Skip to main content

1E 8.1 (on-premises)

Configuring Patch Success

Configuring Patch Success after installation. The procedure below assumes that all users of Patch Success are permitted to see and use the buttons in the Patch Success application. Some guidance is provided for making buttons only available to specific users.

The steps for configuring Patch Success are:

  • Create an instruction set called 1E Patch Success, and upload its instructions

  • Create a custom role called 1E Patch Success Actioners, assign permissions, assign to All Devices

  • Configure the Tachyon connector, its instruction set 1E Inventory and custom role 1E Inventory Questioners

  • Configure the inventory connector for Configuration Manager (SCCM) or WSUS

  • Create schedules for the above connectors

Creating the 1E Patch Success instruction set and Actioners role
Creating the 1E Patch Success instruction set

The steps below create an instruction set called 1E Patch Success and a custom role called 1E Patch Success Actioners. Users who need to use Patch Success must be assigned to this custom role. The role allows the following:

  • Access to the Patch Success application and all its pages

  • Visibility and use of one or more of Deploy, Download only, Explore and Check Status buttons in the Patch Success pages, according to the permissions assigned to the role.

The 1E Patch Success instruction set will contain 3 instructions from the Patch Success Product Pack described in the table below.

Instruction text (ReadablePayload)

Type

Description

Instruction file name

Version

<action> patch(es) specified by <patchSpec> identifier(s) from <source> source to targeted device(s)

Where:

  • <action> is either Deploy or Download only

  • <patchSpec> is a list of comma separated GUIDs and/or KB numbers (without KB prefix) of patches to be installed

  • <source> is the patch download source:

Action

Deploys a specific patch or patches to targeted devices.

Note

Unlike the other instructions, the <patchSpec> parameter in this instruction does not support all. You must be specific which KBs you want to deploy.

This instruction is used by the Deploy and Download only buttons, which allow users to deploy selected patches to devices.

The 1E Patch Success Actioners role requires Actioner permissions to see the Deploy and the Download only buttons.

See Patch.Deploy in the Tachyon SDK.

1E-PatchSuccess-Deploy

5

Returns patch status from <source> for <patchSpec> identifier(s)

Where :

  • <source> is the patch download source, as above

  • <patchSpec> is either all, or a list of comma separated GUIDs and/or KB numbers (without KB prefix) of patches to be reported.

Question

Returns patch status for given KB article numbers on targeted devices.

The instruction is used by the Check Status button, which allow users to check the patch status of the selected patches and represent the results in Explorer for further investigations.

The 1E Patch Success Actioners role requires Questioner permissions to see the Check Status button.

See Patch.List in the Tachyon SDK.

1E-PatchSuccess-Explore

5

Returns patch status from <source> of given<patchSpec> identifier(s) for PatchSuccess consumption

Where:

  • <source> is the patch download source, as above

  • <patchSpec> is either all, or a list of comma separated GUIDs and/or KB numbers (without KB prefix) of patches to be reported.

Question

Returns patch status for all known patches on targeted devices. Information is based on offline cache.

When run, its response data is offloaded direct to the SLA-BI cube.

The instruction is used by the Update Status button, which allows users to update the dashboard with the status of selected patches, to see for example Pending reboot and Installed states.

The 1E Patch Success Actioners role requires Questioner permissions to see the Update status button.

See Patch.List in the Tachyon SDK.

1E-PatchSuccess-Refresh

5

Note

Patch Success also requires a further 5 instructions which are included in the 1E Inventory instruction set created when setting up a Tachyon Connector. You can add a Tachyon Connector later when you get to Configuring connectors and schedules below. If you already have a Tachyon Connector then you need to ensure the 1E-PatchSuccess-PatchStatus instruction has been added to the 1E Inventory instruction set.

Click here for more details about 1E Inventory instructions...

The following is an extract from Tachyon connector.

Creating the 1E Inventory instruction set

These steps are only required if:

  • you have not already loaded the 1E Inventory Product Pack using the Product Pack Deployment tool as part of the Tachyon Setup process

  • you will be using Tachyon Powered Inventory

The steps show how to create an instruction set called 1E Inventory.

The 1E Inventory instruction set will contain the 5 instructions listed in the following table:

Instruction text (ReadablePayload)

Type

Description

Data to Sync category

Instruction file name

Version

Which processors are in the device? With a stagger of <limitSecs> seconds.

Question

Processor details

Uses Device.GetProcessors method.

Note

Click here to expand details of data collected...

Method

GetProcessors

Module

Device

Library

Core

Action

Retrieves information about the CPUs plugged in to the motherboard of the device.

Parameters

(None)

Return values

Vendor (string): The vendor of the processor

Name (string): The vendor-defined name of this processor package

CoreCount (int): The number of cores inside this package

SpeedMhz(int): The clock speed of the processor in its current operating mode

From v5.1 onwards these columns also appear :

LogicalCoreCount (int) : The number of logical cores inside this package

Hyperthreading (bool): Indicates whether the cores are hyperthreaded, true for yes, false for no.

Example

 Device.GetProcessors();

Platforms

  • Windows

  • Linux

  • MacOS

  • Solaris Intel

  • Solaris Sparc

Notes

Name is the immutable string that the CPU reports to SMBIOS. This often contains the publicly marketed and sold average speed of the CPU, which usually differs to the actual speed of the processor instance.

SpeedMhz on Windows can change over time for one particular CPU. Modern CPU's can adjust their clock in response to heat and power from moment to moment. This parameter cannot be relied upon for scoping future instruction executions unless some kind of range of values is in the scope to cope with natural speed variance.

Processor

1E-Inventory-Device-GetProcessors

3

Inventory - what is the summary of file usage since <startDate>? With a stagger of <limitSecs> seconds.

Question

Process Usage data inventory for SLA

Uses the $ProcessUsage_Daily inventory table, if Module.Inventory.ProcessUsage.Enabled setting is true (default) in the 1E Client configuration file.

Please refer to Capture source settings.

Note

Click here to expand details of data collected...

Windows only. The following table shows fields available in the $ProcessUsage_Daily table.

Field

Datatype

Description

Sample value

Tables

CommandLine

string

This is a single instance of the command used to launch that instance, most probably the first one. It will not contain any differences if other instances are launched with a slightly different comand line. It is an indication of a typical command line for this instance.

C:\Program Files\Git\mingw64\libexec\git-core\git-credential-manager.exe

Duration

integer

The number of minutes covered by the individual execution(s) of at least one instance of this executable.

Duration can never be more than 1440 minutes, being the number of minutes in a day.

1

ExecutableHash

string

The MD5 hash of the binary that contains the entry point (usually an exe)

ad3ec70ae9e82582bdf6aa6fd5811376

ExecutableName

string

The name of the binary that contains the entry point obtained from stamped version information where possible, the filename if not.

git-credential-manager.exe

ExecutableSize

integer

The size of the binary that is hashed below

131168

ExecutableVersion

string

The version information stamped into the executable where available.

1.5.0.0

ExecutionCount

integer

The number of instances observed during the Duration period

2

IsOSProcess

integer

A value of 1 indicates that this is categorised as an operating system by the rules in place.

A value of 0 indicates that it is not.

0

LastSeen

integer

The UTC Timestamp of when the last instance of the executable (of all the accumulated subjects of this record) was last seen (polling) or actually exited (events).

Whilst any instance is running, for the current day records, LastSeen will creep across the day and duration will increase as time passes if the process remains running.

Once midnight is crossed then the daily records for yesterday are 'closed off' by setting LastSeen = TS + 86400 (the number of seconds in a day), which is midnight of the next day.

If all instances of one binary are exited and never run again that day, then the LastSeen field for that daily record should 'stick' at one value and never ever change again.

In other words the maximum difference between TS and LastSeen in a single row is at most 86400, being the number of seconds in a day.

Tracking of an execution summary from one day to another ("carry-over") can be achieved by looking for a record based on TStomorrow = LastSeentoday with all the other key information the same. If that exact key record with the 'carry over' conditions is not found then the process did not theoretically continue across midnight.

Note that a process that dies after 23:59:00 and starts before 00:01:00 the next day will appear to be a continuous process in the summary tables. Even though it could theoretically have stopped for nearly two minutes. This is because the resolution of the table is to the start of the minute the event occurred in.

1526982245

TS

integer

When the record was added to the table. See Timestamps.

Midnight UTC that is the start day of the 24 hours covered by this record.

1526947200

The Tachyon client captures executable usage; this is from the moment the executable is turned into a process, hence the process usage. The Process Usage data presented is grouped by executable binary, and parallel runs are accumulated in the ExecutionCount, but not in the Duration, where coverage time period is desired instead.

Software Usage

1E-Inventory-FileUsageSummary

3

Inventory - what software is installed? With a stagger of <limitSecs> seconds.

Question

Software inventory for SLA

Uses a combination of:

Note

Click here to expand details of data collected...

Method

GetInstallations

Module

Software

Library

Core

Action

Gets a list of the installed software available to all users, optionally filtered by product and/or publisher.

Parameters

Product (string; optional): If specified, search for just this product.

Publisher (string; optional): If specified, get just this publisher's software.

Return values

A table of:

    • Product (string): The product name.

    • Publisher (string): The publisher of the product.

    • Version (string): The version of the product.

    • InstallDate (string): If available, when the product was installed.

    • Architecture (string): Platform architecture of this installation (e.g. x86, x64)

Example

Get all software:

 Software.GetInstallations();

Find and remove all installed instances of Calculator Plus:

Software.GetInstallations( Publisher : "Microsoft", Product : "Microsoft Calculator Plus");
evaluate;
Agent.Echo( Message: "Is installed");
Software.Uninstall( Publisher : "Microsoft", Product : "Microsoft Calculator Plus");

To select a specific version, use a SQL WHERE clause:

@installs = Software.GetInstallations( Publisher : "Microsoft", Product : "Office Professional");
SELECT DISTINCT * FROM @installs WHERE Version LIKE "16.0%";

Platforms

  • Windows

  • Linux

  • MacOS

  • Solaris Intel

  • Solaris Sparc

  • Android

Notes

To find additional software installed for specific users, use Software.GetUserInstallations.

Method

GetUserInstallations

Module

Software

Library

Core

Action

Gets a list of the software installed for specific users, optionally filtered by product and/or publisher.

Parameters

Product (string; optional): If specified, search for just this product.

Publisher (string; optional): If specified, get just this publisher's software.

Return values

A table of:

    • Architecture (string): Platform architecture of this installation (e.g. x86, x64)

    • InstallDate (string): If available, when the product was installed.

    • Product (string): The product name.

    • Publisher (string): The publisher of the product.

    • Sid (string): The user identifier for whom this software has been installed.

    • Username (string): Friendly representation of the Sid - this will only be resolved locally.

    • Version (string): The version of the product.

Example

Get all user specific software:

 Software.GetUserInstallations();

Platforms

  • Windows

Notes

  • Sid resolution may fail as this method will not go over the wire. In this case Username will be NULL.

  • The file modified and accessed time attributes of the NTUSER.dat directory entries under the %USERPROFILE% folder for each user and service principal might be updated to some time during the execution of this method. This is a side effect of loading and unloading the user hive and is housekeeping performed by Windows, not the 1E Client. This can cause "unused" profiles to appear to be used if the modified times are employed to determine whether a user has logged in, which is not a reliable method of establishing this fact.

  • This method reads user uninstall registry keys from HKU, but will not load hives.

  • Installs for this function are retrieved from HKU:\<SID>\Software\Microsoft\Windows\CurrentVersion\Uninstall

Installed Software

1E-Inventory-Software

3

Inventory - summary of which users have logged on since <startDate>? With a stagger of <limitSecs> seconds.

Question

User data inventory for SLA

Uses the $UserUsage_Daily inventory table, if Module.Inventory.UserUsage.Enabled setting is true (default) in the 1E Client configuration file. Top Console User is also calculated from this table.

Please refer to Capture source settings.

Note

Click here to expand details of data collected...

Windows only. The following table shows fields available in the $UserUsage_Daily table.

Field

Datatype

Description

Sample value

Tables

Duration

integer

The number of minutes covered by the individual user session(s) of at least one instance of this login.

Duration can never be more than 1440 minutes, being the number of minutes in a day.

12

  • $UserUsage_Daily

Email

string

The email address that is cached in the system for this user. This may not necessarily be the email address to use to contact the user via corporate email.

abrown@acme.org

  • $UserUsage_Daily

FirstName

string

The forename that the system has cached for the user.

Alice

  • $UserUsage_Daily

LastName

string

The surname that the system has cached for the user

Brown

  • $UserUsage_Daily

LastSeen

integer

The UTC Timestamp of when the last instance of the user session (of all the accumulated subjects of this record) was last seen (polling) or actually exited (events), rounded down to the start of the minute in which the event occurred.

Whilst any session is in progress, for the current day records, LastSeen will creep across the day and the duration will increase as time passes if the user remains logged in. That is Duration and LastSeen will increase each time you query the table (with at least a minute between queries).

Once midnight is crossed then the daily records for yesterday are 'closed off' by setting LastSeen = TS + 86400 (the number of seconds in a day), which is midnight of the next day.

If all users sessions for one user are exited and never occur again that day, then the LastSeen field for that daily record should 'stick' at one value and never ever change again.

In other words the maximum difference between TS and LastSeen in a single row is at most 86400, being the number of seconds in a day.

Tracking of a user session summary from one day to another ("carry-over") can be achieved by looking for a record based on TStomorrow = LastSeentoday with all the other key information the same. If that exact key record with the 'carry over' conditions is not found then the user session did not theoretically continue across midnight.

Note that a session that exits after 23:59:00 and starts again before 00:01:00 the next day will appear to be a continuous user session in the summary tables. Even though it could theoretically have not existed for nearly two minutes. This is because the resolution of the table is to the start of the minute the event occurred in.

See Timestamps.

1526990846

  • $UserUsage_Daily

SID

string

The Windows NT SID of the user.

S-1-5-21-xxx-yyy-zzz

  • $UserUsage_Daily

TS

integer

When the record was added to the table. See Timestamps.

1526947200

  • $UserUsage_Daily

Username

string

The user account name, with a domain prefix if applicable.

For Windows devices not a in a domain, the 'domain' is the local machine name. For non-Windows devices such as Linux there is no domain part.

aliceb

acme\AliceBrown

  • $UserUsage_Daily

The Tachyon client captures user sessions (usage); this is from the moment the user instigates a login/logout, hence User Usage. The usage data presented is grouped by SID and Username, and parallel login durations are really the coverage of the time period, not the total time for all the individual sessions.

User and administrator accounts are included, either local or remote. System accounts, and accounts used to run services, are excluded.

User

1E-Inventory-UserUsageSummary

3

Returns patch status for 1E Inventory consumption, staggering for <limitSecs> seconds.

Tip

The 1E-PatchSuccess-PatchStatus instruction is not required if you do not intend to use the Patch Success application, and will not run if you do not have a license for Patch Success. For more information about configuring Patch Success please refer to Configuring Patch Success.

Warning

This instruction is part of this 1E Inventory instruction set used by the Tachyon Connector. Do not move it to the 1E Patch Success instruction set used by the buttons visible in the Patch Success application.

Question

Returns patch status for 1E Inventory consumption

Patch

1E-PatchSuccess-PatchStatus

5.0

Tip

You can use the Product Pack Deployment tool to simultaneously Upload the instructions and Create the Instruction set, or use the manual steps below.

These instructions are included in the 1E Inventory product pack, available in the TachyonPlatform.v5.x.x.x.zip file downloaded from the 1E Support Portal.

First upload the Patch Success instructions:

  1. Download the TachyonPlatform.v5.x.x.x.zip file from the 1E Support Portal

  2. Extract the 1E-PatchSuccess.zip from the Classic folder

  3. Logon to the Tachyon Portal using a Tachyon user account with the Permissions Administrators and Instructions Administrators roles

  4. Open the Settings application

  5. Navigate to the Settings→Instructions→Instruction sets page

  6. Click on the Upload button

  7. In the Open dialog navigate to the location of the 1E-PatchSuccess.zip file

  8. Select 1E-PatchSuccess.zip and click Open.

All the instructions contained in the zip file will initially be added to the default Unassigned instruction set. Instructions in the Unassigned instruction set cannot be used, so you will need to add the instructions to a new instruction set:

  1. Select the 3 instructions you want to add to the new set, by clicking the checkbox at the start of each instruction row in the list

  2. Click the Add new set button in the button panel to the right of the page

  3. In the Add new instruction set popup subsequently displayed, type 1E Patch Success as the name

  4. Optionally select a custom icon file

  5. Ensure that the Include 3 selected instructions checkbox is checked

  6. Click the Add button to add the new instruction set, with the selected instructions.

Creating the 1E Patch Success Actioners role

You must create the 1E Patch Success Actioners role so that its member users can use all features of Patch Success, including buttons which cause instructions to run in Explorer. Instructions are configured in Creating the 1E Patch Success instruction set above.

Tip

Some 1E Patch Success instructions are actions which require approval. Users cannot approve their own actions, but members of this role can approve each others actions. If you prefer other users or security groups to have Approver permissions, they would need an additional custom role, for example called 1E Patch Success Approvers. Or you may use an existing approvers role and assign the 1E Patch Success instruction set to it. Ensure the selected role has the All Devices management group assigned to it.

The built-in (system) role Patch Success Viewers can be used for users who only need to view the Patch Success screens and dashboard with no access to any buttons.

To create a new user:

  1. Navigate to the Settings→Permissions→Users page.

  2. Click the Add button to start the add user process.

    1. In the Add user popup subsequently displayed in the Select user field, type the name of the AD security group representing Patch Administrators who will use the Tachyon Patch Success application.

    2. Select a name from the search list, and click the Add button.

  3. The new user will be added to the Users table.

Tip

You may have already created a Tachyon user for this custom role. You can change or add other users later.

To create the custom role:

  1. Navigate to the Settings→Permissions→Roles page.

  2. Click the Add button to start the add role process.

    1. In the Add role popup subsequently displayed set the name as 1E Patch Success Actioners

    2. Optionally enter a description

    3. Click the Add button.

  3. The new role will be added to the Roles table. Locate its entry and click on the link in the Name column for that row.

  4. Select the Members tab and click the Add button.

    1. In the Add role member popup subsequently displayed, search for the Tachyon user that you added in the earlier steps.

    2. Click the Add button.

  5. Select the Permissions tab and click the Add button.

    1. In the Add permission popup subsequently displayed, scroll down the Type list and select Repository:patch

    2. Select the Read checkbox.

    3. Click the Add button.

    4. In the Add permission popup subsequently displayed, scroll down the Type list and select Instruction set.

    5. Scroll down the Name list and select the 1E Patch Success instruction set.

    6. Select checkboxes for each of the following from the list of permissions, and then click the Add button:

      • Questioner permission - allows users to see and use the Explore and Check Status buttons

      • Actioner permission - allows users to see and use the Deploy button

      • Approver permission - allows users to approve each other's use of the Deploy button instruction (see the note at the start of this section about alternative Approver roles).

  6. Select the Management groups tab and click the Add button.

    1. In the Add management group popup subsequently displayed, scroll down the list and select All Devices.

    2. Click the Add button.

      Warning

      Only select All Devices. This is the same as the All Devices management group as seen in Patch Success Title and filter bars.

To verify:

  1. Logon to the Tachyon Portal using a Tachyon user account with the new 1E Patch Success Actioners role.

  2. Navigate to the Patch Success→Overview page.

Configuring connectors and schedules

You must create the following connectors and schedules:

  • Tachyon connector and its Sync Data schedule - to import inventory and patch data into an inventory repository - this is normally the Default inventory repository

  • Configuration Manager or WSUS connector and its Sync Data schedule - to import meta-data for patches into the inventory repository

  • Generate Report - ETL schedule - for reprocessing of cube data in a BI repository - this is normally the Default BI repository

Patch data from all inventory repositories is reprocessed by an ETL (extract, transform, load) and stored in the BI cube to support dynamically updating interactive dashboards. The Patch Success application allows its users to view one inventory repository at any time.

Adding the Tachyon connector

You must add the Tachyon Connector in order to support Tachyon Powered Inventory which uses the 1E Inventory instructions.

Please refer to Tachyon connector for detailed configuration steps. In summary these steps do the following:

  • Creates a user. In our example this is ACME\SLATACHYON

  • Configures the Tachyon connector. A by-product of this step means Management Group synchronization is enabled to support the use of Management groups

  • Creates the 1E Inventory instruction set and 1E Inventory Questioners role.

Note

The 1E Inventory instruction set contains 4 instructions for inventory and 1 instruction for Patch Success. All of these instructions are necessary for Patch Success, but the inventory instructions are also used for other purposes. If you have already created the Tachyon Connector using only the inventory instructions, then you will need to add the instruction for Patch Success to the same instruction set. For more details about these instructions please refer to Tachyon connector: Creating the 1E Inventory Instruction Set.

Adding a connector for Patch meta-data

Patch Success needs to get meta-data for patches. Ensure you add a connector for whichever one of the following sources that you use to approve patches:

  • Configuration Manager (SCCM) if it is configured to manage WSUS

  • Windows Server Update Services (WSUS)

If you are using Configuration Manager then you must add a System Center Configuration Manager connector.

If you are using WSUS then you must add a Windows Server Update Services connector.

Creating schedules for Patch processing

The following Patch Success schedule process is designed to reduce the data that is retrieved when performing Tachyon, Configuration Manager and WSUS connector syncs and to provide a separate Device and Patch consolidation that can be run without running the Basic Inventory Consolidation. This saves time and processing when using Patch Success on its own. We suggest configuring the following daily schedules, set to run on the same inventory repository in the order presented - leave enough time between the steps to allow the previous step to complete. You can test how long that takes by running the steps manually.

Action

Frequency

Notes

1

Sync Data - Configuration Manager

or Sync Data - WSUS

Daily

Pick a suitable time when there is the least amount of activity.

If using the Configuration Manager sync be aware it may take a long time to run because as well as patch meta-data, it is also importing a lot of inventory, and usage data for processes and users. To work around this, when using the Configuration Manager connector only with Patch Success, you can configure the sync to fetch just the Device and Patch data.

2

Sync Data - Tachyon

Daily

When configuring the Tachyon connector sync for use with Patch Success only, configure the sync to fetch just the Device, Patch and User data.

You can schedule the Sync Data action to run at any time of day. Pick a suitable time when there is the least amount of processing activity.

You must select the frequency that prevents the Sync Data actions for the Tachyon connector overlapping.

  • In Tachyon Platform 5.2 and 8.x the duration that the Inventory instructions run for is a default of 24 hours, therefore select Daily or Weekly.

  • In Tachyon Platform 5.1 the duration that the Inventory instructions run for is a default of 15 minutes, therefore select Daily or Weekly, or at least 20 minutes apart.

3

Generate Report - Device and Patch consolidation

Daily

This action can be run when using Patch Success on its own. If you are using AppClarity as well these reports are also included as part of the Basic Inventory Consolidation.

4

Generate Report - ETL

Daily

This report reprocesses the cube data.

Steps for adding a schedule can be found on the Settings→Configuration→Schedules page.

For the Sync Data actions, the actual name of the action depends on the connector name. Also ensure you select the correct inventory repository, the default is Default Inventory.

Configuring the source for Patch downloads

Patch Success needs to be configured with the download source from which client devices will download and install patches. By default the download source is configured as SCCM (Configuration Manager) but you will need to change this to WSUSL (local WSUS) if you are using WSUS instead of Configuration Manager.

To change the download source, you must manually update the value of PatchSuccessSource in the GlobalSettings table of the TachyonMaster database:

  • If your client devices are using Configuration Manager to download and install patches then leave PatchSuccessSource as SCCM - this is the default

  • If your client devices are using WSUS to download and install your patches then change PatchSuccessSource as WSUSL using the following SQL script:

SQL script to configure PatchSuccessSource setting 

/* Script to change TachyonMaster configuration setting */
USE [TachyonMaster]
GO
DECLARE @setting nvarchar(max), @oldvalue nvarchar(max), @newvalue nvarchar(max);;
SET @setting = 'PatchSuccessSource'
SET @newvalue = 'WSUSL'

SET @oldvalue = (SELECT [Value] FROM [dbo].[GlobalSetting] WHERE [Name]= @setting)

UPDATE [dbo].[GlobalSetting] SET [Value]=@newvalue WHERE [Name]=@setting
 
SELECT @setting AS 'Setting', @oldvalue AS 'Before', [Value] AS 'After' FROM [dbo].[GlobalSetting]
 WHERE [Name]=@setting
GO
230725763.png

Note

Configuration of the PatchSuccessSource global setting (SCCM or WSUSL) is important to ensure that client devices use the correct source when instructed to download patches by the Tachyon Patch Success application. Patch Success administrators can expedite the patching process by using either Download only or Deploy (download and install) buttons. These buttons cause Tachyon to send the 1E-PatchSuccess-Deploy instruction to multiple clients with details of which patches to download only or to also install. In addition, if the PatchSuccessSource global setting is configured as WSUSL then the buttons provide the option to download from Microsoft Update via the Internet instead of from WSUS. The buttons do this by overriding the gobal Setting WSUSL with WSUSR (in the database Patch Success refers to Microsoft Update as WSUS remote). If you want to know more about the methods used by the 1E-PatchSuccess-Deploy instruction please refer to the Tachyon SDK - Patch.Deploy method documentation.

Note

If you set either WSUSR or SCCM (and intend allowing Windows Update to download the patches if they're not available on the Distribution Point) then the Windows Updates service must be allowed to download content from the internet and deploy the updates.

Additional configuration options

Following additional configuration options are available and can be changed if required.

Enabling Download only feature

Download only is a button to download only without deploying the patch. This is only available for WSUSL and WSUSR patch source.

To enable Download only feature for the patch source WSUSL and WSUSR, run the following SQL script.

SQL script to configure DownloadOnlyButtonVisibility setting 

/* Script to change TachyonMaster configuration setting */
USE [TachyonMaster]
GO
DECLARE @setting nvarchar(max), @oldvalue nvarchar(max), @newvalue nvarchar(max);;
SET @setting = 'DownloadOnlyButtonVisibility'
SET @newvalue = 'True'

SET @oldvalue = (SELECT [Value] FROM [dbo].[ApplicationConfiguration] WHERE [Name]= @setting)

UPDATE [dbo].[ApplicationConfiguration] SET [Value]=@newvalue WHERE [Name]=@setting
 
SELECT @setting AS 'Setting', @oldvalue AS 'Before', [Value] AS 'After' FROM [dbo].[ApplicationConfiguration]
 WHERE [Name]=@setting
GO
230725764.png
Changing the maximum number of targeted devices

For the patch source WSUSL and WSUSR the UI will limit the number of devices that can be targeted for Downloads and Deployments to the maximum number. This limit is put in place to warn of the possible impact of deploying and downloading patches at scale, to the network infrastructure.

To change the maximum number of targeted devices run the following SQL script.

SQL script to configure MaxTargetedDevices setting 

/* Script to change TachyonMaster configuration setting */
USE [TachyonMaster]
GO
DECLARE @setting nvarchar(max), @oldvalue nvarchar(max), @newvalue nvarchar(max);;
SET @setting = 'MaxTargetedDevices'
SET @newvalue = '500'

SET @oldvalue = (SELECT [Value] FROM [dbo].[ApplicationConfiguration] WHERE [Name]= @setting)

UPDATE [dbo].[ApplicationConfiguration] SET [Value]=@newvalue WHERE [Name]=@setting
 
SELECT @setting AS 'Setting', @oldvalue AS 'Before', [Value] AS 'After' FROM [dbo].[ApplicationConfiguration]
 WHERE [Name]=@setting
GO
230725762.png
Tachyon Platform zip

The Tachyon Platform zip file can be downloaded from the 1E Support Portal https://support.1e.com/.

Refer to Tachyon platform zip file for details.

In this section: