Exercise Overview:

Working with Instructions

Now that we have added some Product Packs using Tachyon Setup, we will add more Instructions and analyse the inner working of the Instruction, and then begin working with Tachyon. The Instructions provide different functionality in terms of questions we can ask as well as actions we can take.

Work with Instructions

Adding Instructions via Product Packs

  1. Launch the SkyTap Shared Drive shortcut on the desktop and navigate to 1E Tachyon - Course Content\1E Tachyon v5.2 - Course Content\
  2. Download and copy the Icons.zip folder to c:\temp\ right click and extract all
  3. Also download and copy the 1E Tachyon - Course Content\Tachyon v5.2 - Course Content\AdditionalProductPacks.zip to c:\temp and extract the contents
  4. Launch the Settings Application from the Tachyon Portal if not already open
  5. Click on the Instructions node and then select Instruction Sets
  6. Click on Upload  navigate to c:\temp\AdditionalProductPacks
  7. Multi-select 1E-Explorer-1ECore.zip and 1E-Explorer-Examples.zip Click Open
  8. Ensure that the Instructions are successfully uploaded. Navigate to the Recent Uploads tab to see status
  9. If you see the Errors count go above zero, ping your instructor to troubleshoot
  10. Navigate to c:\programdata\1E\Tachyon and open Tachyon.ConsumerAPI.log
  11. Search for Uploaded in the log and note all the Instructions uploaded

Your log should look similar to this one.

  1. Start SQL Server Management Studio from the start menu
  2. Expand to Databases > TachyonMaster > Tables
  3. Right-click the dbo.InstructionDefinition table, and select Select Top 1000 Rows
  4. Note that the Instructions we added to Tachyon are displayed in this table, along with the default settings for the Instructions as defined in the XML files
  5. Right-click the dbo.InstructionSet table, and select Select Top 1000 Rows
  6. Note the Instruction Set we created, Tachyon Verification, is listed here

Managing Instructions in Sets

The Product Packs have a varying number of Instructions within them. Once imported into Tachyon, we must group them into Instruction Sets before we can use them. In this exercise we will group the Instructions into Instruction Sets to demonstrate the process. In the next exercise we will use the Product Pack Deployment Tool to perform a bulk import of product packs.


  1. Return to the Settings Application and navigate to Instructions – Instruction Sets. In the instruction set pane, click the Unassigned Instruction Set and then click the plus sign + at the end of the sort by field but in front of Unassigned
  2. Within the Unassigned Instruction Set review all the uploaded Instructions
  3. In the Search field under the name of the instruction set (Unassigned), type Process into the filter box
  4. In the lower right click on the 50 button to show additional rows
  5. Click Select All and click on Add new set in the right panel. 
  6. Type in Processes in the Name field. In the custom icon field click on Choose File. Navigate to c:\temp\icons. Click the Process.png Click Open. Click Add

  7. If you forget to add your custom icons you can also select the instruction set and click on the hamburger menu next to the name and choose Edit
  8. Ensure you are still in the Unassigned Instruction Set in the Instruction Sets pane
  9. From the Instructions pane, type Agent into the filter box
  10. Move the Tachyon Agent related Instructions into the 1E Explorer TachyonAgent Instruction Set
  11. Select the Unassigned Instruction Set and in the Search field type in Operating System
  12. Move the Instruction into the 1E Explorer TachyonCore instruction set
  13. Click on the All instruction set. Type in Quar and move all the Quarantine related instructions to a new Instruction set named Quarantine
  14. Quarantine is a very powerful action and should be permissioned very carefully. We will use Quarantine shortly
  15. Now that we've added instructions to Tachyon and organized them into Instruction Sets, we are ready to begin engaging clients. There are two types of instructions, Questions and Actions. In these exercises, we will ask questions and execute actions on our Tachyon clients
  16. We are only using a subset of Instructions which were uploaded from the Product Packs. Don't be concerned about the instructions still residing in the Unassigned group.

Using the Product Pack Deployment Tool for the Integrated Product Packs

Tachyon 5.0 shipped with the Tachyon Product Pack Deployment Tool (this is included in later versions) and gives you a way to bulk import Product Packs and Guaranteed State artifacts into Tachyon. We also have a set of Integrated Product Packs to import. We can use this during the Tachyon install (we used this during the Install) or as a standalone bulk import. We will n ow look at how to use this outside of the initial Install. The product packs must be in the same folder as the tool. Your Guaranteed State Administrator must also have Instruction Set Administrators role to use the Product Pack Deployment Tool for Integrated Product Packs.


