Introducing Tachyon Platform
Implementing Tachyon Platform
Using consumer applications
Tachyon v5.2 - Install and Configure - Lab Guide
Tachyon v5.2 - AppClarity Training
Tachyon v5.2 - Application Migration Training
Tachyon v5.2 - Using - Using Experience - Lab Guide
Tachyon v5.2 - Using - Using Explorer - Lab Guide
Tachyon v5.2 - Using - Using Guaranteed State - Lab Guide
Tachyon v5.2 - Using - Using Inventory - Lab Guide
Tachyon v5.2 - Using - Using Patch Success - Lab Guide
Tachyon v5.2 - Using - Using TIMS - Lab Guide
Tachyon Advanced v5.2 Lab Guide
- Tachyon v5.2 - Using - Application Programming Interface Lab Guide
Tachyon - Nomad as Content Provider Lab Guide
- Tachyon v5.2 - Install and Configure - Lab Guide
Creating a Consumer Using Powershell
In this exercise we are going to use Powershell to create a widget that will do one thing in Tachyon - Quarantine a specific device. We will name our consumer QWidget. This could be used in an emergency situation to perform a quarantine of a specific device. This could especially be useful when an administrator leaves an organization and still retains the company laptop. The former employee's user account can be disabled but what happens if that employee has knowledge of service account passwords? This is the scenario that QWidget will be used for, that device can be quarantined and when the former employee returns the laptop the quarantine can be removed with Tachyon. We will write an instruction to do the quarantine action but not require the approval workflow. For security we will lock down this instruction to only be able to be run by our QWidget principal.
Create the Instruction
First we will write the instruction that QWidget will be using to perform the quarantine. The first thing we will need to do is enroll our Code Signing Certificate on the Tachyon server and the workstation we will be using. We will then need to install TIMS on the workstation we will be using (1ETRNW71). If you do not remember how to perform these steps go to the Tachyon Operator course starting at this exercise.
- Logged in as 1ETRN\Tachyon_Admin1
- Open TIMS from the shortcut on the desktop (if it is not already open)
- In the Code Block type in the following
- In the Instruction Definition pane Comments field type in QWidget Quarantine
- In the Description field type in Provides quarantine for one device for QWidget
- In the InstructionType field change to Action. Since we do not want to use the approval workflow for our instruction, we will toggle that off. Click on Workflow in the ribbon and select No user approval from the drop-down. Click Ok
- In the Name field type in 1ETRN-QWidgetQuarantine
- In the ReadablePayload field type in QWidget Quarantine
- Click on Schema. Click the + sign to add a column. Leave the Column Name, Data Type and Length to defaults. Click Ok.
- In the ribbon click Code Signing and choose always sign then select the Code Signing certificate that we imported. Click OK
- Save the file as c:\tools\1ETRN-QWidgetQuarantine.xml - click Ok on the message about not running the instruction before saving. Since we are running TIMS in user context quarantine produces an error when invoked from TIMS.
- Minimize TIMS. Open the ConfigMgr Content Source shortcut on the desktop and copy the Instruction from c:\tools to that location. We will then be able to access the file from the Tachyon Server to upload.
Upload Into Tachyon and Move to Instruction Set
We could do all of the next steps on Postman or with our powershell that we will be writing for QWidget but for ease of learning we will do these manually.
- Log into 1ETRNAP as 1ETRN\AppInstaller this is an account that is an Instruction Set Administrator
- Open the Config Mgr Content Source shortcut from the Desktop and copy 1ETRN-QWidgetQuarantine.xml to c:\temp
- Open Chrome and navigate to the Settings Application
- Upload the Instruction and move it to an Instruction Set called QWidget
Create the Consumer
- Still logged into Chrome in the Settings application navigate to Configuration - Consumers and click on Add
- In the Name field type in QWidget
- In the Maximum simultaneous instructions type in 5
- Check the Enabled box
- Click Add
Create the Account in AD
- Open Active Directory Users and Computers
- Create a user called QWidget
- Set the password to Passw0rd uncheck the box to require password change at next login and Check the box for password never expires
Create the User and Role in Tachyon
- Back in Chrome in the Settings Application navigate to Permissions - Users and add our QWidget user
- Navigate to Permissions - Roles and click on Add this will create our custom role for QWidget
- Name the role QWidget and put in a meaningful description
- Find the new QWidget role in the list and open it by clicking on the name of the role
- In the Permissions tab click Add in the far right
- Choose Add and in the Type field select Instruction Set. In the Name field select QWidget and check Actioner, Approver, Questioner, and Viewer click Add
- Click the Management Groups tab and Click Add select All Devices. Click Add
- Click on the Members tab and click Add. Select our QWidget user. Click Add.
Now we will write the Powershell script that will actually be our Consumer. We will use a Windows Form to display an input box to ask for our Device name.
- Click on Start - type in Power and select Powershell ISE when the suggestions appear to open the Powershell Integrated Scripting Environment.
- In the Powershell ISE type the following in your code block
- Under those two lines add a blank line and type in the following
- Add a blank line to the bottom of the code block and enter the following
- Click Run at the top. You should see the return in the bottom pane. It won't be very exciting yet until we add some additional code. Ensure that you have no errors.
- Under those lines add a blank line and type in the following
- Under the last line of code add a blank line and type in the following
- Click Run ensure there are no errors.
- Under the last line of code create a blank line and type in the following
- Under the last line hit enter to create a blank line and then enter the following
- Under the last line add a blank space and type in the following
- Click Run at the top and now you should be able to see our form. Type something in the text box and click OK. Notice nothing in our bottom pane.
- Add a blank line and enter the following in our code block
- Click Run. Did you get an error? That is because our closing curly brace is lower in our code. Add a closing curly brace and on the next line type in Echo $xarray then click run again.
- Type something in the box and click Ok. Note the return, our xarray variable is set to what we typed into the box
- Now we will add the rest of our code under the last line of our code block but first delete the closing curly brace and the Echo line that you added for testing.
- In Postman run your request to pull your Instruction Definition IDs and replace 216 in your code block if your QWidget Instruction Definition ID is not 216.
- Save the file as c:\sources\QWidget.ps1
Your Code Block for QWidget should look like this
In this exercise we will actually use our new Consumer - QWidget from 1ETRNW102 and Quarantine 1ETRNW101. We will perform this via the desktop shortcut. We will also run QWidget from within the Powershell ISE so that you can also see the data that is returned. Our web form does not display the return details as it is not necessary for the functionality of QWidget.
- Log into 1ETRNW101 and make sure the device can get to the internet and Ping the Config Mgr Server 1ETRNCM
- Create a Desktop Shortcut to c:\sources\qwidget.ps1
- Right click the shortcut and choose Run with Powershell when the command window opens type in Y and hit enter
- Enter 1ETRNW101.1etrn.local in the box. Click Ok
- Make sure that you cannot access the internet or the Configuration Manager Server
In the powershell ISE, with QWidget still in the code block click the run button. When QWidget opens type in 1ETRNW73.1etrn.local and click Ok
- Open the Explorer Application and ask the question Are my devices quarantined?
- You should see that 1ETRNW101 and 1ETRNW73 are quarantined
- Issue the action to take 1ETRNW101 out of quarantine
- Open Live Mail and authenticate with the code in the InBox
- Open the Explorer Application and Navigate to Notifications and approve the request to remove the device from Quarantine
- Using Powershell write a script that does all of the steps that you have just done manually (creates the consumer, creates the instruction and instruction set, creates the role and gives permissions to that instruction set.
- Create another powershell that does one item in Tachyon (a good one to think about is free form tagging). This type of widget would be handy for a service desk to use. Think about devices that have the same issue and is being reported by multiple users, to multiple analysts. When you are waiting for a vendor supplied hotfix it makes sense to free form tag the devices that will need the hotfix. You could potentially have multiple service desk analysts doing the tagging with TWidget, and then you will have a list for targeting when the hotfix is supplied.
In this exercise we learned how to use Powershell to accept some data from a user and then take action on that device in Tachyon. We could easily have taken any other action in Tachyon by using different instructions.