Supported Platforms
A list of all the platforms supported by 1E Client, and the software required to allow 1E Client to be installed or to work.
1E Client
Windows client
Category | Product | Notes |
---|---|---|
| The zip for 1E Client for Windows is available for download from the 1E Support Portal. Professional and Enterprise editions are supported for Windows 10 and Wndows 11. All versions are provided with 32-bit & 64-installers, and can be installed on physical and virtual computers. NoteThis list shows only those OS versions in mainstream support by Microsoft, and therefore supported by 1E, and by 1E Client 8.1. Please refer to Constraints of Legacy OS regarding end of mainstream support. For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search. Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions. For installation guidance on Windows, please refer to Deploying 1E Client on Windows. The following 1E Client features and modules are supported on Windows OS:
| |
| .NET Framework is required only for the following features of 1E Client:
NoteThis list shows only those .NET Framework versions in mainstream support by Microsoft, and therefore supported by 1E, and by 1E Client 8.1. For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search. | |
| 1E Client installer includes the redistributable package for Visual C++ 2015-2022 Redistributable (also known as v14). 1E Client provides Tachyon client features. It also includes the Nomad client module which replaces the legacy Nomad Branch client. Tachyon client features can optionally use Nomad to download content (feature enabled by default) if the Nomad client module in 1E Client is enabled (module disabled by default) or Nomad Branch 7.0 or later is running. PowerShell is not a prerequisite for installation of the 1E Client. PowerShell is used by some Tachyon instructions (that have PowerShell commands embedded or scripts that are downloaded) and some of these require PowerShell 3.0 or later. For more details please refer to Nomad client requirements: Downloading Tachyon client content and Nomad integration. For useful information about PowerShell versions please refer to PowerShell on Windows OS. | |
| The following client features work with these versions of Configuration Manager on Windows computers:
Configuration Manager is not a prerequisite for installation of the 1E Client, and except for above features, the 1E Client, its features and modules, have no dependency on Configuration Manager. Tachyon, Nomad, WakeUp, and Application Migration have Configuration Manager Console extensions which are available separately. NoteThis list shows only those Configuration Manager versions in mainstream support by Microsoft, and therefore supported by 1E, and by 1E Client 8.1. For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search. Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions. (Microsoft Endpoint Configuration Manager - MECM - is also known as Configuration Manager, ConfigMgr, Config Man, CM, and SCCM among other names. Version names include 2012 and Current Branch or CB.) |
macOS clients
Category | Product | Notes |
---|---|---|
| Other versions of these non-Windows OS should work but have not been tested by 1E. 1E Client package for macOS is included in the non-Windows zip available for download from the1E Support Portal. 1E Client supports only Tachyon features on non-Windows devices. Note1E Client for macOS is written for Intel and supported on Apple devices using Intel processors. It is also supported on Apple devices using the M1 chip, provided you have installed Rosetta 2, which is included with Big Sur. 1E Client is a daemon (not an app), therefore, during installation or running it will not prompt for Rosetta 2, which does not get installed on-demand. You only need to install Rosetta 2 once, using one of the following commands, but repeating the command will safely reinstall it. The second version of the command requires root permission. Attempting to install on an Intel device will issue a harmless "unrecognized option" usage message. /usr/sbin/softwareupdate --install-rosetta /usr/sbin/softwareupdate --install-rosetta --agree-to-license For installation guidance, please refer to Deploying 1E Client on non-Windows: Mac installation. | |
| Bash and perl are required for installation of 1E Client on all non-Windows OS. Tachyon instructions support the use of Bash scripts on all supported non-Windows OS. To see if an Instruction requires a Bash script, look in its Instruction Definition XML file for Bash script resources defined under the <Resources> tag. Bash is the preferred choice when developing custom instructions for non-Windows OS. There are slight differences between OS implementations of Bash, particularly on the Mac. Therefore, 1E recommends testing custom Bash scripts on each supported OS. Rosetta 2 must be installed before installing 1E Client for macOS on an Apple device using a non-Intel processor such as M1 chip. Please see note above about installing Rosetta 2. |
Linux clients
Category | Product | Notes |
---|---|---|
| Other versions of these non-Windows OS should work but have not been tested by 1E. 1E Client packages for other Linux distributions can be requested, including Raspbian for Raspberry Pi. The 1E Client for Linux supports the following architectures:
1E Client packages for Linux are included in the non-Windows zip available for download from the 1E Support Portal. 1E Client supports only Tachyon features on non-Windows devices. For installation guidance on the following OS, please refer to Deploying 1E Client on non-Windows: Red Hat Enterprise Linux installation. | |
| Bash and perl are required for installation of 1E Client on all non-Windows OS. Tachyon instructions support the use of Bash scripts on all supported non-Windows OS. To see if an Instruction requires a Bash script, look in its Instruction Definition XML file for Bash script resources defined under the <Resources> tag. Bash is the preferred choice when developing custom instructions for non-Windows OS. There are slight differences between OS implementations of Bash, particularly on the Mac. Therefore, 1E recommends testing custom Bash scripts on each supported OS. |
Solaris clients
Category | Product | Notes |
---|---|---|
| 1E Client 8.1 is not available for Solaris, please use 1E Client 5.2 instead. The 1E Client 5.2 for Solaris supports for the following architectures:
1E Client 5.2 package for Solaris is included in the non-Windows zip available for download from the 1E Support Portal. 1E Client supports only Tachyon features on non-Windows devices. NoteFor Solaris, the following specific libraries are required, but are usually installed by default:
For installation guidance, please refer to 1E Client 5.2 - Deploying 1E Client on Solaris. | |
| Bash and perl are required for installation of 1E Client on all non-Windows OS. Tachyon instructions support the use of Bash scripts on all supported non-Windows OS. To see if an Instruction requires a Bash script, look in its Instruction Definition XML file for Bash script resources defined under the <Resources> tag. Bash is the preferred choice when developing custom instructions for non-Windows OS. There are slight differences between OS implementations of Bash, particularly on the Mac. Therefore, 1E recommends testing custom Bash scripts on each supported OS. |
Running Tachyon instructions on devices
You must ensure the appropriate scripting environment is present on Tachyon client devices. Tachyon SCALE - Simple Cross-platform Agent Language for Extensibility - supports running native PowerShell on Windows OS and bash on non-Windows OS devices, which can be script files downloaded when an instruction runs, or command text. You will very probably want to use these native scripting features in instructions you download from 1E or ones you develop yourself using TIMS.
PowerShell on Windows OS
PowerShell is used by some Tachyon instructions (that have PowerShell commands embedded or scripts that are downloaded) and some of these require PowerShell 3.0 or later, although some scripts will support PowerShell 2.0. PowerShell scripts are supported only on Windows OS.
If installing or upgrading PowerShell, it is best to install the latest version available. However, do not expect full forward or backward compatibility between PowerShell versions.
Tip
To determine the version of PowerShell on a computer, start PowerShell (command prompt or ISE) and enter one of the following commands: $PSVersionTable.PSVersion or $PSVersionTable for more detail.
The table below shows which versions of PowerShell are supported on each OS version and Service Pack, and if it is built-in or needs to be installed.
OS Version | PowerShell Version | Notes | |||||
---|---|---|---|---|---|---|---|
1.0 | 2.0 (Note 3) | 3.0 | 4.0 | 5.0 | 5.1 | ||
Windows Server 2022 | RTM (Notes 12, 13) | Note 4 | |||||
Windows 11 | RTM (built-in) | ||||||
Windows Server 2016, 2019, 2022 | RTM (Note 9) | RTM (Notes 12, 13) | Note 4 | ||||
Windows 10 | RTM (built-in) | Anniversary Update (built-in) | |||||
Windows Server 2012 R2 * | RTM (built-in) | RTM (Note 9) | RTM (Note 12) | Note 4 | |||
Windows 8.1 * | RTM (built-in) | RTM (Note 9) | RTM (Note 12) | ||||
Windows Server 2012 * | RTM (built-in) | RTM (Note 7) | RTM (Note 9) | RTM (Note 12) | Note 4 | ||
Windows 8 * | RTM (built-in) | ||||||
Windows Server 2008 R2 * | RTM (built-in) | SP1 (Note 6) | SP1 (Note 7) | SP1 (Note 8) | SP1 (Note 10) | Note 4 | |
Windows 7 | RTM (built-in) | SP1 (Note 6) | SP1 (Note 7) | SP1 (Note 8) | SP1 (Note 10) | ||
Windows Server 2008 * | RTM (built-in) | SP1 & SP2 (Note 2) | |||||
Windows Server 2003 * | RTM & SP1 | R2 & SP2 | Notes 1, 2 | ||||
Windows Vista * | RTM | SP1 & SP2 | Notes 1, 2 | ||||
Windows XP * | RTM, SP1 & SP2 | SP3 | Notes 1, 2 |
* These OS are regarded as legacy OS:
PowerShell is not built-in for these OS. These OS do not support 3.0 or later. See Constraints of Legacy OS
If PowerShell 1.0 is installed it must be removed in order to install a later version.
