Add the Shopping Central computer account to the ConfigMgr Read-only Analyst Security Role in ConfigMgr
To support Windows Servicing Assistant (WSA), the Shopping Web application pool service account requires the Read-only Analyst security role in Configuration Manager. This is required to enable it to parse task sequences using WMI. This is a one-time only manual procedure prior to after installation of Shopping Central.
Import the 1E Shopping Central Security Role.xml file into the Configuration Manager console to create a role called 1E Shopping Central. This role has the same permissions as the Read-only Analyst security role.
The Shopping Web application pool service account runs in the context of Network Service, in which case if Configuration Manager and the Shopping Web service are installed:
- on different servers then the computer$ account of the Shopping Web server must be added to the Read-only Analyst security role (or 1E Shopping Central security role if you have created it)
- on the same server then the NT AUTHORITY\Network Service account should be added to the Read-only Analyst security role (or 1E Shopping Central security role if you have created it).
You must change the Security Scopes tab for the user from the default of Only the instances... to All Instances of the objects that are related to the assigned security roles, which will cover all existing and future security scopes. Alternatively, you can leave the default setting and add all the security scopes that you are using for task sequences and related content.
Redefine HTTP Redirection
If your Shopping website previously had HTTP redirection enabled (as described in IIS Redirect) you will need to reconfigure this after Shopping has been upgraded.
Upgrade the Shopping Receivers
When upgrading 1E Shopping Receivers from versions prior to Shopping 5.6, because of the newly added support for client notification, you will need to update the 1E Shopping Receivers security role in Configuration Manager CB1810 and later. This can be done in the following way:
- Remove any users assigned to the existing 1E Shopping Receivers security role in Configuration Manager - noting them down for re-assigning later. If a user only has that role you will need to assign the user to a temporary role, for example Read-only Analyst.
- Remove the existing 1E Shopping Receivers security role from Configuration Manager.
- Import the 1E Shopping Receivers security role using the appropriate xml file for the version of Configuration Manager you are using.
- Re-assign the previous users to the new 1E Shopping Receivers security role.
- Unassign the users from any temporary roles.
Please refer to Preparation: 1E Shopping Receivers security role for more details.
The Shopping Receiver must be upgraded on each ConfigMgr Primary Site (including the CAS in a multi-site hierarchy), as follows:
- Copy the Shopping Receiver (ShoppingReceiver.msi) to a local folder.
- Start a command prompt with administrative privileges (Run as administrator).
- Change directory to the folder where the Shopping Receiver installer was copied.
- Run msiexec /i ShoppingReceiver.msi /l*v ShoppingReceiverInstall.log to start the Shopping Receiver installation wizard.
- On the Welcome page, click Next.
- On the License Agreement page, select I accept the terms in the license agreement and click Next.
- On the Install Type page, select Upgrade and click Next.
- On the Destination Folder page, click Change to modify the installation folder or click Next to use the default folder shown.
- On the Receiver Service Account page, if you are currently using a specific service account for the Shopping Receiver, select This Account and enter the user name and password for the Shopping Receiver service account. Alternatively select Use Network Service Account. Click Next.
- On the Policy Refresh page, ensure the correct policy refresh option and Policy Refresh delay is selected and click Next.
- On the Shopping URL Prefix page, enter the correct Shopping URL Prefix (this should be http://<hostheader>, where <hostheader> is the host header currently used for Shopping and defined as an alias in DNS which may be an FQDN). Click Next.
- On the Default Advanced Client Flags, if 1E Nomad is being used, select Always download from DP, otherwise select Default and click Next.
- On the Configuration Manager Database Connection page, click next if TLS 1.0 is enabled. If TLS 1.0 is disabled select TLS 1.0 disabled - install using TLS 1.1 / 1.2 - ensure that SQL Server Native Client 11.0 is installed before selection this option.
- On the Ready to Install the Program page, click Install.
- When the installation completes, click Finish.
Replace the Shopping Agent with the 1E Client
Shopping 6.0 uses the 1E Client (formerly named the Tachyon Agent) in place of the Shopping Agent used by Shopping 5.4 and 5.5. The 1E Client must be deployed to all computers from which users will be connecting to the Shopping portal.
The new enhanced features of Windows Servicing Assistant requires 1E Client v4.1 or later.
The Shopping module of the 1E Client (formerly named the Tachyon Agent) also provides Windows Servicing Assistant (WSA) which guides users through the preparation and execution of an OS deployment. WSA is a client-based wizard that enables users in the office or working remotely over VPN to initiate an OS upgrade or OS refresh (wipe-and-load) or to migrate data, settings and applications from an old PC to a replacement PC at their convenience. WSA Applications are created managed through the Shopping Admin console. The task sequences used by WSA have a dependency on 1E Nomad 7.0.200 , to manage content and storage of user state using custom actions that are implemented with Nomad.
1E Client (Tachyon Agent) versions offer enhanced levels of support for WSA:
- Support for nested Task Sequences
- Autofill Wi-Fi passcode on Connection page if available
- Option to disable the Location page
Applications page includes all installed, normalized applications
Allow conditional download of Windows 10 upgrade packages
Check Windows 10 version readiness checks before upgrading
Perform In-place Upgrade compatibility check in WSA readiness checks
Allow Windows Servicing Assistant to exclude user state migration
Required for environments where TLS 1.0 is disabled.
WSA in Tachyon Agent 3.3 (now out of support) provides the following and works with Shopping 5.5.100 and later:
- Customization of all text strings
- Wi-Fi support for Wipe and Load Destructive deployments
- WSA in Tachyon Agent 3.2 (now out of support) provides basic features and works with Shopping 5.5.0
The above WSA features require a full Shopping infrastructure including 1E Client deployed with the Shopping client and Nomad client modules enabled. 1E Client 5.1 onwards also includes the PXE Everywhere client module to support PXE booting of peer computers.
WSA optionally supports migration of applications in Replace and Refresh OS deployment scenarios. 1E Application Migration 3.1 requires a full Tachyon 5.1 infrastructure, including 1E Client with Tachyon client enabled. Customers that have purchased the WSA are licensed to use Shopping, Nomad, and Application Migration, and can therefore take full advantage of the all WSA functionality.
If you intend to use all the latest features of WSA or have disabled TLS 1.0, you must use Tachyon 4.1 or later. Please refer to 1E Client 5.1 - Welcome for more details on the 1E Client. The best way to deploy the 1E Client is to use the 1E Client Deployment Assistant, for more details please refer to 1E Client Deployment Assistant 1.5 - Welcome .
1E Client 5.1 provides client features for Tachyon, Nomad, PXE Everywhere, WakeUp and Shopping/WSA, all of which can be optionally enabled when upgrading - taking the following into consideration:
- You should only enable the client modules for Nomad or WakeUp if you have upgraded the Nomad or WakeUp back-end servers to the latest versions.
- Regardless of the Tachyon version you are working with you can install the 1E Client 5.1 because its Tachyon features are compatible with older versions of Tachyon Server.