  1. Still logged into 1ETRW72 as 1ETRN\Manager1
  2. Click Start and in the Search field type \\1ETRNAP\temp Click the temp folder to Launch Windows Explorer. Right click tachyonplatform.v5.2.5.165\ProductPacks\ folder and select copy. Navigate to c:\tools and right click and select Paste
  3. Double click c:\tools\ProductPacks\Tachyon.ProductPackDeploymentTool.exe
  4. Type in https://tachyon.1etrn.local/consumer in the Server field. Click on Test Connection
  5. We should see connected to the Tachyon Server and the version number in the Results pane
  6. You would then select any product packs you want to upload and click Upload Selected, we have already uploaded all the product packs using this tool during the install, so will not upload any here, but you should be aware that this exists
  7. The Tachyon Product Pack Deployment Tool will import them into Tachyon. It will also move them into an Instruction Set named the same as the .zip file. The Tachyon Product Pack Deployment Tool will also upload Classic Product Packs into Tachyon. You would need to copy the Classic Product Packs into the same folder as the tool and the supporting files. You may want to rename the Instructions Sets as the tool will name them the same as the name of the .zip file which may not be the name that you want for the instruction sets. These are easier to use in production if the Instruction Set name is indicative of the instructions that are in the set.

Changing Tachyon Agent Settings

In this exercise, we will evaluate the 1E Client settings, and make a change to one of them.


  1. Navigate to the Home node in the Explorer Application
  2. Click on All Instructions on the top right
  3. Expand 1E Explorer TachyonAgent instruction set to review the available instructions
  4. Click on Set a 1E Client configuration property <agentconfig> to <agentconfigvalue> for the Tachyon Agent
  5. Tachyon no longer requires us to ask a question in order to deliver an action. We already know our client settings we can make the change that is required for our lab now.
  6. From the settings dropdown, select DefaultStaggerRangeSeconds
  7. Set the value to 30
  8. Click Perform this action
  9. Input Passw0rd for the password
  10. Launch LiveMail and click Send/Receive to update the inbox
  11. Retrieve the authentication code from the latest email and input it into the console


  1. Launch LiveMail and click Send/Receive to update the inbox
  2. Open the latest email with subject Tachyon action X requires approval
  3. Click on the Go to approval page link
  4. Click on the approval request. Review the details of the action request. Note that all 7 clients are targeted
  5. Input a comment if you wish. Check the I understand the impact of this action and approve this request box. Click Approve


  1. Check the inbox in LiveMail. An email confirming the instruction was approved will be present with a current timestamp
  2. Return to the Explorer Application. It should be on the responses page for our Agent reconfiguration instruction
  3. Wait a few minutes as the results of our action are returned
  4. Remember the default stagger setting? This action requires a script, so there will be a random wait between 0-300 seconds for the agents to download the script. We are changing that setting to 30 so future Instructions which require a script are executed quicker. In a production environment you want to be careful not setting this value too low.
  5. On the Content page, note a pie graph detailing Success/Error
  6. Click on Aggregated Table View at the top right to get details on the action
  7. Click the Row that displays Exit Code and Count to expand results
  8. Note the Output column, now showing DefaultStaggerRangeSeconds=30
  9. Click on Raw Table View at the top right to get details on the action, this lists the machines that have responded, similar to that of the Aggregated Table View
  10. Note the Output column, now showing DefaultStaggerRangeSeconds=30
  11. Once 1ETRNW71 returns a result, navigate to c:\program files\1E\Client and edit 1E.Client.conf with Notepad
  12. Review the settings. Note that DefaultStaggerRangeSeconds is now set to 30, per the action which we initiated
  13. Once all machines have responded click Stop, and navigate to the Home node in the Explorer application and in the I want to know box type in What are the 1E Client settings
  14. Click Ask this question button
  15. Note that the Default Stagger Range Seconds now shows 30 for all the clients
  16. Did you notice the speed of the results returning compared to the first time you asked this question? This is because we changed the stagger setting from 300 to 30, thus causing the clients to download the script a lot quicker, thus returning the results a lot quicker.
  17. Click Stop once all the agents have reported in. Click Keep on the dialog box to keep the responses
  18. Review the config file on other machines if you wish to manually confirm the setting change


  1. Open SQL Management Studio and navigate to Databases>TachyonResponses>Tables. Refresh to see all the tables
  2. Note there are multiple Response tables suffixed by a number. Right-click on the table with the largest number and select Select Top 1000 Rows
  3. Note the results from the last question asked are present here
  4. Right click on the Error table with the corresponding number. If there are any failures to execute the instruction, information on that failure would reside in this table

Working with Processes

Quite often, for security reasons or otherwise, there might be certain processes running on machines in your environment which you do not want to run. In this exercise, we will query for processes, and based on what is returned, kill a process.


  1. Navigate to the Home node in the Explorer Application
  2. Click on All Instructions at the top right of the page and expand Processes
  3. Click on What Processes are Running?
  4. Leave the Parameters default, click Ask this question
  5. On the Responses page, once results are presented, scroll down as far as you wish, reviewing the different columns returned from the question
  6. Click on any row to expand the results showing which machines have the process running. Click Close to return to the entire list
  7. Return to the Home node, and type Process into the I want to know box, and select What Processes are Running?
  8. Click Edit in the Parameters window
  9. In the Parameters section on the right, expand Coverage and expand Device
  10. Leave the condition to contains, and type in 1ETRNW73. Click Set
  11. Click on Ask the question to execute the question
  12. Once the results are returned, click on the Summary tab. Validate that Approximate target and Responses count both show 1, and Responses > Successes shows a count of 1
  13. Return to the Content tab. Note the only machine returning processes information is 1ETRNW73
  14. Click on the Filter results button, and type calc.exe into the Executable box. Click Search
  15. Note the results are now filtered onto the single process. This indicates that calc.exe process is running on 1ETRNW73
  16. Click on Follow-up action in the filter space
  17. In the question box, type in Kill
  18. Click on Kill Process(es) with image name matching <exename>
  19. In the input box for enter process name, type in calc.exe
  20. Note the Approximate target value in the Parameters window. Since we are doing a follow up action, only the initial coverage will be impacted by this action. Any other clients running calc.exe will not be impacted by this action
  21. Click Perform this action
  22. Input Passw0rd for the password and click Confirm and Send
  23. Open LiveMail. Click Send/Receive to ensure the authentication email is in the inbox
  24. Open the email with title Instruction X requires authentication with the appropriate time stamp and type the authentication code into the Tachyon console where requested


  1. Log onto 1ETRNW73 with 1ETRN\Tachyon_adminG if not already logged in
  2. Confirm that Calculator is running and present in the task bar
  3. Launch the Explorer application if not already open in Chrome, and note that a notification is available for the pending request
  4. Click on the Notifications
  5. On the Request for action approval page, review the details of the request
  6. Expand the 1 setting and 1 device details and validate the filters we set when asking the original question
  7. Check the I understand the impact of this action and approve this request box. Click Approve
  8. Wait a few seconds. Note that the Calculator application disappears from the Taskbar
  9. Navigate to c:\programdata\1E\Client and double-click 1E.Client.log
  10. At the bottom of the log, note that the agent is running an instruction which kills the calc.exe process

Your log will look similar to this one.


  1. Return to 1ETRNW71
  2. Note the console is on the Content page
  3. Note the results show a count of 1 for Killed and 0 for Failed
  4. Click on the Summary tab to validate the coverage of the action as well as the success
  5. Note Approximate target, Sent count and Responses count are all 1, and the Responses Success count is 1
  6. Click Stop for the Kill Process(es) calc.exe action. Click Ok
  7. The duration of this action was set to 60 minutes by default, so it will continue for 60 minutes if not stopped. This is to account for machines which might not be online at the start of a question or an action but come online before the duration expires. You may find in your environment different questions and actions dictate different durations.
  8. Ask the processes question again and validate that calc.exe is no longer running
  9. You may repeat the process of killing a process, using the Process ID instead of the executable name if you wish

Working with Services

In an enterprise, having real time knowledge of Services on client machines is very valuable information. Often, you might want to stop or disable a service. Other times, you might want to start or enable a service. In this exercise, we will work with Services, both querying and taking actions.