Support for PowerShell 2.0 is included in PowerShell 3.0 and later.
PowerShell is not installed by default on these OS but is an optional feature that should be enabled using Server Manager.
PowerShell 2.0 is part of WMF Core package (KB968930) with prerequisite of .NET Framework 3.51 (which includes .NET 2.0 SP1).
PowerShell 3.0 is part of WMF 3.0 with prerequisite of .NET Framework 4.0 or later. Refer https://www.microsoft.com/en-us/download/details.aspx?id=34595
PowerShell 4.0 is part of WMF 4.0 with prerequisite of .NET Framework 4.5 or later. Refer https://www.microsoft.com/en-us/download/details.aspx?id=40855
PowerShell 5.0 is part of WMF 5.0 with prerequisites of .NET Framework 4.5 or later and WMF 4.0. Refer https://www.microsoft.com/en-us/download/details.aspx?id=50395
PowerShell 5.0 is part of WMF 5.0 without any other prerequisites. Refer https://www.microsoft.com/en-us/download/details.aspx?id=50395
PowerShell 5.1 is part of WMF 5.1 with prerequisites of .NET Framework 4.6 or later, WMF 4.0 and SHA-2 Code Signing. Refer https://msdn.microsoft.com/en-us/powershell/wmf/5.1/install-configure
PowerShell 5.1 is part of WMF 5.1 with prerequisites of .NET Framework 4.6 or later and WMF 4.0. Refer https://msdn.microsoft.com/en-us/powershell/wmf/5.1/install-configure
PowerShell 5.1 is part of WMF 5.1 with prerequisite of .NET Framework 4.6 or later. Refer https://msdn.microsoft.com/en-us/powershell/wmf/5.1/install-configure
In these Server OS, PowerShell 5.1 is referred to as the Desktop Experience. You can use the PowerShell Core version if you prefer.
Please refer tohttps://support.microsoft.com/en-gb/help/17455/lifecycle-faq-net-framework for details of Microsoft support for .NET Framework.
Support for 4, 4.5, and 4.5.1 ended on January 12, 2016
Support for 4.5.2, 4.6 and 4.6.1 ended on April 26, 2022
Bash on non-Windows OS
Bash and perl are required for installation of all non-Windows 1E Clients.
Tachyon instructions support the use of Bash scripts on all supported non-Windows OS.
To see if an Instruction requires a Bash script, look in its Instruction Definition XML file for the Scripting.Run method. Bash is the preferred choice when developing custom Instructions for non-Windows OS.
There are slight differences between OS implementations of Bash, particularly on the Mac. Therefore, 1E recommends testing custom Bash scripts on each supported OS.
Constraints of Legacy OS
In this documentation, the following are referred to as legacy OS. Below are described some known issues for these OS.
1E does not provide support for 1E products on the following OS unless the OS is explicitly listed as being supported for a specific 1E product or product feature. This is because Microsoft has ended mainstream support for these OS or they are not significantly used by business organizations.
|
|
Note
1E Client 8.1 and later will not install on Windows XP and Windows Server 2003. Please contact 1E if you intend to continue using any of the other legacy OS. If you experience an issue, then please try replicating the issue on a supported OS.
For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.
PowerShell limitations
PowerShell version 3.0 (required by some Tachyon instructions) is not supported on Windows XP, Vista and Server 2003. However, PowerShell 2.0 is supported on the following OS versions:
Windows XP SP3
Vista SP1 & SP2
Windows Server 2003 R2 & SP2
Certificate limitations - SHA2
Like most software vendors, 1E software requires the OS to support SHA2. If your organization has a PKI configured to use SHA2 256 or higher encryption, then your legacy OS may have already been updated to support it.
