Contents
-
Introducing Tachyon
-
Quick Start
-
Implementing Tachyon
-
Using Settings
-
Using Explorer
-
Using Guaranteed State
-
Using Inventory
-
Using Experience
-
Using Patch Success
-
Troubleshooting
-
Extending Tachyon
-
Training
-
Tachyon Operator v5.0 Lab Guide
-
Ex 1 - TCN Opr v5.0 - Installing and Configuring Tachyon Prerequisites
-
Ex 2 - TCN Opr v5.0 - Installing Tachyon
-
Ex 3 - TCN Opr v5.0 - Exploring the Settings Application
-
Ex 4 - TCN Opr v5.0 - Instruction Sets and Management Groups
-
Ex 5 - TCN Opr v5.0 - Working with Instructions
-
Ex 6 - TCN Opr v5.0 - Working with Patch Success
-
Ex 7 - TCN Opr v5.0 - Working with Inventory
-
Ex 8 - TCN Opr v5.0 - Using Guaranteed State
-
Ex 9 - TCN Opr v5.0 - Microsoft Configuration Manager Integration
-
Ex 10 - TCN Opr v5.0 - Creating Instructions and Fragments Using TIMS
-
Ex 11 - TCN Opr v5.0 - Working with Experience
-
Ex 1 - TCN Opr v5.0 - Installing and Configuring Tachyon Prerequisites
-
Tachyon Advanced v5.0 Lab Guide
-
Tachyon - Nomad as Content Provider Lab Guide
-
Tachyon Operator v5.0 Lab Guide
-
Reference
Creating Instructions and Fragments Using TIMS
Tachyon provides many Instructions and Product Packs full of Instructions that can be executed out of the box from Tachyon. However, the value of Tachyon is its extendibility. Quite often, use cases will arise for different questions and actions that need to be performed on your client estate. This would require new instructions to be created. Tachyon provides a toolset to create your own instructions from scratch. These instructions can be created using either the native language used by the Tachyon client, or by deploying PS scripts. In this lab, we will create some instructions from scratch and use them in Tachyon. We will also use TIMS to create a fragment that we will import for use in Guaranteed State.
Configuring TIMS prerequisites
Tachyon Instruction Management Studio or TIMS is a utility that allows you to write your own instructions for consumption by Tachyon. In this exercise, we will configure TIMS prerequisites so we can begin writing our own instructions.
Enrolling a code signing certificate on the Tachyon server
Tachyon requires a code signing certificate to sign instructions with. This ensures that any instructions written for execution via Tachyon are signed, and no rogue instructions are introduced to the environment. The Code Signing certificate is also associated with the Tachyon license key to ensure that only those with the appropriate certificate are allowed to write instructions that can be used in Tachyon.
- Open SkyTap Shared Drive shortcut on the desktop and navigate to 1E Tachyon - Course Content\Tachyon 5.0 Course Content\ download tims.v5.0.0.745.zip, setSCCMsite.ps1 and 1ETRN_Code_Signing_cert.pfx files to c:\temp Extract the contents of the ZIP file
- From the start menu, type certificate, and click on Manage Computer Certificates
- In the Certificates console, right-click on Trusted Publishers. Select All Tasks>Import
- On the Welcome, ensure Local Machine is selected by default. Click Next
- On the File to Import page, click Browse
- Switch the file type to All Files (.)
- Navigate to c:\temp and double-click 1ETRN_Code_Signing_cert.pfx. Click Next
- On the Password page, input Passw0rd for the password and click Next
- On the Certificate Store, ensure Trusted Publishers is populated. Click Next
- On the final page, click Finish. Click OK
- In the Certificates console, expand Trusted Publishers>Certificates and validate that the code signing cert issued to SCCM Admin is present
- From a cmd prompt, run IISRESET to bounce IIS
- Running IISRESET will ensure the web service recognizes the certificate we just added to the server
Validate the certificate
- Double-Click the Code Signing certificate issued in the Trusted Publishers store
- Click on the Details tab and scroll down to the Thumbprint value. Make note of the first 4 and last 4 characters of the thumbprint
- Navigate to c:\programdata\1E\Licensing and right-click on the Tachyon.lic file and open with Notepad. Use Word Wrap to get better formatting of the file
- Do a search for 1ETRN. Note the signersha value associated with the Instruction. Ensure it matches the thumbprint of our code signing certificate
- Close the license file, ensuring no changes were made
- Close the certificates console
Enrolling the Code Signing certificate on a workstation
TIMS can be run on any machine in your environment. The instructions you develop will use the framework of the machine you are running TIMS on to validate the instruction. As such, we will run TIMS on one of the workstations. Wherever TIMS is run, the same Code Signing certificate must be enrolled in either the User or Computer store, generally in both.
- Logged in as 1etrn\Tachyon_Admin1, navigate to \\1etrnap\temp and copy the tims.v5.0.0.745 folder and setSCCMsite.ps1, 1ETRN_Code_Signing_cert.pfx to c:\tools
- From the start menu, type in mmc into the search box and launch mmc.exe
- Click File and select Add/Remove Snap-in
- From the snap-in wizard, select Certificates and click Add
- Select My user account and click Finish. Click OK
- If we are running TIMS under system context, the certificate must also reside under the Computer store. In our exercises, we will be running TIMS only in user context
- Expand Certificates (Current User) and right click on Personal
- Click All Tasks > Import
- On the Welcome page, click Next
- On the File to Import page, click Browse
- Switch the file type to All Files (.)
- Navigate to c:\tools and double-click 1ETRN_Code_Signing_cert.pfx. Click Next
- On the Password page, input Passw0rd for the password and click Next
- On the Certificate Store click Next
- On the final page, click Finish. Click OK
- Double-click the Code Signing certificate in the personal store and validate the thumbprint in the details tab. Validate it is the same as the one on the server and in the license file
Installing TIMS
In this exercise, we will install TIMS on a workstation, and use that workstation to write instructions.
- Navigate to c:\tools\tims.v5.0.0.745 and double-click TIMS-x86.msi
- On the Welcome page, click Next
- On the License Agreement page, select I accept the terms of this license agreement and click Next
- On the Destination Folder page, click Next
- On the Ready to Install the Program page, click Install
- Once installed, click Finish
Navigating TIMS
Now that we have prereqs in place and TIMS installed, we can begin working with TIMS. In this exercise, we will learn some basics about TIMS and begin exploring the native language, SCALE (Simple Cross-platform Agent Language for Extensibility), in the form of Modules and Methods used to write instructions.
- Log in as 1ETRN\Tachyon_Admin1 if not already logged in
- From the desktop, launch Tachyon Instruction Management Studio
- Instructions can be written under the user context or the System context. If we wanted to write instructions under the Local System context, we can launch TIMS using PSEXEC to run under the system context. For our labs, we will only use TIMS in the user context
- Review the different buttons in the top pane
- Click on Code Signing and select Select signing certificate
- TIMS will default to Code Signing certificates. We only have one enrolled, so it will default to that certificate
- Click on the Click here to view certificate properties link
- Note that the general tab of the certificate shows You have a private key that corresponds to this certificate
- If you do not have a private key associated with the certificate, Instructions written using the certificate will not work in Tachyon
- Click OK to close the certificate properties. Click OK to select the certificate
- Click on Code Signing and check Always sign
- This setting ensures that any instruction you attempt to save will be signed using the certificate we just selected
- In the top query window, type in the following text
- Note the query window begins to autofill the text you are typing. This is due to IntelliSense being integrated with TIMS. IntelliSense features are powered by a language service. A language service provides intelligent code completions based on language semantics and an analysis of your source code. If a language service knows possible completions, the IntelliSense suggestions will pop up as you type. If you continue typing characters, the list of members (variables, methods, etc.) is filtered to include only members containing your typed characters. Pressing Tab or Enter will insert the selected member
- Click the Run button up top
- Note that an error box pops up and a syntax error is displayed in the results pane. This is because each line of code must be ended with a semicolon
- Click OK on the error box
- At the very bottom, switch from Results to Log tab
- Note the various rows of errors. Specifically, a row displaying the following: Completely unterminated SELECT at line 1, column 9
- Return to the Results tab. Add a semicolon to the end of the instruction and click Run again
- Note there are no errors on the Log pane
- Switch to Results pane
- Note that the results show a column named hello with single quotes, and a value of hello
- Modify the syntax of the query to the following and click Run
- Note the column name is now set to greeting. Change to Results pane at the bottom instead of log
- Change the query to the following and rerun
- Note that you get the same result as before. The 'AS' is not necessary. If you are familiar with SQL language, you will get the hang of TIMS scripting very quickly
- Input the following below the existing line and click Run
- Note only the second line displays an output. Unlike SQL, both rows will not display an output, only the last. Switch the rows around to see only 'hello' will show. This is very important to remember when you begin to write complex instructions
- Clear the existing code from TIMS. Input the following query into the window. Type it out exactly as shown below, do not rely on IntelliSense to autofill it
- Note the error returned. Unsupported method 'getconnections'
- Change the syntax to the following
- Note the results that are returned. The scripting language is case sensitive, so you must input very exact syntax. IntelliSense will ensure that these syntax errors are autocorrected
- Clear the query window and run the following queries, one line at a time, and review the results
SELECT "hello"
SELECT "hello" AS greeting;
SELECT "hello" greeting;
SELECT "goodbye" greeting;
Network.getconnections();
Network.GetConnections();
Software.GetInstallations(); Device.GetSummary(); FileSystem.GetFilesInFolder(Folder: "c:\\program files\\1E\\client"); OperatingSystem.GetServiceInfo(); OperatingSystem.GetInstalledUpdates();
Creating a basic Instruction
- Clear the TIMS query window and run the following
- Click on the Schema button on the top ribbon. On the popup, click Yes
- In the Schema editor, click the different boxes. Here you can define the different parameters of the schema
- The GetConnections method has a predefined schema. We can define that value in the schema itself manually. The render as property allows for 3 rendering schemas currently, perforated, IPAddress, or currency. This allows for the results to be shown rendered as one of these data types
- Click on ProcessName and using the button, move it to the top
- Click OK to save the schema
- Click on Workflow. Note the different options available for Instruction Workflow in the dropdown. Click Cancel
- Click Task groups
- Click Cancel to exit out of Task Groups
- Click on the Aggregation button on the ribbon
- Click Cancel
- Click Validate in the top ribbon. Note the errors displayed. Click Close
- In the Instruction Definition panel at the top right, note the different properties
- In the Description field, input Active Network Connections and click Enter
- For the Name field, change the value from the default to 1ETRN-ActiveNetworkConnections
- For the ReadablePayload field, click on the ellipses at the right and input Active Network Connections. Click OK
- Review the other properties in the Instruction Definition pane. These are all configurable parameters, but if left alone they will default to the values of the installation
- Click Validate in the top ribbon. Note only a task groups warning is shown. Click Close
- From the menu bar, click File>Save As. Click OK on the validation page
- Save the Instruction under c:\tools as 1ETRN-ActiveNetworkConnections.xml
- Leave TIMS open with the instruction still defined in the top pane
Network.GetConnections();
Validating the Instruction
- In windows explorer, navigate to c:\tools. Note an XML file named 1ETRN-ActiveNetworkConnections has been created here
- Right-click the file and open with Internet Explorer
- Note the format and content of the instruction file
Uploading the instruction in Tachyon
In this task, we will add the newly created Instruction to Tachyon and ask the question to our clients.
- Navigate to https://tachyon.1etrn.local/tachyon in Google Chrome
- Launch the Settings Application
- Navigate to Instructions - Instruction sets
- Create an Instruction Set named 1ETRN
- From the top pane, click Upload. Browse to c:\tools and select 1ETRN-ActiveNetworkConnections.xml
- Click Open. Ensure the Instruction is uploaded successfully and there are no errors
- Select the Instruction in the middle pane, and click on the Move button in the right pane
- From the dropdown, select 1ETRN and click Move
- Click on the 1ETRN Instruction Set in the left pane to validate the instruction has been moved there
Running the newly created Instruction
- Navigate to the Home page of Explorer Application
- From the top right, click the All Instructions button
- Note a 1ETRN Instruction set is now present. Expand the Instruction Set
- Click on the instruction and click Ask this question
- Scroll down to see the results returned from the different machines
- Click the Back to Top link at the bottom right
- Click on the Filter Results button to expand the filter options
- In the Device Name box, input 1ETRNW73 for the local machine. Click Search
- Review the results for the local machine
- Return to TIMS. With the Network.GetConnections(); query still defined, click the Run button
- Note the connections. They should match what Tachyon returns via the Instruction
Creating a Product Pack with multiple Instructions
Now that we have navigated around the TIMS utility, we will create a Product Pack that will contain multiple instructions. In a production environment, you often will have multiple instructions that logically bind together. You can add those instructions individually to Tachyon, or you can bundle them up and add them together. In this exercise, we will create two instructions, a question and an action, and add them to Tachyon to validate their functionality.
Create a Question Instruction
In this task, we will create a query that identifies what the ConfigMgr assigned Site code is for our clients.
- In TIMS, go to File and select New to clear the existing instruction definition
- In the query window, type in the following query
- Click the Run button
- Note the value that returns. This is the site code for the CM site in our lab environment
- In the Instruction Definition pane on the top right, input the following for Description and ReadablePayload
- Name the Instruction 1ETRN-Check SCCM Site
- Click the Schema button in the top ribbon and validate the suggested schema. Click OK
- From the menu, click File>Save as. Click OK on the Validation page
- Save the instruction as 1ETRN-CheckSCCMSite.XML under c:\tools
NativeServices.RunWmiQuery(Namespace:"root\\ccm", Query:"SELECT name from sms_authority");
What is the SCCM Site code?
Creating an Action Instruction using a script
In this task, we will create an action Instruction that changes the CM site code on the Tachyon clients. We will accomplish this via the use of a PowerShell script. In Tachyon, we have the ability to use the native language Modules and Methods, or a PS script.
- Browse to c:\tools\ and right click the setSCCMsite.ps1 file
- Edit with Notepad and review the syntax of the file
- In TIMS, from the ribbon along the top, select Import resource
- Browse to c:\tools\ and select the setSCCMsite.ps1 file
- In the Instruction Resource popup, review the settings and click OK
- Click Add parameter from the top ribbon and input SCCMSite into the name
- In the Max Length box, input 3. Click OK
- In the Middle pane, click the down arrow for the Resources next to the file name setSCCMsite and select Insert snippet to download
- On the line beneath the file download syntax, paste in the following
- In the Instruction Definition pane on the top right, input something into Description
- Name the Instruction 1ETRN-Set SCCM Site Code
- Change the InstructionType to Action via the dropdown menu
- In the ReadablePayload field, input the following: Change the SCCM Site code to %SCCMSite%
- From the ribbon click on Schema
- In the Edit Schema page, click the green+button. In the Column Name input ExitCode and change Data Type to int32
- Click the green+button again and in the Column Name input NewSCCMSite and leave the Data Type as String. Click OK
- Click the Run button from the top ribbon. Validate the results
- From the menu, click File>Save as. Click OK on the Validation page
- Save the instruction as 1ETRN-SETSCCMSite.XML under c:\tools
Scripting.Run( Language: "PowerShell", ExecutionPolicy : "Override", Script : @resource1, InterpretAsJson : False , "%SCCMSite%");
Creating and Uploading the Product Pack
Now that we have two instructions, a question and an action, we are ready to upload them to Tachyon as a Product Pack.
- Browse to c:\tools and multiselect the 1ETRN-CheckSCCMSIte.XML and 1ETRN-SETSCCMSIte.XML files
- Right click on the selected files and select Send to> Compressed (zipped) folder
- Name the zip file 1ETRN-SCCMSite.zip
- In the browser, if the Settings Application is not already running, navigate to https:\\tachyon.1etrn.local\tachyon and choose Switch app or Settings
- Navigate to Instructions - Instruction sets
- Click the Upload button at the top right and browse out to c:\tools
- Select the 1ETRN-SCCMSite.zip file and click Open
- Validate that the file was uploaded without errors
- Click on the Unassigned Instruction Set and click the two instructions uploaded via the Product Pack named What is the SCCM Site code? and Change the SCCM Site code to <SCCMSite> and move them to the 1ETRN Instruction Set
Validating the Instructions
Now that we've created Instructions and added them to Tachyon, we are ready to validate that the instructions execute exactly what we defined within them and output the appropriate information when run.
- Navigate to the home page of the Explorer Application
- In the I want to know box, type in What is the SCCM Site code
- Click Ask this question
- Wait for all clients to respond. Note the Results return in the form of Device Name and Name for the SCCM Site code, and the value is in the form of SMS:xxx
- Once all results are in, click on the Actions tab
- Type in Change the SCCM Site code
- Input AAA into the site code parameter box and click Perform this action
- Execute the 2FA and Approval process to process the action
- Note the results. There will be 3 columns, Device Name, ExitCode and NewSCCMSite
Creating a Fragment for Guaranteed State
Now that we have learned how to create an instruction and a product pack using TIMS. We will now use TIMS to create a simple test fragment for use in Guaranteed State. The fragments that we create and import into Tachyon contain the items that we can use in our rules to evaluate device state and remediate. Fragments must have a specific schema defined. They must have at least 1 column Passed (case sensitive) and can have an optional column named Data to display some data from the device. In this scenario, we need to determine if certain files are present on our devices. Many times, a malware outbreak can be identified by looking for specific files. First, we will create a fragment that will check to see if a file is on the device. We will add a parameter that will allow our rule to supply the name of the file to search for, so that our Rule will test for any files that our Admin chooses. We will then modify the schema of our fragment so that it contains what is required for Guaranteed State to use the fragment. Once we have the fragment written we will import it into Guaranteed State and create a policy that will check our devices and view our results.
Creating the Fragment
- Logged into 1ETRNW72 as 1ETRN\Manager1
- Navigate to \\1etrnap\temp and copy the tims.v5.0.0.745 folder and the 1ETRN_Code_Signing_cert.pfx to c:\tools
- Install TIMS and the code signing certificate on this device using the settings detailed earlier
- Launch TIMS
- Open File Explorer and create a text file called MyFile.txt
- In the code block pane type in
- Click Run
- In the code block pane type in the following on the line 2
- On line 3 type in the following:
- On line 4 type in ELSE
- On line 5 type in
- On line 6 type in ENDIF;
- Click Run
@a = FileSystem.FindFileByName(FileName:"myfile.txt", Fast:true);
IF (@a)
SELECT 0 as Passed, "MyFile.txt exists" as Data;
SELECT 1 as Passed, "MyFile.txt does not exist" as Data;
- Open File Explorer and navigate to the location of your MyFile.txt – rename it to myfile.old
- Open TIMS and Click Run
- You should now see MyFile.txt does not exist in our Data column. Passed should contain 1
- Click on Add Parameter in the ribbon
- In the Instruction Parameter box Name field type in FileName. Notice that the pattern field is populated for us
- In the Hint Text Field type in Unauthorized File Name
- In the Control Section – Type field. Click the drop-down to see the available options
- Click OK to close the box
- In our code block pane change our "myfile.txt" to "%FileName%"
- In lines 3 and 5 change the myfile.txt to %FileName%
- Click Run. In the Parameters box type in MyFile.txt in the FileName field. Click Ok
- Notice that our results did not change – now we will test our fragment.
- Click Run again and this time enter Notepad.exe in the popup. Notice the results
- Click Run again this time enter your name .yourname – we know this file will not exist
- Click the Schema button in the ribbon. Choose Yes to create the schema
- Look at our Schema – see that we are passing 2 columns
- In the Data row leave Data Type as String, Change the Length to 1024
- Click ok to close the Schema window
- In the Instruction Definition pane Comments field type in Checks to see if the unauthorized file is on the drive
- In the Description field type in Does this machine have an unauthorized file?
- Leave Instruction Type as Question
- Change the name to 1E-GuaranteedState-General-Check-SpecificFile
- In the Readable Payload field type in Check for %FileName%
- Click File – Save As – click Ok on the Validation window. Navigate to c:\tools and save it there as 1E-GuaranteedState-General-Check-SpecificFile.xml
- Click Save
Viewing the Contents of an Integrated Product Pack
Before we make our own Integrated Product Pack to import into Guaranteed State, we will look at the format and contents of one of the default Integrated Product Packs
- Still logged into 1ETRNW72 as 1ETRN\Manager1
- Navigate to \\1ETRNAP\temp and copy the tachyonplatform.v5.0.0.592\ProductPacks to c:\tools
- Navigate to c:\tools\tachyonplatform.v5.0.0.592\ProductPacks\Integrated and copy NomadClientHealth.zip to the root of c:\tools
- Right click on c:\tools\NomadClientHealth.zip and select extract all
- Navigate to c:\tools\NomadClientHealth and look at the contents of the folder
- The fragments folder contains a check folder, a fix folder, and a precondition folder. Open each one of these and look at the .xml files in each one
- Open each of the folders and look at the contents
Creating the Product Pack
In order to import our Fragment into Tachyon we need to create a Product Pack. The product pack contains the objects needed for use by Tachyon and a manifest file. We will then import our Product Pack into Guaranteed State.
- Still Logged into 1ETRNW72 as 1ETRN\Manager1
- From Start – Run navigate to \\1etrnap\temp\AdditionalProductPacks\ and copy the Product_Pack_Templates folder to c:\tools
- Open the folder to view the contents
- Navigate to C:\Tools\Product_Pack_Templates\Unauthorized File Product Pack\
- Right click on the Manifest.xml and select Edit to open in Notepad
- In the Name section replace Name of Product Pack with Unauthorized File
- In the Description section replace Description of Product Pack with Checks for specified file
- Notice we have already specified folder.ico in the Icon section
- Save the file and close Notepad
- In File Explorer Navigate back to c:\tools and copy 1E-GuaranteedState-General-Check-SpecificFile.xml to c:\tools\Product_Pack_Templates\Unauthorized File Product Pack\Fragments\Check (you will need to create the folder structure)
- Multi-Select all the files and folders in c:\tools\Product_Pack_Templates\Unauthorized File Product Pack folder and Right click then choose Send To – Compressed (zipped) Folder
- Click Ok on the warning. The empty folders are not needed for the .zip they were there to show the structure
- Rename the zip file to Unauthorized File Product Pack.zip
Importing into Guaranteed State
Now that we have created our Product Pack, we will import that into Guaranteed State using the Product Pack Deployment Tool
- Still logged into 1ETRNW72 as 1ETRN\Manager1
- Copy Unauthorized File Product Pack.zip to c:\Tools\tachyonplatform.v5.0.0.592\ProductPacks\Integrated
- Double Click c:\Tools\tachyonplatform.v5.0.0.592\ProductPacks\Tachyon.ProductPackDeploymentTool.exe
- In the Server field change the URL to https://tachyon.1etrn.local/consumer
- Click Test Connection
- The results pane should show Connected to Tachyon version 5.0.0.592
- Uncheck Select all
- Select our Unauthorized File Product Pack and click Upload selected
Creating the Rule
Now that we have our Product Pack imported, we will create our rule that will use that fragment
- Still logged into 1ETRNW72 as 1ETRN\Manager1
- Open Google Chrome and Launch the Guaranteed State application if it is not already open
- Navigate to Administration – Rules. Click New
- In the Name field type in Unauthorized File Check
- In the Description field type in Checks to see if a specific file is present
- In the Type field select Check
- In the Triggers box Choose Periodic (minutes) and type in 5 in the Interval Minutes field
- Leave Precondition empty
- Click on Check. Choose our Check for <Unauthorized File Name>
- In the FileName field type in Myfile.txt Click Save
- Open File Explorer and navigate to your myfile.txt (before we renamed it) and name it back so that this machine will have the file we are looking for
Creating the Policy
Now that we have our Rule created, we need to create a policy that we will assign and deploy that will contain the rule we just created.
- Navigate to Administration – Policies
- Click New
- In the Name field type in Unauthorized File Check – Myfile.txt
- In the Description field type in Checks for MyFile.txt – if found device is non-compliant
- In the All Rules pane select Unauthorized File Check and move it to Assigned Rules
- Click Save
Assign and Deploy the Policy
- Still logged into 1ETRNW72 as 1ETRN\Manager1 with Google Chrome still open
- Select Unauthorized File Check – Myfile.txt Policy and click Assign
- Choose All Devices Management Group. Click Save
- Click Deploy. Click Ok
View the Results
- Navigate to Overview. Click Refresh
- Select Unauthorized File Check – Myfile.txt in the drop down. It may take a few moments until they all report in
- Click on the Green slice in the Device State tile
- Click on View History
- Navigate back to Overview
- Click on the Orange slice in the Device State tile
- Click View History on any of the devices
Lab Summary
In this lab, we learned how to create instructions using TIMS. We started with a simple example, using the native language to query for active network connections. Then we created a question Instruction to query for the SCCM Site code of the client machines. Lastly, we created an action Instruction which allowed us to change the site code of the SCCM client to a value inputted by the operator. In doing so, we used a script rather than native language to execute the action. We also created a simple fragment in TIMS to extend Guaranteed State. We created a Product Pack and imported this into Guaranteed State. We then manually created a rule using this fragment and a policy to assign and deploy to our devices to determine the state of our environment. If you want to learn more about how to use TIMS to create even more complex Instructions and Fragments take our Extending Tachyon course.