the network.

Adapter

Shows the WiFi network adapter name to which this network is visible.

1E-TachyonPlatform-Network-WiFiNetworks

PoliciesRules Compliance

Column

Description

Rule Name

Name of rules applied to the current device. The viewable list relates to the selected Tachyon policy from the policy dropdown on the page.

State

If the device state is Compliant, Noncompliant or Not Applicable.

Type

Rule type:

  • Check - allows you to verify that a device has a particular state, such as a registry key having a specific value

  • Fix - allows you to define a desired state for the device and then enforce that state.

Effectiveness

Policy rule effectiveness is the usefulness of policy rules and is represented as either:

  • Disabled - the rule has not yet been enabled from the Guaranteed State Rule Administration page, so it is not currently active

  • Unassigned - the rule is enabled, but has not been deployed to any devices

  • Ineffective - the rule has been deployed, but no devices have changed their compliance position for this rule in the last thirty days

  • Effective - the rule has been deployed and at least one device has changed its compliance position for this rule in the last thirty days.

History

Rule history.

Data from Guaranteed State

SoftwareInstallations

Shows (per-device) installed software.

Column

Description

Product

Software product name.

Publisher

Software publisher.

Version

Product version number.

Architecture

Instruction set architecture (ISA) version.

Install Date

Software installation date.

1E-TachyonPlatform-Software-Installations

Windows services

Shows list of installed Windows services and their current state.

Column

Description

Name

Windows service name.

State

Windows service state, Running or Stopped.

Startup Type

Windows service startup type, for example Automatic, Automatic (Delayed Start), Manual, Disabled.

Process Id

Uniquely identifies an active process.

Description

Windows service description.

Logon Account

Windows service logon account context.

Type

Windows services type, for example file system driver, kernel driver, shared process.

1E-TachyonPlatform-Software-Services

Env. Variables

Shows operating system environment variables.

1E-TachyonPlatform-Software-EnvironmentVariables

Processes

Shows detailed information about all running processes.

Column

Description

Product

Software product name.

Executable

Executable name.

Version

Product version number.

Devices count

How many devices are reporting.

Crashes

Number of times this software crashed during the last 24-hour reporting period.

Hangs

Number of times this software crashed during the last 24-hour reporting period.

Note

Software crash and hang information is obtained from Windows event data. For background information on Windows events and the event viewer refer to https://support.microsoft.com/en-gb/help/302542/how-to-diagnose-system-problems-with-event-viewer-in-microsoft-windows

Performance anomalies

Number of performance anomalies detected in this software during the last 24-hour reporting period.

I/O write KB/s

Average disk I/O read rate per second during the last 24-hour reporting period.

I/O write KB/s

Average disk I/O write rate per second during the last 24-hour reporting period.

Note

For background information on analyzing disk storage performance refer to https://docs.microsoft.com/en-gb/archive/blogs/cotw/analyzing-storage-performance

Virtual Memory Usage KB

Average Virtual Memory Usage KB during the last 24-hour reporting period.

Processor Time Seconds

Each instance of the executable will burn processor time. This column gives the average of the total time consumed by each process instance per second. Each instance uses the sum of all time used by each core in parallel. Therefore, it is possible to see more seconds here than in a day (usually 60 x 60 x 24 = 86400) for the whole column, if your system is working extremely hard 24x7. The theoretical maximum would be somewhere near number of cores x seconds per day . Hence, 'Processor Time' rather than 'Human Time'

Processor Time %

This is an easier notion than Processor Time Seconds. This is the average of the processor consumption of each instance. Each instance of this process will have caused different percentages of compute resource in all the processors and cores to be used over time (unless they have specifically requested certain core affinity). For each minute each process is running, a profile of the usage is built for the whole day. This value is the average of all of those samples. There is no way to work out, for any one of the process instances involved, how long any particular instance was running for. This could indicate a process that is going wild with resources, but it would take more investigation on the device to discover for how long this is happening. It is perfectly possible to see all the values in this column adding up to more than 100% as the processes were not necessarily running at the same time.

Responsiveness Impact %

An indicator of how reactive a process is to activity by other processes on the device. Typically, anti-virus products watch and respond to potentially suspicious activity such as increased network traffic. Anti-virus products will differ in their impact on the overall performance of a device.

Note

Responsiveness Impact % is used to indicate how sensitive a process appears to be to the use of system resources by other processes on a device. For example, Security Protection software present on a device may reveal a spike in its activity whenever a new process is started on that device.

This would typically be because the Security Protection software may wish to ensure that the new process starting on the device is present in a security white list. Other software may also react to activity by other processes and by reacting they impact system resource uses, thereby adversely affecting the user's experience. So it is useful to be able to identify software with the highest Responsiveness Impact on a device and potentially investigate further.

Note

Responsiveness Impact % represents the proportion of the increased CPU activity detected by the 1E Client as a result of performing a set of operating system-level operations that can be attributed to a given running process. Examples of these would be Windows registry and resource creation operations.

It is reported as a percentage to normalize results across devices that offer a range of computing power.

For example, if software.exe on a device is attributed a Responsiveness Impact of 53% this means that more than half of the spike in CPU usage caused by software monitoring activity on that device can be attributed to software.

Handle Count

Average number of Windows handles used by this software during the last 24-hour reporting period.

Physical Memory Usage KB

Average Physical Memory Usage KB during the last 24-hour reporting period.

Note

Please refer to https://docs.microsoft.com/en-us/sysinternals/downloads/rammap for a useful tool to examine physical memory allocation on a device.

1E-TachyonPlatform-Software-Processes

1E ClientBinaries

Shows a list of the binary files in the executable folder of the 1E Client.

Column

Description

File Name

Associated 1E Client file name.

File Version

Software version.

File Size

File size in bytes.

Description

File description

Date Created

The date the file was written to disk.

Date Modified

The date the file was last saved.

1E-TachyonPlatform-Client-Binaries

Configuration file

Shows the full content of the 1E Client configuration file, including:

  • Logging settings

  • Communication settings

  • Agent settings

  • Module settings.

1E-TachyonPlatform-Client-ConfigFileContent

Extensibility

Shows extensibility objects (modules and providers) loaded by the 1E Client.

Column

Description

Type

Module or Provider component.

Binary Name

Associated 1E Client binary name, for example 1E.Client.Module.Interaction.dll

Name

Name, for example Interaction.

Version

1E Client version, for example 5.2.5.251

1E-TachyonPlatform-Client-Extensibility

Local Storage

Shows Data Files and Client Inventory Database Use tiles that display the list of:

  • Data files (logs, databases, etc) created by the 1E client

  • Tables in the 1E Client Inventory database, along with a row count per table.

1E-TachyonPlatform-Client-DataFiles

1E-TachyonPlatform-Client-InventoryDatabaseUse