Windows XP and Server 2003 require an update as described in KB968730. Microsoft no longer provides this hotfix as a download. You must contact Microsoft Support if you need it.
Windows 7 and Server 2008 R2 require an update as described in KB3033929. This update is not available for Vista and Server 2008.
Windows 8, 8.1, Server 2012, Server 2012 R2 and later OS already support SHA2.
Certificate limitations - encrypted certificate requests
Windows XP and Server 2003 are unable to encrypt certificate requests, whereas later OS are able to support higher more secure RPC authentication levels. If you are using a Microsoft CA and expect these clients to request (enrol) certificates then the CA must have its IF_ENFORCEENCRYPTICERTREQUEST flag disabled. It is disabled by default on Windows 2003 and 2008 CA, but is enabled by default on Windows 2012 CA.
To determine which InterfaceFlags are set, execute the following command on the CA server:
certutil -getreg CA\InterfaceFlags
If the following is specified then it means the flag is enabled.
IF_ENFORCEENCRYPTICERTREQUEST -- 200 (512)
To disable the encrypt certificate requests flag, execute the following commands on the CA server:
certutil -setreg CA\InterfaceFlags -IF_ENFORCEENCRYPTICERTREQUEST sc stop certsvc sc start certsvc
Certificate limitations - signing certificates missing
On Windows computers, the installation MSI files, and binary executable and DLL files of 1E software are digitally signed. The 1E code signing certificate uses a timestamping certificate as its countersignature. 1E occasionally changes its code signing certificate, and uses it for new releases and patches for older versions, as shown in the table(s) below.
Root Certificate Authorities are implicitly trusted to validate certificates, and their certificates must be correctly installed to do this. Your computers should already have the necessary root CA certificates installed, however this may have been prevented by your organization's security policies, or inability to connect to the Internet, or they are legacy OS. In general this is not an issue because by default Windows allows software to be installed and run without validation, although you may see a warning or experience a delay. However, you must have relevant CA certificates installed if you are using 1E Client (which self-validates its own files), or your organization has applied more secure polices (for example UAC, AppLocker or SmartScreen).
Typical reasons for issues with signing certificate are:
If your organization has disabled Automatic Root Certificates Update then you must ensure the relevant root CA certificates are correctly installed on each computer
If computers do not have access to the Internet then you must ensure the relevant root and issuing CA certificates are correctly installed on each computer, numbered in the table(s) below.
The signature algorithm of the 1E code signing certificate is SHA256RSA. In most cases, the file digest algorithm of an authenticode signature is SHA256, and the countersignature is a RFC3161 compliant timestamp. The exception is on legacy OS (Windows XP, Vista, Server 2003 and Server 2008) which require the file digest algorithm of an authenticode signature to be SHA1, and a legacy countersignature.
The table below applies to software and hotfixes released in 2020.
2020 | Signing certificate | Timestamping certificates |
---|---|---|
Certificate | 1E Limited | TIMESTAMP-SHA256-2019-10-15 and DigiCert Timestamp Responder |
Issuing CA | DigiCert EV Code Signing CA (SHA2) Thumbprint: 60ee3fc53d4bdfd1697ae5beae1cab1c0f3ad4e3 | DigiCert SHA2 Assured ID Timestamping CA Thumbprint: 3ba63a6e4841355772debef9cdcf4d5af353a297 and DigiCert Assured ID CA-1 Thumbprint: 19a09b5a36f4dd99727df783c17a51231a56c117 |
Root CA | DigiCert High Assurance EV Root CA Thumbprint: 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25 | DigiCert Assured ID Root CA Thumbprint: 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43 |
This is described in Common client requirements: Digital signing certificates. To verify if you affected by this issue see Client issues: 1E Digital Signing Certificates.
Certificate limitations - expired root certificates
Ensure that your Root CA Certificates are up-to-date on clients and servers. The Automatic Root Certificates Update feature is enabled by default, but its configuration may have been changed or restricted by Group Policy Turn off Automatic Root Certificates Update.
If this GPO is enabled, then you will see DisableRootAutoUpdate = 1 (dword)
in HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot.