Summary

A step-by-step guide to configuring prerequisites required for the Tachyon Configuration Manager console extensions, before Installing the Tachyon toolkit.

Requirements

Supported Platforms

Supported versions of client OS and Configuration Manager that are supported by the Tachyon Configuration Manager extensions are:

  • Windows Server 2019
  • Windows Server 2016
  • Windows 10 CB 21H1
  • Windows 10 CB 20H2
  • Windows 10 CB 2004
  • Windows 10 CB 1909
  • Windows 10 CB 1903
  • Windows 10 CB 1809
  • Windows 10 CB 1803

  • SCCM CB 2103
  • SCCM CB 2010
  • SCCM CB 2006
  • SCCM CB 2002
  • SCCM CB 1910
  • SCCM CB 1906
  • SCCM CB 1902

Tachyon user accounts

To prepare Tachyon for using the Configuration Manager console Extensions, you will need a Tachyon user account that has at least the following administrator rights:

  • Consumer Administrators role
  • Instruction set Administrators role
  • Permission Administrators role

To use the Tachyon Configuration Manager console Extensions, you must have a Tachyon user account and Configuration Manager administrative user account. Guidance for this is given below in User roles.


On this page:

User roles

The two systems, Configuration Manager and Tachyon both use RBAC to define the capabilities for their corresponding users. To enable Tachyon instructions to be run from Configuration Manager the Configuration Manager console users must also have a presence defined in Tachyon. This presence can take many forms, for example you could define a user in Tachyon from an AD group and then add all your Configuration Manager users to that group - and manage the Tachyon roles for the users as a group, or you could define individual users in Tachyon for each Configuration Manager user - and manage the Tachyon roles on a per-user basis. You will likely have determined roles for your Configuration Manager users based on their function within the organization, the following heading provides a rough guide to matching Tachyon and Configuration Manager roles.

A rough comparison of the Tachyon User Roles and Configuration Manager Roles

The Configuration Manager console may be installed and used by any user that is configured as an Administrative User. There are a number of Security Roles that may be given to the user and not all of these roles are permitted to use Configuration Manager to make changes that affect the network. When configuring the corresponding Tachyon user you should take this into account when assigning the Tachyon Roles. For example, it would be unusual for a user with just the Read-only Analyst role in Configuration Manager to be granted the global Actioner role in Tachyon and therefore be able to perform Tachyon actions on all the devices in a particular collection but not be able to use Configuration Manager to perform any other tasks. There is no one-to-one mapping of the Tachyon and Configuration Manager roles, but the following table provides some rough comparisons between the two:

Tachyon RoleConfiguration Manager Role
ViewerRead-only Analyst
QuestionerRead-only Analyst
Actioner

Examples of equivalent Configuration Manager roles could be:

  • Application Deployment Administrator
  • Remote Tools Operator
  • Software Update Manager
ApproverAny Configuration Manager Security Role that would be appropriate for the Approver to approve actions run from Configuration Manager

Setting up Tachyon for Configuration Manager integration

The following instructions show how to configure the integration between Configuration Manager and Tachyon after the Configuration Manager extensions have been installed.

The animation opposite shows an end-to-end example of configuring Tachyon to support the Configuration Manager extensions. This example generally uses the following steps. We'll highlight in the steps where optional decisions have been taken in the example.

1. Add the Configuration Manager console extensions consumers to Tachyon

To run any of the Client Actions using Tachyon menu items, other than the Instruction Runner, you will need to add (register) the CmConsoleExtensions consumer to Tachyon using the Tachyon Explorer Administration Consumers page. The steps to do this are:

  1. Logon to the Tachyon Portal using a Tachyon user account with the Consumer Administrators role.
  2. Navigate to the Settings→Instructions→ Consumers page

  3. Click the Add button to create a new consumer
  4. The new consumer should be configured with the default values, except for the following:

    ParameterValue
    NameCmConsoleExtensions
    Maximum simultaneous instructions10
    EnabledCheck this checkbox
  5. Click the Add button to save the new consumer

To run the Instruction Runner, you will need to add the RunInstructionUI consumer to Tachyon using the Tachyon Explorer Administration Consumers page. The steps to do this are:

  1. Log on to the Tachyon Explorer as an administrator with the Consumer Administrators role

  2. Navigate to the Administration Consumers page
  3. Click the Add+ button to create a new consumer
  4. The new consumer should be configured with the default values, except for the following:

    ParameterValue
    NameRunInstructionUI
    Maximum simultaneous instructions250
    EnabledCheck this checkbox
  5. Click the Add button to save the new consumer

2. Upload the Configuration Manager console extensions product pack to Tachyon and create an instruction set

First upload the instructions:

  1. Logon to the Tachyon Portal using a Tachyon user account with the Permissions Administrators and Instructions Administrators roles.
  2. Open the Settings application.
  3. Navigate to the Settings→Instructions→Instruction sets page.
  4. Click on the Upload button.
  5. In the Open dialog navigate to the location of the 1E-ConfigMgrConsoleExtensions.zip file.
  6. Select 1E-ConfigMgrConsoleExtensions.zip and click Open.

All the instructions contained in the zip file will initially be added to the default Unassigned instruction set. Instructions in the Unassigned instruction set cannot be used, so first you will need to create a new instruction set with the verification instructions.

  1. Select the 16 instructions you want to add to the new set, by clicking the checkbox at the start of each instruction row in the list.
  2. Click the Add new set button in the button panel to the right of the page.
  3. In the Add new instruction set popup subsequently displayed, and type:
    1. 1E ConfigMgrConsoleExtensions as the name.
    2. Configuration Manager console extensions as the description.
  4. Ensure that the Include 16 selected instructions checkbox is checked.
  5. Click the Add button to add the new instruction set, with the selected instructions.

3. Enable Configuration Manager console user access to Tachyon

You will need to ensure that the account you will be using to run the Configuration Manager console is also represented in Tachyon with appropriate permissions.

The roles and permissions are described in the following table.

Role/PermissionDescription
ViewerThis permission is required for any instruction set you want listed in the Instruction Runner. The Viewer permission is automatically included as part of the Questioner and Actioner permissions.
QuestionerThis permission is required for any instruction set you want the Configuration Manager/Tachyon user to ask questions on using the Instruction Runner. The Questioner permission is automatically included as part of the Actioner permission.
Actioner

This permission is required for any instruction set you want the Configuration Manager/Tachyon user to run actions on using the Instruction Runner.

If you are not using the Instruction Runner and want to run any of the other options directly accessible from the Client Actions using Tachyon sub-menu you will need to set the Actioner permission on the Microsoft Configuration Manager instruction set for the Configuration Manager/Tachyon user.

In our example we use the following steps to define the user access for a specific Configuration Manager console user, called CMUser01, to the 1E ConfigMgrConsoleExtensions instruction set created earlier. This involves creating a custom role for that Instruction set and then assigning the custom role to the user. You would normally use a domain security group for all of your Configuration Manager console users, but here we are using a single user CMUser01.

To create a custom role:

  1. Navigate to the Settings→Permissions→Roles page.
  2. Click the Add button to start the add role process.
  3. In the Add role popup subsequently displayed set the name as 1E ConfigMgrConsoleExtensions and click the Add button.
  4. The new role will be added to the Roles table. Locate its entry and click on the link in the Name column for that row.
  5. Select the Permissions tab and click the Add button.
    1. In the Add permssion popup subsequently displayed scroll down the Type list and select Instruction set.
    2. Scroll down the Name list and select the 1E ConfigMgrConsoleExtensions  instruction set.
    3. Select the Actioner and Questioner checkboxes from the list of permissions.
    4. Click the Add button.
  6. Select the Members tab and click the Add button.
    1. In the Add role member popup subsequently search for the user, in our example this is CMUser01.
    2. Click the Add button.

1E ConfigMgrConsoleExtensions product pack


Classic Product Pack used to create the 1E ConfigMgrConsoleExtensions instruction set required by the Tachyon Configuration Manager Console extensions feature. This feature and its related Product Pack is included in the Tachyon Platform license. 

For more details, please refer to:

Instruction text (ReadablePayload)TypeDescriptionInstruction file nameVersion

What is the health of the SCCM clients (checking inventory has run and policy has been evaluated in the last <numdays> days)?

QuestionEvaluates the ConfigMgr Client health on the device over the last <numdays> days. The health will be reported as 'Poor' if it has not updated any one of the three time critical items. If all updated then they are considered 'Average' if two thirds of all the checks are ok, and 'Good' if everything is within expected parameters. This instruction makes use of a PowerShell script and will only work on Windows devices.
1E-ConfigMgrConsoleExtensions-ClientHealth
17

What components are installed on the SCCM clients?

QuestionReturns all the SCCM client components installed on the device. This instruction makes use of a PowerShell script and will only work on Windows devices.
1E-ConfigMgrConsoleExtensions-InstalledComponents
17

What Management Points are the SCCM clients using?

QuestionReturns the ConfigMgr management points configured on the device. This instruction makes use of a PowerShell script and will only work on Windows devices.
1E-ConfigMgrConsoleExtensions-ManagementPoint
17

Enable and start the ConfigMgr client service (CcmExec) with a stagger of <limitSecs> seconds.

QuestionEnables and starts the ConfigMgr client service (CcmExec). The service start will be delayed by a number of seconds up to the specified stagger value.
1E-ConfigMgrConsoleExtensions-StartConfigMgrClientService
14

Emergency stop and disabling of the ConfigMgr client service (CcmExec).

QuestionStops and disables the ConfigMgr client service (CcmExec).
1E-ConfigMgrConsoleExtensions-StopConfigMgrClientService
14

Trigger ConfigMgr client application deployment evaluation cycle with a stagger of <limitSecs> seconds.

ActionTriggers the application deployment evaluation cycle. This trigger will be delayed by a number of seconds up to the specified stagger value.
1E-ConfigMgrConsoleExtensions-TriggerApplicationDeploymentEvaluationCycle
14

Trigger ConfigMgr client health check and remediation with a stagger of <limitSecs> seconds.

ActionTrigger a client health check and remediation. This trigger will be delayed by a number of seconds up to the specified stagger value.
1E-ConfigMgrConsoleExtensions-TriggerClientHealthCheck
15

Trigger ConfigMgr client discovery data collection cycle with a stagger of <limitSecs> seconds.

ActionTrigger the discovery data collection cycle. This trigger will be delayed by a number of seconds up to the specified stagger value.
1E-ConfigMgrConsoleExtensions-TriggerDiscoveryDataCollectionCycle
14

Trigger a ConfigMgr client file collection cycle with a stagger of <limitSecs> seconds.

ActionTrigger a file collection cycle. This trigger will be delayed by a number of seconds up to the specified stagger value.
1E-ConfigMgrConsoleExtensions-TriggerFileCollectionCycle
14

Trigger a ConfigMgr client hardware inventory cycle with a stagger of <limitSecs> seconds.

ActionTrigger a hardware inventory cycle. This trigger will be delayed by a number of seconds up to the specified stagger value.
1E-ConfigMgrConsoleExtensions-TriggerHardwareInventoryCycle
14

Trigger a ConfigMgr client machine policy retrieval and evaluation cycle with a stagger of <limitSecs> seconds.

ActionTrigger a machine policy retrieval and evaluation cycle. This trigger will be delayed by a number of seconds up to the specified stagger value.
1E-ConfigMgrConsoleExtensions-TriggerMachinePolicyRetrievalAndEvaluationCycle
14

Trigger a ConfigMgr client software inventory cycle with a stagger of <limitSecs> seconds.

ActionTriggers the software inventory cycle. This trigger will be delayed by a number of seconds up to the specified stagger value.
1E-ConfigMgrConsoleExtensions-TriggerSoftwareInventoryCycle
14

Trigger a ConfigMgr client software metering usage report cycle with a stagger of <limitSecs> seconds.

ActionTrigger a software metering usage report cycle. This trigger will be delayed by a number of seconds up to the specified stagger value
1E-ConfigMgrConsoleExtensions-TriggerSoftwareMeteringUsageReportCycle
14

Trigger a ConfigMgr client software update deployment evaluation cycle with a stagger of <limitSecs> seconds.

ActionTriggers a software update deployment evaluation cycle. This trigger will be delayed by a number of seconds up to the specified stagger value.
1E-ConfigMgrConsoleExtensions-TriggerSoftwareUpdatesDeploymentEvaluationCycle
14

Trigger a ConfigMgr client software update scan cycle with a stagger of <limitSecs> seconds.

ActionTriggers a software update scan cycle. This trigger will be delayed by a number of seconds up to the specified stagger value.
1E-ConfigMgrConsoleExtensions-TriggerSoftwareUpdatesScanCycle
14

Triggers a ConfigMgr client Windows installer source list update cycle with a stagger of <limitSecs> seconds.

ActionTriggers a Windows installer source list update cycle. This trigger will be delayed by a number of seconds up to the specified stagger value.
1E-ConfigMgrConsoleExtensions-TriggerWindowsInstallerSourceListUpdateCycle
14