Summary

Properties available in the Tachyon Agent configuration file, with details of which properties are mandatory or optional during installation, and which properties can be re-configured post-installation.

Agent installer properties

Configuration properties can be set during or after installation, depending on the platform, as described in the table below. Installer command-lines are described in Deploying Tachyon Agents.

PlatformNotes
Windows
  • Properties may be set during installation
  • Property names must be specified in upper case using Windows Installer properties
  • Some modules (eg. WakeUp) have additional Windows installer properties that are stored in the registry instead of the configuration file
Linux
  • Properties may be set during installation
  • Property names are not case sensitive
Mac and Solaris
  • Properties must be set after installation using the supplied bash script
  • Property names are not case sensitive

The following applies to all configuration properties that are stored in the Tachyon Agent configuration file:

  • they can be reconfigured after installation either manually or as described in Tachyon Agent command-line parameters.
  • property names and values are not case-sensitive, but convention is to store them in mixed-case
  • if you omit a mandatory property or its value, the Tachyon Agent will not start
  • if you omit an optional property or its value, the Tachyon Agent will use the default value instead
On this page:

Tachyon Agent configuration file location and name

The Tachyon Agent is controlled via the Tachyon Agent configuration file, which resides in the installation folder with the Tachyon Agent executable. The name of the configuration file is Tachyon.Agent.conf.

The default installation location used for the different OS supported by the Agent are given in the following table:

OSDefault Install Location
Windows

%ProgramFiles%\1E\Tachyon\Agent

Linux and Solaris/etc/1E/Tachyon/Agent
Mac'/Library/Application Support/1E/Tachyon/Agent'

The configuration file uses ASCII encoding.

A comment line starts with the # symbol.

The installation folder can be configured for the Windows Agent in the interactive installer or using the following installer property.

PropertyDefaultDescription

INSTALLDIR

%ProgramFiles%\1E\Tachyon\Agent
Sets the installation folder.

Using Windows MSI

When deploying Tachyon Agent to Windows devices you can install using the MSI interactively but this only allows you to specify some configuration properties. You can specify properties on the command-line or in one or more MST transform files. 

Because the expected length of the Agent installer command-line is likely to exceed the limit imposed by Configuration Manager you will need to use MST transform file(s) for this to work. Please contact your packaging team if you need help creating transform files. The 1E EndPoint Agent Installer solution is designed to help install 1E agents using Configuration Manager, includes template transform files for 1E agents, and automatically creates deployments.

 See Deploying Tachyon Agents: Installing the Tachyon Agent by command-line.

Windows installer properties

Agent core
Agent Shopping module

Agent WakeUp module

Agent Historic Data Capture module

Agent core configuration properties

The following table shows the Agent core's configuration properties, all of the following properties are included in the template configuration file, except where indicated.

When specified as Windows installer properties they must be specified in upper-case. They can appear in the Tachyon Agent configuration file in mixed-case, and can be reconfigured after installation using Tachyon Agent command-line parameters.

To install the Agent without a Tachyon Platform connection, omit the 'Switch' and 'BackgroundChannelUrl' properties from the install command line.

Configuration PropertyDefaultDescription

AuthenticationPolicy

optional

Determines whether the Agent presents a certificate when authenticating with a Tachyon Switch. By default, the Switch will reject the connection if a certificate is not presented. If Agents are unable to present certificates then please contact 1E for guidance on how to configure Switches so they do not require certificates from Agents.

The value must be set to one of the following. The default value is set to Optional.

ValueDescription
none

Do not present a certificate. This option is not visible when installing the Agent interactively, but can be configured using a command-line installer property.

Please contact 1E for advice when using this option, because it requires a special security configuration of the Tachyon Switch to not require Agent certificates.

optional

Present a certificate if a suitable one exists. If none exists continue with the connection anyway. This is the default value.

This option is useful if you are deploying the Tachyon Agent before you have deployed certificates. If Agent devices do not present a certificate, please contact 1E for advice regarding a special security configuration of the Tachyon Switch to not require Agent certificates.

requiredPresent a certificate if a suitable one exists, otherwise fail the connection.

BackgroundChannelUrl

 

If the Tachyon Agent is installed only to support Shopping or WakeUp and the Tachyon platform is not installed or not being used, this entry must be set to none.

When using the Tachyon platform there will be one or more entries in the format:

BackgroundChannelUrl=https://<BackgroundChannelServer>:<BackgroundChannelPort>/Background/

<BackgroundChannelServer> is the DNS Name FQDN of the server, which is the same as:

  • the HTTPS Host Header specified on the Website Configuration screen of Tachyon Setup, which is the HTTPS binding for the Tachyon website
  • the same as <SwitchName>
  • the DNS Name specified in the Tachyon Server's Web Certificate

<BackgroundChannelPort> is the Port number, which is the same as:

  • the HTTPS Port specified on the Website Configuration screen of Tachyon Setup, which is the HTTPS binding for the Tachyon website
  • if using the default HTTPS port 443, then the port can be omitted from the URL

In systems with multiple server and multiple DNS Names, there will be multiple entries on one line using a semi-colon (;) as the delimiter between entries. For example:

BackgroundChannelUrl=https://tachyon.acme.local:443/Background/;https://tachyon.acme.com:443/Background/

Multiple DNS Names may exist in complex systems where there are multiple servers, Switches, and devices on different networks, such as the Internet as well as the corporate network.

Each time the Agent needs to download content, it will try each entry in turn, starting at the first, until it is able to download or stops trying and reports an error.

ConnectionKeepaliveTimeInSecondsMin

ConnectionKeepaliveTimeInSecondsMax

Min: 600 (10 minutes)

Max: 840 (14 minutes)

Determines the time in seconds for sending a keep-alive message to the Switch.

The Agent will wait a random amount of time between the two values set as minimum and maximum. Range is 0 to 900 (No keepalive to 15 minutes).

ConnectionRetryTimeInSecondsMin

ConnectionRetryTimeInSecondsMax

Min: 30 (seconds)

Max: 900 (15 minutes)

Determines the time in seconds the Agent waits before trying to reconnect to a Switch after a connection failure.

The Agent tries once for each Switch in the list of Switches, and if it fails to connect then it waits before trying again. The wait is a random amount of time between the two values set as minimum and maximum. Range is 5 to 86400 (5 seconds to 24 hours).

See also FastReconnectTimeInSeconds.

ConnectionTimeout

30 (seconds)

The maximum time in seconds that can elapse between initialising the connection and having a fully established websocket.

Range is 1 to 60.

CRLChecks

soft

Determines whether Certificate Revocation List (CRL) checking is enabled for:

  • the certificate the Agent presents to the Switch when requesting a connection (see also AuthenticationPolicy, which determines whether Agents present a certificate or not)
  • the certificate received from the Switch when requesting a connection
  • the certificate received from the Background Channel server before attempting to download content
  • the certificate received from any other HTTPS-based endpoint from which the Agent downloads content
  • the certificates used for digital signing of the Agent executables (typically the certificate is found in the Trusted Publishers Store)

The value must be set to one of the following. The default value is set to soft.

ValueDescription
offNo CRL checking is performed by the Tachyon Agent.
soft

This is the default.

Full CRL checking is performed by the Tachyon Agent for each certificate in the list above. However if a CRL Distribution Point (CDP) is unreachable then only a warning will be reported.

A certificate error occurs if a CDP is available and the CRL cannot be retrieved or refreshed, or the certificate is revoked.

hard

Full CRL checking is performed by the Tachyon Agent for each certificate in the list above. If a certificate error occurs then the Agent stops processing the request.

A certificate error occurs if a CDP is not available, or the CRL cannot be retrieved or refreshed, or the certificate is revoked.

If a certificate error occurs then the Agent will not proceed, or will not start in the case of a digital signing certificate error.

By default, the Switch will reject the connection if it cannot check a certificate presented by the Agent. If CRL checking is not possible then please contact 1E for guidance on how to configure Switches so they do not require CRL checking.

CRLTimeoutInSeconds

This configuration property does not have an equivalent Windows Installer property and is not in the template configuration file.

3 (seconds)

The maximum time in seconds that is allowed to elapse whilst attempting to download a Certificate Revocation List (CRL) from a CRL Distribution Point.

The range is 1 to 10 seconds.

DefaultStaggerRangeSeconds

 

300 (5 minutes)

Some operations (incl. HTTPS downloads from the BackgroundChannel) are randomly time-staggered across Agents. This property dictates the upper-limit on the default randomization period in seconds.

Range is 0 to 3600. Default is 300.

Use '0' to instruct the Agent not stagger operations by default.

EnablePayloadCompression

true

Determines whether the Agent should attempt to compress payloads when responding to instructions, if it looks like compression would be beneficial.

Must be set to true or false.

FastReconnectTimeInSeconds

This configuration property does not have an equivalent Windows Installer property and is not in the template configuration file.

15 (seconds)

During machine wakeup, following a machine sleep or hibernation, the first reconnect attempt to the Switch will occur in <FastReconnectTimeInSeconds> seconds.

This value is configurable between 5 and 60 seconds.

For the majority of Windows devices the default value of 15 seconds is more than adequate for the Windows network stack to stabilise on wakeup.

On non-Windows platforms this property is currently ignored.

See also ConnectionRetryTimeInSecondsMin/Max.

LoggingLevel

Info

Determines how much logging information is generated. This may be set to one of the following values. The default value is info.

ValueDescription
Error

Only outputs errors. An error is a serious problem, typically requiring operator intervention of some sort to restore full functionality.

Warn

Outputs errors and warnings. A warning indicates a potential problem, where the system can nonetheless function without intervention.

Info

Outputs general information in addition to the errors and warnings. This is the default.

Debug

Outputs debugging information in addition to all the previous levels.

TraceOutputs the maximum information available. Used only in exceptional circumstances as it will generate huge amounts of logging output.
Logging levels should only be changed from info only if requested by 1E Support and reset to info after investigation is complete.

The method of configuring logging levels for the Tachyon Switch changed in v3.3 to using the above text values, but retains -log=0 as the default to mean the same as -log=info.

LogPath 

Windows:
%ALLUSERSPROFILE%\1E\Tachyon\Tachyon.Agent.log

Mac OSX:
/Library/Logs/Tachyon.Agent.log

Other non-Windows platforms:
/var/log/1E/Tachyon/Tachyon.Agent.log

Determines the full path and filename of the Tachyon Agent log file.

By default, Windows resolves %ALLUSERSPROFILE% as follows.

For Windows 7 and later - C:\ProgramData\

Prior to Windows 7 - C:\Documents and Settings\All Users\Application Data\

The following are not configurable in this version:

  • Maximum size of 5MB
  • 5 rollover files numbered 1 (newest) to 5 (oldest) with the rollover number included as n.log

See Tachyon Log Files for more details.

NomadContentDownloadEnabled

true

The Nomad integration feature is for Windows Agents only. The feature is enabled if this value is set to true and 1E Nomad v6.0.100 or later version is running on the device. There is no dependency on ConfigMgr which Nomad also integrates with.

ValueDescription
False

Tachyon Agent waits a randomized stagger period defined by its DefaultStaggerRangeSeconds setting, and then downloads content (Agent resources) from the specified Background Channel.

Tachyon Agent retains modules and extensibles that it has downloaded, but does not retain instruction scripts after they have been run. Any instruction that requires a script will download the latest version each time the instruction is run.

True

Tachyon Agent immediately requests Nomad to download content ( Agent resources) from the specified HTTP source such as the Agent's Background Channel. Nomad behaves in the same way as it does with ConfigMgr by ensuring the latest version of content is obtained and electing a master to perform the actual download.

Nomad maintains its own cache of downloaded content which avoids the need for repeat downloads over the WAN, and provides content to peers that require the same resources which avoids peer devices having to download over the WAN.

With 1E Nomad v6.0.100 and .200 Tachyon uses Nomad to download directories only, and can only download some Agent module folders.

With 1E Nomad v6.1.100 and later, Tachyon uses Nomad to download both directories and files, and therefore supports download of all Agent resources.

NomadContentDownloadTimeoutSecs

 

600 (10 minutes)

The Nomad integration feature is for Windows Agents only. If this feature is enabled, and requested content (Agent resource) is not provided within the timeout period, the Agent will fall back to downloading directly from the Background Channel.

The most likely reason for a timeout is if Nomad is busy downloading other content.

The range is 10 to 3600 (1 hour).

On all non-Windows platforms this property defaults to 0 and is ignored.

SelectRowsLimit

This configuration property does not have an equivalent Windows Installer property.

100000 (105)

Limits the number of rows returned by a SELECT expression. The principle is that if there is more than this number of rows then something has gone wrong. This limit prevents an unexpectedly excessive amount of both data and CPU usage.

The range is 1 to 1000000000 (109). The default value is 100000 (105).

It is not considered an execution error if the limit is reached, although a warning will be written to the Agent log.

SSL

 

TLSv1.2

Determines which security protocol the Agent uses when connecting to Tachyon Switches and Background Channel.

SSL must be set to one of the following values:

ValueDescription
TLSv1.2

TLS version 1.2 is a cryptographic protocol aimed at securing the network transport layer, and has recently been adopted by all the major browsers. It is considered to be more secure than SSLv3. This is the default.

Always use the default TLSv1.2 unless advised by 1E.

Switch

 

 

If the Tachyon Agent is installed only to support Shopping or WakeUp and the Tachyon platform is not installed or not being used, this entry must be set to none.

When using the Tachyon platform there will be one or more entries in the format:

Switch=<SwitchName>:<SwitchPort>

<SwitchName> is the DNS Name FQDN, for one or more Switches. This is the same as the following except in a custom configuration where the Switch installed on its own:

  • the HTTPS Host Header specified on the Website Configuration screen of the Tachyon Server installer, which is the HTTPS binding for the Tachyon Web Site
  • the same as <BackgroundChannelServer>
  • the DNS Name specified in the Tachyon Server's Web Certificate.

<SwitchPort> is the Port number, which has default value of 4000. Any other port number is used only in a complex configuration if advised by 1E.

In systems where there are multiple DNS Names, there will be multiple entries using a semi-colon (;) as the delimiter between entries. For example:

Switch=tachyon.acme.local:4000;tachyon.acme.com:4000

Multiple DNS Names may exist in complex systems where there are multiple servers, Switches, and devices on different networks, such as the Internet as well as the corporate network.

When an Agent attempts to find a Switch, it will try each entry in turn, starting at the first. If all attempts fail the Agent restarts the connection process after a period determined by ConnectionRetryTimeInSecondsMin/Max.

WorkerThreads

2

Determines the number of threads that will execute instructions concurrently. This property enables instructions to be run simultaneously and prevents long running instructions from blocking others.

Range is 1 to 8. 1 means all instructions are run sequentially on the same thread.

Agent Shopping module configuration properties

The Shopping client is a module in the Tachyon Agent. It replaces the Shopping Agent that was installed on machines to support connection to the Shopping website in versions of Shopping before v5.5. When the Tachyon Agent starts, if the Shopping module is enabled the Tachyon Agent will automatically remove any previous installation of the 1E Shopping Agent. The Shopping client also includes the Windows Servicing Assistant (WSA).

The Shopping client does not require a Tachyon license or any Tachyon servers.

The Shopping client is not supported on:

  • Non-Windows devices
  • Legacy OS (ie. OS which Microsoft no longer support including XP, Vista, Server 2008 etc.

The table below lists the configuration properties required to enable the Shopping module required for integration with Shopping v5.5 or later. The Shopping module must be enabled on all devices that will connect to the Shopping 5.5 website. Enabling the Shopping Module also enables the Windows Servicing Assistant (WSA), which is also implemented as a Tachyon Agent module. There are no additional properties required to enable or configure the Windows Servicing Assistant module.

These properties must exist in the Tachyon Agent configuration file, except where indicated, and can be specified during installation of the Tachyon Agent as Windows installer properties, and therefore specified in upper-case. They can appear in the Tachyon Agent configuration file in mixed-case, and can be reconfigured after installation using Tachyon Agent command-line parameters.

Configuration PropertyInstallation defaultDescription

Module.Shopping.Enabled

false

Set this property to true to enable the Shopping module. The default value is false.

Enabling this will also cause any installations of Shopping Agent to be uninstalled the first time the Tachyon Agent is started.

Module.Shopping.ShoppingCentralUrl


Defines the URL that the Tachyon Agent will use to connect to the Shopping self-service portal.It should be set to the URL for the Shopping website. The Shopping website uses a host header, for which a DNS Name FQDN should have been defined. The Shopping Web Site URL should define the full path to the Shopping web application, comprising the scheme (HTTP or HTTPS), the host header (DNS Name FQDN), the port number (you do not have to provide this if using default port 80 or 443), and the path /Shopping. For example https://shopping.acme.local/Shopping.

This property is mandatory when Module.Shopping.Enabled=true.

Module.Shopping.LoopbackExemptionEnabled

false

Optional. Set this property to true if users are likely to use Microsoft Edge or other Metro browsers to access the Shopping web site. Default value is false.
Enabling Loopback Exemption implements a mechanism that enables the Edge and Metro Internet Explorer browsers to make calls to the Shopping module via the local computer. This mechanism affects these browsers as a whole and is not just restricted to Shopping. Before enabling this option, check your corporate security policy and be aware of the implications of allowing access between browsers and the local machine. By enabling loopback, you are only setting the Edge/Metro Internet Explorer browsers to the same level of security as other browsers which allow this setting already. These browsers are:

  • All versions of Chrome
  • All versions of Firefox
  • Non-Metro UI based Internet Explorer browsers

If you are running an unattended install, you can use MODULE.SHOPPING.LOOPBACKEXEMPTIONENABLED for all OSes but only works on Windows 8, 8.1, 10 and Windows Server 2012 R2. To make the solution more secure, the Agent only allows inbound connections to localhost/127.0.0.1


Agent WakeUp module configuration properties

The Tachyon Agent WakeUp module replaces the 1E Agent WakeUp components of the 1E Agent and 1E WakeUp Server.

If the WakeUp Server is configured in multi-agent mode (recommended) then the Tachyon Agent must be installed with the WakeUp module enabled on all in-scope devices.

When the Tachyon Agent starts, and the WakeUp module is enabled, it will only initialize the WakeUp module if the OS version is Windows 7 or later. The Tachyon Agent will automatically remove any previous installation of the WakeUp component from the 1E Agent, leaving behind the NightWatchman component, and keeping the WakeUp Agent registry settings. For NightWatchman v7.2.500 the NightWatchman Agent has a separate installer, and its settings continue to be managed by the NightWatchman Management Center Web Service.

The WakeUp Server also requires a local WakeUp Agent, and therefore requires the Tachyon Agent to be installed with the WakeUp module enabled. The WakeUp Server is a 32-bit process and its registry entries are in the 32-bit WOW6432Node area. The Tachyon Agent is a 64-bit process with its registry entries in the 64-bit area. When the Tachyon Agent starts, if the WakeUp module is enabled the Tachyon Agent will automatically remove any previous installation of the WakeUp Agent component, leaving behind the WakeUp Server component, and moving the existing WakeUp Agent registry settings from the 32-bit to the 64-bit area of the registry.

WakeUp and the Tachyon Agent WakeUp module do not require a full Tachyon infrastructure; only the Tachyon Agent is required, Tachyon Servers are not required. The full Tachyon infrastructure is required only if you are integrating NightWatchman with Tachyon.

The Tachyon Agent WakeUp module is not supported on:

  • Non-Windows devices
  • Legacy OS (ie. OS which Microsoft no longer support including XP, Vista, Server 2008 etc.)

The following legacy WakeUp features from the 1E Agent do not exist in the WakeUp module:

  • 1E WakeUp Agent service - all WakeUp Agent features are now implemented as the WakeUp module in the 1E Tachyon Agent service
  • Computer Health feature - is now obsolete

WakeUp module configuration file properties

The table below lists the configuration properties required to enable the WakeUp module required for integration with NightWatchman Enterprise v7.2.500 or later.

These properties can be specified during installation of the Tachyon Agent as Windows installer properties, and therefore must be specified in upper-case. They can appear in the Tachyon Agent configuration file in mixed-case, and can be reconfigured after installation using Tachyon Agent command-line parameters.

Configuration PropertyInstallation defaultDescription

Module.WakeUp.Enabled

false

Set this property to true to enable the WakeUp module. The default value is false.

Enabling this will also cause any installation of the 1E Agent's WakeUp component to be uninstalled the first time the Tachyon Agent is started, leaving the NightWatchman component if that was installed.

When true then you must also specify either the name of the NightWatchman Management Center reporting server, or that reporting is turned off. For details of these and all other installer properties please refer to Agent WakeUp module configuration properties.

Module.WakeUp.ManageFirewallRules

true

Set this property to true to enable the Windows firewall domain rule. The default value is true.

A Windows firewall domain rule called Tachyon Agent is removed/added each time the Tachyon Agent is stop/started.

WakeUp module registry properties

The table below lists additional configuration properties for the WakeUp module, which may be specified during installation of the Tachyon Agent as Windows installer priorities in upper-case. They are stored in the registry in mixed-case. They are not stored in the Tachyon Agent configuration file, and cannot be reconfigured after installation using Tachyon Agent command-line parameters. The registry values can be updated via group policy object (GPO) administrative templates or other means.

The table indicates where installer configuration properties have a different name to the registry setting. In some cases this is for backwards compatibility with previous 1E Agent installer properties.

In the descriptions below, the term WakeUp Agent is used to describe the Tachyon Agent WakeUp module. The terms Primary Agent and Alternate Agent are wakeup roles.

Configuration PropertyInstallation defaultDescriptionRegistry nameRegistry type

MODULE.WAKEUP.ADDITIONALSUBNETS

The registry value is not created unless the installation property is specified.

Used only in dedicated agent mode. It enables the dedicated WakeUp Agent to register to awaken multiple subnets. It requires that directed subnet broadcasts are enabled in the routers between the agent and remote subnets. It takes a comma delimited list of subnets. Its use and format are described in WakeUp documentation for NightWatchman Enterprise: Configuring network access control security.
\AdditionalSubnetsREG_SZ

MODULE.WAKEUP.AGENTTCPPORT

The registry name is different to the installer property name (it has an underscore).

1776

The listening port used by the WakeUp Server to communicate with the WakeUp Agents. Default value is 1776 (decimal).

The AgentTCP_Port value must be different to the TCP_Port value, and must be the same for the WakeUp Server and all Agents.

\AgentTCP_PortREG_DWORD

MODULE.WAKEUP.AGENTTO



Set to enable Dedicated Agent mode. This parameter should be set to the FQDN (recommended) or NetBIOS name of the WakeUp Server.

Default is empty to enable Multi-Agent mode. Dedicated Agent mode does not have Multi-Agent features.

\AgentToREG_SZ

MODULE.WAKEUP.ALLOWLASTMANSUSPEND

1

Set to 0 if you want to allow a Primary or Alternate Agent to respect Microsoft power schemes and go to sleep.

Set to 1 (default) to prevent a Primary or Alternate Agent going to sleep.

The value of this property is the opposite to what its name implies.

\AllowLastManSuspendREG_DWORD

MODULE.WAKEUP.CERTISSUER


Specify the text used to search for a client certificate in the client certificate store.

Either MODULE.WAKEUP.CERTISSUER or MODULE.WAKEUP.CERTSUBJECT is mandatory when all the following are true:

  • HTTPS communications is being used
  • MODULE.WAKEUP.SECUREREPORTINGSERVER is configured
  • SSL Settings for the NightWatchman Management Center Web Service is configured to require a client certificate

If this property is used, it will use the first certificate it finds where the specified text matches the certificate's Issuer CN.

\Reporting\HTTPS\CertIssuerREG_SZ

MODULE.WAKEUP.CERTSUBJECT


Specify the text used to search for a client certificate in the client certificate store.

Either MODULE.WAKEUP.CERTISSUER or MODULE.WAKEUP.CERTSUBJECT is mandatory when all the following are true:

  • HTTPS communications is being used
  • MODULE.WAKEUP.SECUREREPORTINGSERVER is configured
  • SSL Settings for the NightWatchman Management Center Web Service is configured to require a client
    certificate

If this property is used, it will use the first certificate it finds where the specified text matches the certificate's Subject CN.

\Reporting\HTTPS\CertSubjectREG_SZ

MODULE.WAKEUP.DEBUG

13

Sets the level of debug information output to the WakeUp Agentlog file. Default value is 13 (decimal). Range is 1 to 255 (decimal).

You should only change this value if requested by 1E Support, and reset it back to 13 when investigation is completed.

\DebugREG_DWORD

MODULE.WAKEUP.DELAYCYCLESMSSECS

16
Delay (in seconds) before the WakeUp Agent performs a policy refresh after receiving a policy refresh instruction from the WakeUp Server via the Primary Agent. This delay allows time for the ConfigMgr Management Point to be updated in instances where Advertisements are newly created. Default value is 16.
\DelayCycleSMSSecsREG_DWORD

MODULE.WAKEUP.ENCRYPTIONLEVEL

0

The encryption level used in communications between WakeUp Agents and WakeUp Servers. This does not affect encryption used for WakeUp Reporting.

  • 0 – Disable WakeUp encryption (default)
  • 2 – Enable WakeUp encryption
  • 3 – Enable FIPS encryption

If the USEFIPS installer property is set to 1 it will override the ENCRYPTIONLEVEL installer property and sets the EncryptionLevel registry value to 3, and also uses FIPS for WakeUp Reporting.

When configuring this option you will need to ensure that the same setting is made for all WakeUp Agents and WakeUp Servers.

Care is required when migrating Agents from Off (0) to On (2) or the other way round, then the WakeUp Servers will need be configured to support both, by temporary use of of partial/mixed encryption (1). Once you are sure all Agents are configured to the same setting, then you should change the WakeUp Server to match the Agents' setting.

WakeUp does not support partial/mixed use of FIPS (3) and EncryptionLevel (0/2) therefore all NightWatchman and WakeUp Servers and Agents must be configured to use FIPS from the outset, or all changed at the same time.

EncryptionLevel and FIPS settings used by WakeUp do not affect Tachyon communications.

\EncryptionLevelREG_DWORD

MODULE.WAKEUP.LASTMANENABLED

1
Determines if the WakeUp last man standing functionality is turned on or off.
  • 0 – turns last man standing functionality off
  • 1 – turns last man standing functionality on (default)
\LastManEnabledREG_DWORD

MODULE.WAKEUP.LOGFILENAME


C:\ProgramData\1E\Agent\WakeUpAgt.log
The location and name of the WakeUp Agent log file.
\LogFileNameREG_SZ

MODULE.WAKEUP.MAGICPACKETDELAY

1
The delay (in milliseconds) between the WakeUp Agent sending subsequent Magic Packets. Default value is 1.
\MagicPacketDelayREG_DWORD

MODULE.WAKEUP.MAGICPACKETPORT

The registry name is different to the installer property name (it has an underscore).

1776
The UDP port used to send wake up broadcasts. Default value is 1776 (decimal).
\MagicPacket_PortREG_DWORD

MODULE.WAKEUP.MAXIMUMFILEAGESECS

1209600 (14 days)
Sets the maximum age (in seconds) for the Agent to retain reporting information locally when the NightWatchman Management Center Web Service cannot be contacted. By default, this is set to 1209600 seconds (14 days). Any files older than that will not be submitted to the NightWatchman Management Center Reporting and will be deleted instead. This value need not be modified under normal circumstances.
\Reporting\MaximumFileAgeSecsREG_DWORD

MODULE.WAKEUP.MAXLOGFILESIZE

1048576 (10MB)
Maximum size (in bytes) for the WakeUp Agent log file. When this size is reached, the file is renamed with a .LO _extension and a new .LOG file is created. The .LO _file is overwritten each time.
\MaxLogFilesizeREG_DWORD

MODULE.WAKEUP.REFRESHHWINFOAFTERHOURS

720 (30 days)

The frequency (in hours) for hardware inventory details to be sent to the NightWatchman server if WakeUp reporting is enabled (default) and MODULE.WAKEUP.SENDHARDWAREINFO=ON.

Range is from 24 to 999. The default is 720 (30 days).

If the NightWatchman Agent is also installed, it will send hardware inventory more frequently.

\Hardware\RefreshHwInfoAfterHoursREG_DWORD

MODULE.WAKEUP.REFRESHONSUBNETCHANGE

ON
Triggers the local ConfigMgr client to do a Hardware Inventory Cycle when the WakeUp Agent detects a change of subnet.  The client in turn, updates the ConfigMgr Site inventory, thereby enabling the Site's WakeUp Server to have the latest subnet details.
  • ON – monitor subnet changes on both physical and wireless connections (default).
  • IGNOREWIRELESS – only monitor subnet changes on physical connections.
  • OFF – no action is taken when the subnet changes.

This is particularly useful where laptops move between offices. Typically, Wake-On-LAN is not supported over wireless, therefore IGNOREWIRELESS avoids the overhead of triggering a ConfigMgr hardware inventory for wireless changes. Use OFF only if you are sure computers will not change subnet, and you can rely on the normal ConfigMgr inventory cycle.

The WakeUp system relies on having the latest subnet details in order to wake computers. The WakeUp Agent updates the NightWatchman database with all subnet changes, because the NightWatchman server is designed to support frequent updates.

\RefreshOnSubnetChangeREG_SZ

MODULE.WAKEUP.REPEATCOUNT

0

Number of times to repeat sending Magic Packets. Default is 0.

If you suspect that your network is prone to dropping datagram packets you should try different configurations for RepeatCount and RepeatDelay. Otherwise, these should be left at their default values.
\RepeatCountREG_DWORD

MODULE.WAKEUP.REPEATDELAY

0

Delay (in milliseconds) before resending a repeated Magic Packet. Default is 0.

If you suspect that your network is prone to dropping datagram packets you should try different configurations for RepeatCount and RepeatDelay. Otherwise, these should be left at their default values.
\RepeatDelayREG_DWORD

MODULE.WAKEUP.REPORTING

ON

Enables WakeUp reporting. Sets whether the Agent sends reporting messages to the NightWatchman Management Center Web Service. May be set to one of the following values:

When installing the Tachyon Agent on a WakeUp Server, set MODULE.WAKEUP.REPORTING=OFF so that the server does not appear as a client in the NightWatchman Management Center Admin Console. This will only disable Agent reporting whilst the WakeUp Server will have reporting enabled for reporting statistics.

\ReportingREG_SZ

MODULE.WAKEUP.REPORTINGSERVER

The registry name is different to the installer property name. The supplied value is converted into a full URL.


Set this parameter to the FQDN (recommended) or NetBIOS name of the server hosting the NightWatchman Management Center Web Service.

Mandatory when WakeUp reporting is enabled (default) and using HTTP for communications.

If HTTP is not using standard port 80 then specify the port number as part of the server name:
MODULE.WAKEUP.REPORTINGSERVER="ACMESERVER.ACME.COM:8080"

\Reporting\HTTP\ServiceUrlREG_SZ

MODULE.WAKEUP.SECUREREPORTINGSERVER

The registry name is different to the installer property name. The supplied value is converted into a full URL.


Set this parameter to the FQDN (recommended) or NetBIOS name of the server where the NightWatchman Management Center Web Service component secure site has been installed.

Mandatory when WakeUp reporting is enabled (default) and using HTTPS for communications.

If HTTPS is not using standard port 443 then specify the port number as part of the server name:
MODULE.WAKEUP.SECUREREPORTINGSERVER="ACMESERVER.ACME.COM:7433"

\Reporting\HTTPS\ServiceUrlREG_SZ

MODULE.WAKEUP.SENDHARDWAREINFO

The registry name is different to the installer property name.

ON

Enables hardware information messages to be sent to the NightWatchman server, if MODULE.WAKEUP.REPORTING=ON.

See also MODULE.WAKEUP.REFRESHHWINFOAFTERHOURS.

\Modules\HwInfoAgtREG_SZ

MODULE.WAKEUP.SPOOLDIR

The registry name is different to the installer property name.

C:\ProgramData\1E\Reporting\WakeUp\
The location of the WakeUp spooler directory, where Reporting messages are stored before being sent to the NightWatchman Management Center Web Service. The location should not need to be modified under normal circumstances. Default value is C:\ProgramData\1E\Reporting\WakeUp\
\Reporting\SpoolerDirectoryREG_SZ

MODULE.WAKEUP.STAYONFROMSTANDBYMINS

0

Set this to the number of minutes the Wakeup Agent keeps the OS awake after a wakeup. This is to allow sufficient window of time for multiple jobs to run.

If set to less than or equal to 0 (default) then the WakeUp Agent will keep the OS awake for 20 minutes. Set this this value to more than 20 to keep the OS awake for longer.

\StayOnFromStandbyMinsREG_DWORD

MODULE.WAKEUP.SUBNETOVERRIDE

The registry value is not created unless the installation property is specified.

Contains a list of all unauthenticated subnets that correspond to the authenticated subnets for which the Agent is responsible. Its use and format are described in WakeUp documentation for NightWatchman Enterprise: Configuring network access control security.
\SubnetOverrideREG_SZ

MODULE.WAKEUP.TCPPORT

The registry name is different to the installer property name (it has an underscore).

1777

The listening port used by the WakeUp Agents to communicate with the WakeUp Server. Default value is 1777 (decimal).

The TCP_Port value must be different to the AgentTCP_Port value, and must be the same for the WakeUp Server and all Agents.
\TCP_PortREG_DWORD

MODULE.WAKEUP.USEFIPS

The registry name is different to the installer property name.

0

Set to 1 to force the WakeUp agent to use a FIPS-compliant algorithm for:

  • WakeUp Reporting to the NightWatchman Management Center Web Service.
  • Communication between WakeUp Agents and WakeUp Servers. It will override the ENCRYPTIONLEVEL installer property and set the EncryptionLevel registry value to 3.

If enabled, then all components in the NightWatchman and WakeUp system must have FIPS enabled.

EncryptionLevel and FIPS settings used by WakeUp do not affect Tachyon communications.

\Reporting\UseFipsComplianceEncryptionREG_DWORD

MODULE.WAKEUP.WAKEDISPLAYAFTERSTANDBY

0

Set to 1 to force the display to come on (assuming it has power) after it has been woken up.

This feature works in conjunction with MODULE.WAKEUP.STAYONFROMSTANDBYMINS.

\WakeDisplayAfterStandByREG_DWORD

MODULE.WAKEUP.WURESULTDELAY

0

The time (in seconds) the WakeUp Primary Agent allows for responses to magic packets before it tries to pings devices that have not yet responded with a WASAWAKE or JUSTWOKE and then report NOAGENT or FAILED to the WakeUp Server for reporting purposes. This is especially useful when trying to wake devices that do not have the WakeUp module enabled. The delay should be set to how long it normally takes for devices to start up.

If set to 0 the WakeUp Server determines the time, but this can be overridden by changing the value on the WakeUp Primary Agent. In multi-agent mode, this effectively means all Agents.

\WUResultDelayREG_DWORD

The following table is for WakeUp module registry values that do not have Windows installer properties, and are not stored in the Tachyon Agent configuration file.

These registry values are used by the Agent and must not be modified.
Registry nameRegistry typeDescription
\AgentRegInfoREG_SZUsed by the Primary and Alternate Agent to store information it has registered with the WakeUp Server.
\AltAgentMacAddressREG_BINARYUsed by the Primary and Alternate Agent to store each other’s MAC address details.
\InstallationDirectoryREG_SZUsed as a record of the installation folder, for backwards compatibility.
\MiniAgentToREG_SZUsed by the Primary and Alternate Agent to store the NetbiosName of the 1E Wakeup Server.
\PatchLevelREG_SZUsed to indicate the version of the most recent software patch installed.
\TachyonAgentVersionREG_SZUsed as a record of the Tachyon Agent version that created the registry settings.

Agent Historic Data Capture module configuration properties

This section describes configuration properties for the historic data capture feature, introduced in Tachyon Agent version 2.1.

These properties are not included in the template configuration file, and therefore use defaults. To set any other value for these they must be added to the configuration file.

Capture sources

The table below lists the capture sources supported by the historic data capture feature, and on which OS they are supported. The source name is used in each of the capture source properties.

Source Name

Description

WindowsMacOSLinuxSolaris
ARPARP cache entries - the Agent captures the results of cached IP address to physical address resolutionsv3.2n/an/an/a
DNSDNS queries - the Agent captures whenever a DNS address is resolvedv2.1v2.1n/an/a
ProcessProcess execution - the Agent captures whenever a process starts on the devicev2.1v2.1v2.1v2.1
ProcessStabilizationThe time taken for a process execution to be considered stable whenever a monitored process starts on the devicev3.2n/an/an/a
ProcessUsageA daily summary of the launches and terminations of processes.v3.2n/an/an/a
Software

Software installs/uninstalls/presence - the Agent captures whenever software is installed/uninstalled, and also captures which software is present on a device

v2.1v2.1v2.1v2.1
TCPOutbound TCP connections - the Agent captures whenever an outbound TCP connection is madev2.1v2.1v2.1n/a
UserUsageA daily summary of all the logons and logoffs of users.v3.2n/an/an/a

Capture feature properties

The table below lists configuration properties that affect all capture sources.

Feature propertyInstallation defaultDescription

Module.Inventory.Enabled

 

true

Determines whether the Agent Historic Data Capture feature is enabled or disabled.

Must be set to true or false.

If set to true then individual capture sources can be enabled or disabled by setting Module.Inventory.<source>.Enabled to true or false.

If set to false then this setting takes precedence over individual capture source settings with all being disabled.

Module.Inventory.NoEventTracing

This configuration property does not have an equivalent Windows Installer property and is not in the template configuration file.

false

Controls whether the Agent will, on Windows, use a polling-based mechanism to capture data instead of event-based.

The Agent will use Windows operating system events to capture data, if the host operating system supports it. If this setting is true, the Agent will instead use a polling-based approach to capture data.

This setting is ignored on other operating systems.

Module.Inventory.AggregationIntervalSeconds

This configuration property does not have an equivalent Windows Installer property and is not in the template configuration file.

60 (seconds)

Determines the frequency, in seconds, at which the Agent will write the capture buffers to the live and aggregated tables.

More frequent aggregations will make captured data available for querying sooner, at the cost of more processing on the device.

Range is 30 to 600 (10 minutes).

Properties common to all capture sources

The table below lists the 8 properties used to configure each capture source. The relevant <source> name needs to be included in each of the property names (not case-sensitive).

The following configuration properties do not have an equivalent Windows Installer property and are not in the template configuration file.

Capture source propertyInstallation defaultDescription

Module.Inventory.<source>.Enabled

 

true (all sources)

Controls whether this capture source is active (true) and will capture data. To disable capture of this data, use false

Disabling the historic inventory capture feature by setting Module.Inventory.Enabled to false, takes precedence over individual capture source settings.

Module.Inventory.<source>.BufferSize

 

1000 (all sources) 

Determines the maximum number of capture entries held in memory during an aggregation period.

The Agent will store data in memory prior to writing it to disk (as determined by the Module.Inventory.AggregationIntervalSeconds setting described above). This setting controls the size of the capture buffer available for this data. 

If this capture buffer is exceeded, older entries will be discarded to make room for newer ones. 

For example, based on the default values, if more than 1000 DNS lookups occur within 60 seconds. 

A higher value will allow the Agent can capture higher volumes of events at the cost of additional memory use. 

Range is 100 to 10000.

Module.Inventory.<source>.PollIntervalSeconds

30 (all sources except Software)

120 (for Software)

Determines the frequency, in seconds, at which the capture source will poll for data. 

A lower value (more frequent polls) is likely to capture more data at the cost of additional processing overhead on the device. 

Range is 5 to 600 (10 minutes).

This setting is ignored if the Agent is using an event-based mechanism to capture data.

Module.Inventory.<source>.AggregationsBeforeGroom

3 (all sources)

Determines the number of aggregation cycles that should occur before old data (see Retention settings below) is removed from the Agent’s disk-based store. 

The Agent will store captured data for a limited time before removing it. This setting determines how frequently the “clean-up” operation will be performed. The clean-up operation happens every N aggregation cycles. 

A lower value (more frequent deletion) will remove old data more quickly at the cost of additional processing overhead on the device. 

Range is 1 to 50.

Module.Inventory.<source>.LiveRetention

5000 (all sources)

Determines the maximum number of capture entries that will be stored in the Agent’s “live” disk-based storage. 

The Agent stores detailed (non-aggregate, live) capture entries on disk, as well as aggregated capture entries per hour, day and month (see below). This setting determines the limit of the detailed entries. When the limit is reached, older entries are deleted to make room for newer ones. 

A higher value allows storage of a longer period of detailed entries at the cost of additional disk space on the device. Storing more data will also cause queries on that data to take longer.

Range is 100 to 50000.

Module.Inventory.<source>.HourlyRetention

Module.Inventory.<source>.DailyRetention

Module.Inventory.<source>.MonthlyRetention

 

Hourly: 24 (all sources)

Daily: 31 (all sources)

Monthly: 12 (all sources)

Determines the maximum number of hours/days/months for which aggregated data will be kept in the Agent’s disk-based storage. 

The Agent will discard data from its hourly/daily/monthly store to make room for newer data. 

A higher value allows a longer history of data to kept at the cost of additional disk space on the device. Storing more data will also cause queries on that data to take longer. 

Note that these settings are independent of one another – for example, it is not necessary to specify an “hourly” value of 24 or greater to be able to capture “daily” values. 

A value of zero means “disable data aggregation at this resolution”. Again, since the settings are independent, it is valid to disable hourly data aggregation yet keep daily and monthly aggregation active. 

Range is 0 (disabled) to 100.

Properties unique to specific capture sources

The following configuration properties do not have an equivalent Windows Installer property and are not in the template configuration file.

Capture source propertyInstallation defaultDescription
Module.Inventory.ProcessStabilization.Fuzziness5Modifies the margins within which a process is considered stable. The default is 5, and the range is 1 to 66 inclusive. It is recommended that this setting is left unchanged.
Module.Inventory.ProcessStabilization.MonitoredProcesses 

This is a comma separated, case insensitive list of executable names with extensions of all processes that require stabilization monitoring. By default, this is not set and therefore process stabilization monitoring is disabled. It is recommended that this list not be more than 15 executables.

Module.Inventory.ProcessUsage.VerboseLoggingfalseEnables or disables Process Usage log messages, which typically appear for each data capture refresh. This property is used by the AppClarity Tachyon Powered Inventory feature.
Module.Inventory.UserUsage.VerboseLoggingfalseEnables or disables User Usage log messages, which typically appear for each data capture refresh. This property is used by the AppClarity Tachyon Powered Inventory feature.