Exercise Overview:

Working with Instructions

Now that we have added a Product Pack and analysed the inner working of the Instruction, we will add more Instructions and begin working with Tachyon. The Instructions we add will provide different functionality in terms of questions we can ask as well as actions we can take.

Work with Instructions

Adding Instructions via Product Packs

1ETRNAP

  1. Launch the SkyTap Shared Drive shortcut on the desktop and navigate to 1E Tachyon - Course Content\Tachyon 5.1 Course Content\
  2. Download and copy the Icons.zip folder to c:\temp\ right click and extract all
  3. Also download and copy the 1E Tachyon - Course Content\Tachyon 5.1 Course Content\AdditionalProductPacks.zip to c:\temp and extract the contents
  4. Launch the Settings Application from the Tachyon Portal if not already open
  5. Click on the Instructions node and then select Instruction Sets
  6. Click on the Upload button at the top right
  7. Navigate to C:\Temp\tachyonplatform.v5.0.0.592\ProductPacks\Classic and select 1E-Patch-Success.zip. Click Open
  8. There will be 3 instructions in the Unassigned Instruction Set
  9. Click Add new set
  10. In the Add new instruction set box type Patch Success in the Name field
  11. Click Choose file in the Custom Icon box. Navigate to c:\temp\icons and select Tachyon.png
  12. Click Open. Click Add
  13. Click the Upload button again
  14. In the Open dialog box navigate to C:\Temp\tachyonplatform.v5.0.0.592\ProductPacks\Classic and multi-select 1E-ConfigMgrConsoleExtensions.zip, 1E-Explorer-TachyonAgent.zip, and 1E-Explorer-TachyonCore.zip Click Open
  15. Ensure that the Instructions are successfully verified and installed. Navigate to the Recent Uploads tab to see status
  16. Click on Upload again navigate to c:\temp\AdditionalProductPacks
  17. Multi-select 1E-Explorer-1ECore.zip and 1E-Explorer-Examples.zip Click Open
  18. Ensure that you now have instructions in your unassigned instruction set. Check the Recent uploads tab and look for any Errors
  19. If you see the Errors count go above zero, ping your instructor to troubleshoot
  20. Navigate to c:\programdata\1E\Tachyon and open Tachyon.ConsumerAPI.log
  21. Search for Uploaded in the log and note all the Instruction uploaded

Managing Instructions in Sets

The Product Packs have a varying number of Instructions within them. Once imported into Tachyon, we must group them into Instruction Sets before we can use them. In this exercise we will group the Instructions into Instruction Sets to demonstrate the process. In the next exercise we will use the Product Pack Deployment Tool to perform a bulk import of product packs.

1ETRNAP

  1. Return to the Settings Application and navigate to Instructions – Instruction Sets. In the instruction set pane, click the Unassigned Instruction Set and then click the plus sign + at the end of the sort by field but in front of Unassigned
  2. Type in Processes in the Name field. In the custom icon field click on Choose File. Navigate to c:\temp\icons. Click the Process.png Click Open. Click Add
  3. Select the Unassigned Instruction Set to review all the uploaded Instructions
  4. In the Search field under the name of the instruction set (Unassigned), type Process into the filter box
  5. In the lower right click on the 50 button to show additional rows
  6. For the grouping on Instructions into Instruction Sets, please ensure you are searching for the words as exactly documented here, or you will possibly miss some Instructions and in later labs will not be able to execute them.
  7. Click Select All and click on Move in the right panel. Drop down to the Processes Instruction Set and click Move
  8. Create an Instruction Set named Services
  9. Add a custom icon from c:\temp\icons\service.png
  10. Select the Unassigned Instruction Set in the Instruction Sets pane
  11. From the Instructions pane, type Service into the filter box
  12. Move the services related Instructions into the Services Instruction set
  13. Create an Instruction Set named Registry
  14. Add a custom icon from c:\temp\icons\registry.png
  15. Select the Unassigned Instruction Set in the Instruction Sets pane
  16. From the Instructions pane, type Registry into the filter box
  17. Move the Registry related Instructions into the Registry Instruction Set
  18. Create an Instruction Set named 1E Client
  19. Add a custom icon from c:\temp\icons\Tachyon.png
  20. If you forget to add your custom icons you can also select the instruction set and click on the hamburger menu next to the name and choose Edit
  21. Select the Unassigned Instruction Set in the Instruction Sets pane
  22. From the Instructions pane, type Tachyon Agent into the filter box
  23. Move the Tachyon Agent related Instructions into the 1E Client Instruction Set
  24. From the Instructions pane, type 1E Client into the filter box
  25. Move the 1E Client related Instructions into the 1E Client Instruction Set
  26. Select the Unassigned Instruction Set and in the Search field type in Operating System
  27. Select all the instructions and then Click the Add new set box at the right to create a New Instruction Set
  28. Again, use caution when using the Select All button in this window as it only selects the displayed instructions. Notice the control in the lower right to display 12-24-48 items in the list.
  29. In the Add new Instruction Set box Name field type OS
  30. Add a custom icon from c:\temp\icons\Win10.png
  31. Ensure that the box is checked to Include the Selected Instructions
  32. Click Add
  33. Create an Instruction Set named ConfigMgr
  34. Add a custom icon from c:\temp\icons\sccm.jpg
  35. From the Instructions pane, type ConfigMgr into the filter box
  36. Move the CM related Instruction into the ConfigMgr Instruction Set
  37. After searching for ConfigMgr also search for SCCM and move those instructions into the ConfigMgr instruction Set
  38. Create an Instruction Set named Tags
  39. Click on the Unassigned instruction set. Type Coverage Tag in the search box
  40. Move these instructions to the Tags Instruction Set
  41. Do another search for Freeform Tag
  42. Move all the Tag related instructions to the Tags Instruction Set
  43. Create an Instruction Set named Quarantine
  44. Click on the Unassigned instruction set. Type in Quar and move all the Quarantine related instructions to the Quarantine Instruction Set
  45. Create an Instruction Set named Device Criticality
  46. Click on the Unassigned instruction set. Type in Critical in the search field
  47. Move the 2 instructions for Device Criticality to the Device Criticality Instruction Set
  48. Now that we've added instructions to Tachyon and organized them into Instruction Sets, we are ready to begin engaging clients. There are two types of instructions, Questions and Actions. In these exercises, we will ask questions and execute actions on our Tachyon clients
  49. We are only using a subset of Instructions which were uploaded from the Product Packs. Don't be concerned about the instructions still residing in the Unassigned group.

Using the Product Pack Deployment Tool for the Integrated Product Packs

Tachyon 5.0 shipped with the Tachyon Product Pack Deployment Tool (this is included in v5.1) and gives you a way to bulk import Product Packs and Guaranteed State artifacts into Tachyon. We also have a set of Integrated Product Packs to import. We can use this during the Tachyon install or as a standalone bulk import. The product packs must be in the same folder as the tool. Your Guaranteed State Administrator must also have Instruction Set Administrators role to use the Product Pack Deployment Tool for Integrated Product Packs.

1ETRNW72

  1. Still logged into 1ETRW72 as 1ETRN\Manager1
  2. Click Start and in the Search field type \\1ETRNAP\temp Click the temp folder to Launch Windows Explorer. Right click tachyonplatform.v5.0.0.592\ProductPacks\ folder and select copy. Navigate to c:\tools and right click and select Paste
  3. Double click c:\tools\ProductPacks\Tachyon.ProductPackDeploymentTool.exe
  4. Type in https://tachyon.1etrn.local/consumer in the Server field. Click on Test Connection
  5. We should see connected to the Tachyon Server and the version number in the Results pane
  6. Ensure that all the Integrated Product Packs are selected and click Upload Selected
  7. The Tachyon Product Pack Deployment Tool will import them into Tachyon. It will also move them into an Instruction Set named the same as the .zip file. The Tachyon Product Pack Deployment Tool will also upload Classic Product Packs into Tachyon. You would need to copy the Classic Product Packs into the same folder as the tool and the supporting files. You may want to rename the Instructions Sets as the tool will name them the same as the name of the .zip file which may not be the name that you want for the instruction sets. These are easier to use in production if the Instruction Set name is indicative of the instructions that are in the set.

Changing Tachyon Agent Settings

In this exercise, we will evaluate the 1E Client settings, and make a change to one of them.

1ETRNW71

  1. Navigate to the Home node in the Explorer Application
  2. Click on All Instructions on the top right
  3. Expand 1E Client instruction set to review the available instructions
  4. Click on Set a 1E Client configuration property <agentconfig> to <agentconfigvalue> for the Tachyon Agent
  5. Tachyon no longer requires us to ask a question in order to deliver an action. We already know our client settings we can make the change that is required for our lab now.
  6. From the settings dropdown, select DefaultStaggerRangeSeconds
  7. Set the value to 30
  8. Click Perform this action
  9. Input Passw0rd for the password
  10. Launch LiveMail and click Send/Receive to update the inbox
  11. Retrieve the authentication code from the latest email and input it into the console

1ETRNW73

  1. Launch LiveMail and click Send/Receive to update the inbox
  2. Open the latest email with subject Tachyon action X requires approval
  3. Click on the Go to approval page link
  4. Click on the approval request. Review the details of the action request. Note that all 7 clients are targeted
  5. Input a comment if you wish. Check the I understand the impact of this action and approve this request box. Click Approve

1ETRNW71

  1. Check the inbox in LiveMail. An email confirming the instruction was approved will be present with a current timestamp
  2. Return to the Explorer Application. It should be on the responses page for our Agent reconfiguration instruction
  3. Wait a few minutes as the results of our action are returned
  4. Remember the default stagger setting? This action requires a script, so there will be a random wait between 0-300 seconds for the agents to download the script. We are changing that setting to 30 so future Instructions which require a script are executed quicker. In a production environment you want to be careful not setting this value too low.
  5. On the Content page, note a pie graph detailing Success/Error
  6. Click on Aggregated Table View at the top right to get details on the action
  7. Click the Row that displays Exit Code and Count to expand results
  8. Note the Output column, now showing DefaultStaggerRangeSeconds=30
  9. Click on Raw Table View at the top right to get details on the action, this lists the machines that have responded, similar to that of the Aggregated Table View
  10. Note the Output column, now showing DefaultStaggerRangeSeconds=30
  11. Once 1ETRNW71 returns a result, navigate to c:\program files\1E\Client and edit 1E.Client.conf with Notepad
  12. Review the settings. Note that DefaultStaggerRangeSeconds is now set to 30, per the action which we initiated
  13. Once all machines have responded click Stop, and navigate to the Home node in the Explorer application and in the I want to know box type in What are the 1E Client settings
  14. Click Ask this question button
  15. Note that the Default Stagger Range Seconds now shows 30 for all the clients
  16. Did you notice the speed of the results returning compared to the first time you asked this question? This is because we changed the stagger setting from 300 to 30, thus causing the clients to download the script a lot quicker, thus returning the results a lot quicker.
  17. Click Stop once all the agents have reported in. Click Keep on the dialog box to keep the responses
  18. Review the config file on other machines if you wish to manually confirm the setting change

1ETRNAP

  1. Open SQL Management Studio and navigate to Databases>TachyonResponses>Tables. Refresh to see all the tables
  2. Note there are multiple Response tables suffixed by a number. Right-click on the table with the largest number and select Select Top 1000 Rows
  3. Note the results from the last question asked are present here
  4. Right click on the Error table with the corresponding number. If there are any failures to execute the instruction, information on that failure would reside in this table

Working with Processes

Quite often, for security reasons or otherwise, there might be certain processes running on machines in your environment which you do not want to run. In this exercise, we will query for processes, and based on what is returned, kill a process.

1ETRNW71

  1. Navigate to the Home node in the Explorer Application
  2. Click on All Instructions at the top right of the page and expand Processes
  3. Click on What Processes are Running?
  4. Leave the Parameters default, click Ask this question
  5. On the Responses page, once results are presented, scroll down as far as you wish, reviewing the different columns returned from the question
  6. Click on any row to expand the results showing which machines have the process running. Click Close to return to the entire list
  7. Return to the Home node, and type Process into the I want to know box, and select What Processes are Running?
  8. Click Edit in the Parameters window
  9. In the Parameters section on the right, expand Coverage and expand Device
  10. Leave the condition to contains, and type in 1ETRNW73. Click Set
  11. Click on Ask the question to execute the question
  12. Once the results are returned, click on the Summary tab. Validate that Approximate target and Responses count both show 1, and Responses > Successes shows a count of 1
  13. Return to the Content tab. Note the only machine returning processes information is 1ETRNW73
  14. Click on the Filter results button, and type calc.exe into the Executable box. Click Search
  15. Note the results are now filtered onto the single process. This indicates that calc.exe process is running on 1ETRNW73
  16. Click on Follow-up action in the filter space
  17. In the question box, type in Kill
  18. Click on Kill Process(es) with image name matching <exename>
  19. In the input box for enter process name, type in calc.exe
  20. Note the Approximate target value in the Parameters window. Since we are doing a follow up action, only the initial coverage will be impacted by this action. Any other clients running calc.exe will not be impacted by this action
  21. Click Perform this action
  22. Input Passw0rd for the password and click Confirm and Send
  23. Open LiveMail. Click Send/Receive to ensure the authentication email is in the inbox
  24. Open the email with title Instruction X requires authentication with the appropriate time stamp and type the authentication code into the Tachyon console where requested

1ETRNW73

  1. Log onto 1ETRNW73 with 1ETRN\Tachyon_adminG if not already logged in
  2. Confirm that Calculator is running and present in the task bar
  3. Launch the Explorer application if not already open in Chrome, and note that a notification is available for the pending request
  4. Click on the Notifications
  5. On the Request for action approval page, review the details of the request
  6. Expand the 1 setting and 1 device details and validate the filters we set when asking the original question
  7. Check the I understand the impact of this action and approve this request box. Click Approve
  8. Wait a few seconds. Note that the Calculator application disappears from the Taskbar
  9. Navigate to c:\programdata\1E\Client and double-click 1E.Client.log
  10. At the bottom of the log, note that the agent is running an instruction which kills the calc.exe process

Your log will look similar to this one.


1ETRNW71

  1. Return to 1ETRNW71
  2. Note the console is on the Content page
  3. Note the results show a count of 1 for Killed and 0 for Failed
  4. Click on the Summary tab to validate the coverage of the action as well as the success
  5. Note Approximate target, Sent count and Responses count are all 1, and the Responses Success count is 1
  6. Click Stop for the Kill Process(es) calc.exe action. Click Ok
  7. The duration of this action was set to 60 minutes by default, so it will continue for 60 minutes if not stopped. This is to account for machines which might not be online at the start of a question or an action but come online before the duration expires. You may find in your environment different questions and actions dictate different durations.
  8. Ask the processes question again and validate that calc.exe is no longer running
  9. You may repeat the process of killing a process, using the Process ID instead of the executable name if you wish

Working with Services

In an enterprise, having real time knowledge of Services on client machines is very valuable information. Often, you might want to stop or disable a service. Other times, you might want to start or enable a service. In this exercise, we will work with Services, both querying and taking actions.

1ETRNW71

  1. Navigate to Home in the Explorer Application
  2. Click on All Instructions
  3. Expand the Services Instruction Set, and review the questions available
  4. Click on What services are running?
  5. Leave the parameters default. Click Ask this question
  6. Review the results, scrolling down to see all services listed
  7. You must scroll quite a while to see all the services. We will filter the results to drill down onto a specific service on a single machine
  8. Click the Back to top button to return to the top
  9. Expand Filter Results. In the Name box, input RemoteRegistry. Click Search
  10. Note the service is stopped on all machines but 1ETRNCM
  11. Return to the home page, and in the search box, type in Services
  12. Click on Which Windows services are disabled?
  13. Click Ask this question
  14. On the Contents page, change view from graph to table view at the top right
  15. Click on the Filter results button, and in the caption type in Remote. Click Search
  16. Click on Remote Registry to expand the results. Note the machines on which the service is disabled
  17. The service is disabled on the Windows 10 machines in our environment. Though it is stopped on all machines except 1ETRNCM, it is not disabled on all the machines, except for the Windows 10 machines.
  18. Click the Follow-up Action tab, and in the search box, type Service
  19. Select Set service <servicename> startup type to <startuptype> and state to <state>
  20. In the Set service box, input RemoteRegistry. Set Startup type to Manual. Set state to Start
  21. Note the Approximate target number
  22. Even though it shows 7 as the approximate target the instruction will only run on the 2 that were returned by the filter. We have 3 types of filters in Tachyon Coverage Filter is applied before the question is asked and limits the devices that get the question or the action. Question Filters use the attributes of the responses and are applied after a question is asked – it limits the number of devices that will respond. View Filters use the attributes of the responses and are applied after a question is asked and after the responses have returned but limit what is displayed.
  23. Return to the home page
  24. Type Services into the search box, and select Which Windows services are disabled?
  25. Click Edit in the Parameters space
  26. Expand Coverage
  27. Click on Management Group, click in the search box to display our list of Management Groups, select All Win 10 Lab Workstations. Click Set
  28. We could also use our Device attributes to set our coverage based on Name of Device.
    Note the Approximate target has changed to 2 connected devices. We have 2 machines in our environment that are members of our Management Group.
  29. Click Ask this question. Review the results in the Aggregated table view
  30. Click the Actions tab, and in the search box, type Service
  31. Select Set service <servicename> startup type to <startuptype> and state to <state>
  32. In the Set service box, input RemoteRegistry. Set Startup type to Manual. Set state to Start. Click Perform this action
  33. Note the Approximate target is now limited to 2 devices, which is the coverage of the original question
  34. Input Passw0rd for the password
  35. Launch LiveMail. Click Send/Receive to get the latest email in the inbox
  36. Retrieve the authentication code from the email and input it into the Explorer Application. Click Submit

1ETRNW101

  1. Log into 1ETRNW101 as 1ETRN\User
  2. Double-click the Services applet on the desktop
  3. Scroll down to Remote Registry and validate that it is not running and set to disabled

1ETRNW73

  1. Still logged into the Explorer application as 1ETRN\Tachyon_adminG click on the notifications node
  2. If already on the Notifications page, refresh the page
  3. Click on the pending request. Review the details of the action, and note that it is now only going to 2 machines
  4. Check the I understand the impact of this action and approve this request box. Click Approve

1ETRNW101

  1. Click the refresh button in the Services applet to refresh the view. Note that the Remote Registry service the startup type is changed from Disabled to Manual
  2. Review the 1E.Client.log. Note the reference to remoteregistry at the bottom of the log, along with a successful status for the corresponding InstructionId

1ETRNW71

  1. Return to the Explorer Application. It should be on the Content page
  2. Note that the Action column shows Manual + Start for both machines in scope
  3. Click on the Summary tab and note that the Target, Sent, Responses, and Success counts are all 2

Working with the Registry

1ETRNW71

  1. Navigate to the Home node in the Explorer Application
  2. Type Registry into the I want to know box and select What are all the values under the registry key <hive> <subkey>?
  3. In the subkey box, type in software\1E\Client\Persist
  4. The value must be inputted exactly as shown above. If the value doesn't match what is on the clients, no results will be returned
  5. Click Ask this question
  6. From the start menu in windows, type in regedit in the search window and launch regedit
  7. Navigate to HKLM\software\1E\Client\Persist
  8. Review the different values present under this key. Leave regedit running
  9. Return to the Explorer Application. Note that we are on the Responses page
  10. Click the Filter Results tab, and input 1ETRNW71 into the Device name box. Click Search
  11. Confirm the results seen here match what is shown in the registry, clear the search filter
  12. Click on the Actions tab, and input registry into the search box, and click on Set registry entry <hive> <subkey> <name> to <valuetype> <value>
  13. In the subkey box, input software\1E\Client
  14. In the name box, input Test
  15. Change the type to REG_SZ
  16. In the value box, input Test
  17. Click Perform this action
  18. Follow the two factor authentication process by providing the password and then inputting the authentication code provided in the resultant email, as done in previous tasks

1ETRNW73

  1. From the start menu in windows, type regedit in the search window and launch regedit
  2. Navigate to HKLM\software\1E\Client. Note that a default and the InstallationDirectory values exist
  3. Approve the action in the Tachyon exchange console
  4. Review the details of the action. Note that is it going to all 7 devices
  5. In the registry, return to HKLM\Software\1E\Client. Click F5 to refresh the view
  6. Note that a REG_SZ value named Test is created, with the data set to Test
  7. The change is almost immediate. This is because we do not need a script to make this change, rather we are using the native language. This allows Tachyon to immediately execute the action we deployed via Tachyon. In a later lab, we will talk about native language vs. scripts.

1ETRNW71

  1. Return to the Explorer Application. Note that it is now on the Content page, and the status shows a count of 7
  2. Switch to the Aggregated table view. Click on the aggregated row with the count to see the list of machines this action was applied to
  3. Click on the Summary tab to validate that the action was successful on all 7 machines
  4. Return to regedit. Navigate to HKLM\software\1E\Client. Confirm the Test value we set has been created via the Tachyon action
  5. You will likely need to refresh the view to see the new value

Working with Device Tags

Device Tags allow you to add custom labels to devices for use by Tachyon. We have two types of Tags – Coverage and Freeform. Coverage Tags can be used for targeting instructions and are configured by a Tachyon Admin, devices can then be set using an instruction. Freeform Tags can be used to label the devices in your organization but are only set using instructions and cannot be used for coverage. In this exercise we will create the device tag that we will use for our Phased Deployments. We will have values for the devices that are used for Testing (TestGroup), Pilot (PilotGroup), Group1 and Group2 will show the example of Day 1 deployments and Day 2 deployments. We will set our 2 Windows 10 machines as a Pilot group in our lab using Tags. We will then ask a question using the Tag as our coverage parameter.

Creating the Pilot Group Tag

Planning the coverage tags for the entire environment should be done thoughtfully. Each device has a list of the tags that have been set on the 1E Client. The list includes Name=Value plus a delimiter. The entire list for each Agent cannot be over 512 characters.

1ETRNW102

  1. Logged into 1ETRNW102 as 1ETRN\Tachyon_AdminPP
  2. Open Google Chrome and switch to the Settings application
  3. Navigate to Configuration – Custom Properties
  4. Click Add. In the Add Custom Property box type PhasedRollout in the Name field
  5. Tag names can only be a maximum of 16 characters any tags exceeding the length limit will not be reported back and those devices will not be included in the coverage.
  6. In the Property Type box select CoverageTag
  7. In the Values box type in the following values
  8. TestGroup
    PilotGroup
    Group1
    Group2
  9. You will need to click the + sign after adding the first value to add the additional fields
  10. Click Add

Setting a Tag on Devices

We use instructions to tell the 1E Client which tags to add to each device. We have two types of Tags in Tachyon. Coverage Tags and FreeForm Tags. FreeForm tags have less stringent limitations for length but cannot be used to define coverage (you would ask a question to get a list of devices that have that freeform tag). Tag data is stored in the Tachyon Master Database for each device. The entire list of Coverage Tags on each device must not exceed 512 characters.

1ETRNW71

  1. Switch to the Explorer Application. Navigate to Home
  2. Click on All Instructions and Expand the Tags Instruction Set
  3. Select What are the coverage tags. Leave the parameters as they are
  4. Click Ask This Question
  5. When the results come back notice we have 0 tags on our devices. You may need to switch to Aggregated table view
  6. Notice the || in our results. These are the delimiters that will be used for the list of tags on each device. You must factor in these characters when planning for your coverage tags
  7. Stop the Instruction
  8. Ask the question again but this time change the coverage to All Win10 Lab Workstations Management Group. Click on Ask This Question
  9. Click on Actions from the Question we just asked
  10. Click All Actions
  11. Expand the Tags Instruction Set. Notice the Actions we have available in this instruction set
  12. We use these instructions to set tags and delete tags for the devices in our environment.


  13. Select the Set coverage tag <tagname> to <tagvalue> action
  14. Click in the first parameter field – notice our only choice is PhasedRollout. We have only created one tag in our Settings Application – Custom Properties but with multiple values. Select PhasedRollOut and PilotGroup
  15. Click Perform this Action. You will have to enter your password
  16. Open LiveMail and enter your Authentication Code

1ETRNW73

  1. In Google Chrome – Explorer Application
  2. Navigate to Notifications and Approve the Instruction number from above

1ETRNW71

  1. In the Explorer Application ask the question What are the coverage tags?
  2. Notice we have 2 devices set as our PhasedRollout - PilotGroup

1ETRNW102

  1. Open File Explorer and Navigate to c:\ProgramData\1E\Client
  2. Open the 1E.Client.log and look for the instruction number from the approval that you did
  3. You will see the action of running the instruction logged and also that the Tags have changed

Your log will look similar to this.

Asking a Question Using our Coverage Tag

Now that we have our devices tagged, we will ask another question. We will use the Device Tag for our coverage.

1ETRNW71

  1. Navigate to the Home screen of the Explorer Application
  2. In the I want to know field type in Operating and choose What Operating System Information Does Windows SystemInfo Report?
  3. Next to Parameters click Edit
  4. Expand Coverage – Tags
  5. In the Select Key field choose PhasedRollout
  6. In the Select Value field choose PilotGroup Click Set
  7. Click Ask this Question 
  8. Notice that we only have responses from our 2 Windows 10 Devices

Working with Quarantine

In the event of a security breach, Tachyon can quarantine devices. This will cut off the device from all network traffic except for the Tachyon Switch. This can contain an outbreak while the device is remediated. In this exercise, we will target a specific system and quarantine it. We with then remove it from quarantine.

It is recommended that due to the powerful nature of the 3 quarantine instructions you permission them thoughtfully in Tachyon.

Checking Quarantine State

1ETRNW102

  1. Logged into 1ETRNW102 as 1ETRN\Tachyon_AdminPP
  2. Open Google Chrome and Navigate to the Explorer Application
  3. From the Home screen click All Instructions
  4. Expand Quarantine
  5. Click Are my devices quarantined?
  6. Read the warning here – this is a very powerful feature and can take all your devices off the network if the coverage is not correct.
  7. Click Ask this question
  8. This is a simple query to see if the devices are actually quarantined. As you can see none of our devices are in quarantine

Quarantine a Device

In this task we are going to quarantine 1ETRNW72

1ETRNW71

  1. Navigate to Explorer application – Home screen
  2. In the I want to know field type in Quarantine
  3. Click on Quarantine Selected Devices. Click Edit on parameters
  4. It is possible to quarantine the Tachyon server so be extremely careful with your coverage.
  5. Click coverage
  6. Expand Device. Choose in the first field and type in 1ETRNW72.1ETRN.local in the second field
  7. Use the FQDN here to ensure you don't quarantine the wrong machine.
  8. Click Set
  9. Click Perform this Action
  10. Type in your Password
  11. Open LiveMail and enter your authentication code

1ETRNW73

  1. Open LiveMail and Launch the Notification Page or refresh Chrome and navigate to Notifications
  2. Approve the Request

Checking the Quarantined Device

1ETRNW71

  1. In the Explorer application check the results from the instruction
  2. Notice there is now 1 device quarantined
  3. Click on Quarantined in Status and see the device name
  4. Launch a Command Prompt and type in ping 1etrnw72. Your request will time out without a response

1ETRNW72

  1. Launch a command prompt and ping 1ETRNDC
  2. Ping 1ETRNCM
  3. These should both time out without a response. Once placed in quarantine a device can only be accessed from the Tachyon server.
  4. Ping Tachyon (our alias for 1ETRNAP)
  5. This should ping as normal – all remediation efforts will have to originate from the Tachyon server for this device that is quarantined. This will greatly stop the propagation of any malware that gets introduced into your environment.
  6. Launch a new browser window and navigate to Google.com
  7. Notice that our device cannot get to other devices or the internet

Removing a Device from Quarantine

Now we will issue the instruction that will remove the device from quarantine. The device can only communicate with the Tachyon Switch at this time.

1ETRNW71

  1. Still logged in as 1ETRN\Tachyon_Admin1
  2. Open Google Chrome – the Explorer Application should still be open
  3. Navigate to Home and in the I want to know field type in Quaran and Select Releases Selected devices from Quarantine
  4. Click Edit on the Parameters
  5. Expand Coverage – Expand Device
  6. In the contains field select =
  7. In the next field type in 1ETRNW72.1ETRN.Local click Set
  8. Type in the entire FQDN or the instruction will fail
  9. Click Perform this action
  10. Type in Passw0rd and click Confirm and Send
  11. Open LiveMail and copy the authentication code for Instruction X
  12. Paste the code into the Authentication Code box. Click Submit

1ETRNW73

  1. Still logged in as 1ETRN\Tachyon_AdminG
  2. Open Chrome and refresh the page
  3. In the Explorer Application navigate to Notifications
  4. Approve Instruction X from above

1ETRNW71

  1. In the Explorer Application – Navigate to Instructions – History
  2. Select our Releases selected devices from quarantine
  3. Wait for this one to complete
  4. Move back to Instructions – History. Select Are my devices quarantined?
  5. Rerun this instruction
  6. Wait for it to complete and see that all 7 devices are now NotQuarantined
  7. Open a command prompt and Ping 1ETRNW72. Device should respond

1ETRNW72

  1. Ping any of the other devices in the lab
  2. All the devices should now respond to the ping request
  3. Browse to the Internet
  4. The device should be able to get to the internet
  5. The ability to quarantine devices is critical to be able to combat a security emergency. This functionality is also dangerous as the devices are only able to communicate with the Tachyon server to enable the ability to remediate the issue and the remove the quarantine. It is possible to quarantine the Tachyon Server, and this would prevent you from removing the quarantine.

Device Criticality

Within Tachyon we can classify our devices into degrees of importance or how critical the device is to an organization. We can then base our coverage of instructions on this for use in targeting. For example, if we set our domain controllers to Critical we could send an instruction and target all devices except for the Critical ones. We can also view our Guaranteed State results based on Criticality. We will look at that data in the Guaranteed State exercises

First Look at Criticality

In this task we are going to set our Lab Servers to Critical, our Windows 10 devices to High, and our Windows 7 Devices to Medium. We use instructions to set this on the device.

1ETRNW71

  1. Still logged in as 1ETRN\Tachyon_Admin1
  2. Navigate to the Home screen of the Explorer Application
  3. In the I want to know field type in Critical. Select What is the criticality of my devices?
  4. Click Ask this Question
  5. Click Stop once all 7 devices have returned results
  6. Notice that all our devices are listed as Undefined. This is how a device shows until a criticality has been set.

Setting Criticality

1ETRNW71

  1. Navigate back to Home. Type Critical in the I want to know field
  2. Select Set the criticality of my devices. Click Please choose in the list select Critical
  3. Click Edit in the parameters row
  4. Expand Coverage – Expand Management Group – Choose Lab Servers. Click Set
  5. Type in Passw0rd and click Confirm and Send
  6. Open LiveMail and copy the Authentication Code
  7. Paste it into the Authentication Code box for Instruction XX. Click Submit

1ETRNW73

  1. In the Explorer Application navigate to Notifications
  2. You may need to refresh to see Instruction XX from above
  3. Type something in the comment box
  4. Check I understand the impact. Click Approve

1ETRNW71

  1. Wait for all devices to respond
  2. Repeat the Steps above to set the following:
  3. Windows 10 = High
    Windows 7 = Medium

Viewing Criticality

1ETRNW71

  1. In the Explorer Application – Home – I want to know
  2. Type in Critical and select What is the criticality of my devices?
  3. Click Ask this question
  4. Drill into each Criticality to see the devices that are assigned to each one

1ETRNAP

  1. Still logged into 1ETRNAP as 1ETRN\AppInstaller
  2. From the Start Menu launch SQL Management Studio
  3. Connect to the Database Engine
  4. Expand Databases
  5. Expand TachyonMaster
  6. Expand Tables
  7. Right Click dbo.GlobalSetting and choose Select Top 1000 Rows
  8. In the Name column look at the CriticalityMapping values
  9. Right Click on dbo.Device and choose Select Top 1000 Rows
  10. Scroll over to the Criticality Column to view the settings
  11. We will revisit Device Criticality in Guaranteed State

Device Locations

Setting Location


1ETRNAP
  1. Return to the Settings Application and navigate to Instructions – Instruction Sets. In the Instruction set pane, click the Unassigned Instruction Set
  2. Type in Location in the Name field.
  3. From what you have already learned create an instruction set containing the instructions related to Location

1ETRNW71
  1. Return to Explorer - Home, and in the I want to know type Location
  2. Select Get the location of my devices, and click Ask this question
  3. When the results return observe that the location is not currently set
  4. Return to Explorer - Home, and in the I want to know type Location
  5. Select Set the location of my devices to instruction
  6. Set the Locations of Each management group to: (remember to follow the approval flow)

  7. Lab Servers - London

    All Win 7 Devices - New York
    All Win 10 Devices - Tokyo
  8. Once all are set rerun the Get the location of my devices question
  9. When the results return observe that the location is correctly set

Using the Tachyon Exchange

In this exercise we will download some product packs from the Tachyon Exchange directly from the Explorer Application and import those product packs into Tachyon.

Download the Product Packs

1ETRNAP

  1. Still logged into 1ETRNAP as 1ETRN\AppInstaller
  2. Launch the Settings Application
  3. Navigate to Instructions – Instruction Sets
  4. Click on Tachyon Exchange in the upper right
  5. Scroll down and look at the product packs that are available to download
  6. The Tachyon Exchange is a collection of both community written and 1E authored product packs. All have been verified by 1E and signed with the 1E Code Signing Certificate.
  7. Explore the Tachyon Exchange to see the offerings available. When you are finished download any product pack of your choice
  8. Click on Download Product Packs
  9. In the Checkout page click Free Download
  10. On the Purchase Confirmation page click on the link below IT Management. Once the download completes Save the .zip to c:\temp
  11. Download 2 additional product packs that interest you. Save them to c:\temp
  12. Upload into Tachyon and move them into an Instruction Set

Lab Summary

In this lab, we worked with Tachyon in a variety of different ways. We added different Product Packs to Tachyon which provided us with specific functionality defined within those Product Packs. We organized the individual instructions from the Product Packs into Instruction Sets. We then asked questions and executed actions using the different instructions. We learned how to create and deploy device tags and use them for Coverage for our Instructions. We learned how to use Quarantine to help us remediate security issues and prevent further spread. We learned how to set and view Device Criticality. We then learned how to download product packs from the Tachyon Exchange and import them into Tachyon for use

Next Page
Ex 6 - Tachyon v5.1 - Install and Configure - Microsoft Configuration Manager Integration