  1. Navigate to Home in the Explorer Application
  2. Click on All Instructions
  3. Expand the Services Instruction Set, and review the questions available
  4. Click on What services are running?
  5. Leave the parameters default. Click Ask this question
  6. Review the results, scrolling down to see all services listed
  7. You must scroll quite a while to see all the services. We will filter the results to drill down onto a specific service on a single machine
  8. Click the Back to top button to return to the top
  9. Expand Filter Results. In the Name box, input RemoteRegistry. Click Search
  10. Note the service is stopped on all machines but 1ETRNCM
  11. Return to the home page, and in the search box, type in Services
  12. Click on Which Windows services are disabled?
  13. Click Ask this question
  14. On the Contents page, change view from graph to table view at the top right
  15. Click on the Filter results button, and in the caption type in Remote. Click Search
  16. Click on Remote Registry to expand the results. Note the machines on which the service is disabled
  17. The service is disabled on the Windows 10 machines in our environment. Though it is stopped on all machines except 1ETRNCM, it is not disabled on all the machines, except for the Windows 10 machines.
  18. Click the Follow-up Action tab, and in the search box, type Service
  19. Select Set service <servicename> startup type to <startuptype> and state to <state>
  20. In the Set service box, input RemoteRegistry. Set Startup type to Manual. Set state to Start
  21. Note the Approximate target number
  22. Even though it shows 7 as the approximate target the instruction will only run on the 2 that were returned by the filter. We have 3 types of filters in Tachyon Coverage Filter is applied before the question is asked and limits the devices that get the question or the action. Question Filters use the attributes of the responses and are applied after a question is asked – it limits the number of devices that will respond. View Filters use the attributes of the responses and are applied after a question is asked and after the responses have returned but limit what is displayed.
  23. Return to the home page
  24. Type Services into the search box, and select Which Windows services are disabled?
  25. Click Edit in the Parameters space
  26. Expand Coverage
  27. Click on Management Group, click in the search box to display our list of Management Groups, select All Win 10 Lab Workstations. Click Set
  28. We could also use our Device attributes to set our coverage based on Name of Device.
    Note the Approximate target has changed to 2 connected devices. We have 2 machines in our environment that are members of our Management Group.
  29. Click Ask this question. Review the results in the Aggregated table view
  30. Click the Actions tab, and in the search box, type Service
  31. Select Set service <servicename> startup type to <startuptype> and state to <state>
  32. In the Set service box, input RemoteRegistry. Set Startup type to Manual. Set state to Start. Click Perform this action
  33. Note the Approximate target is now limited to 2 devices, which is the coverage of the original question
  34. Input Passw0rd for the password
  35. Launch LiveMail. Click Send/Receive to get the latest email in the inbox
  36. Retrieve the authentication code from the email and input it into the Explorer Application. Click Submit


  1. Log into 1ETRNW101 as 1ETRN\User
  2. Double-click the Services applet on the desktop
  3. Scroll down to Remote Registry and validate that it is not running and set to disabled


  1. Still logged into the Explorer application as 1ETRN\Tachyon_adminG click on the notifications node
  2. If already on the Notifications page, refresh the page
  3. Click on the pending request. Review the details of the action, and note that it is now only going to 2 machines
  4. Check the I understand the impact of this action and approve this request box. Click Approve


  1. Click the refresh button in the Services applet to refresh the view. Note that the Remote Registry service the startup type is changed from Disabled to Manual
  2. Review the 1E.Client.log. Note the reference to remoteregistry at the bottom of the log, along with a successful status for the corresponding InstructionId


  1. Return to the Explorer Application. It should be on the Content page
  2. Note that the Action column shows Manual + Start for both machines in scope
  3. Click on the Summary tab and note that the Target, Sent, Responses, and Success counts are all 2

Working with the Registry


  1. Navigate to the Home node in the Explorer Application
  2. Type Registry into the I want to know box and select What are all the values under the registry key <hive> <subkey>?
  3. In the subkey box, type in software\1E\Client\Persist
  4. The value must be inputted exactly as shown above. If the value doesn't match what is on the clients, no results will be returned
  5. Click Ask this question
  6. From the start menu in windows, type in regedit in the search window and launch regedit
  7. Navigate to HKLM\software\1E\Client\Persist
  8. Review the different values present under this key. Leave regedit running
  9. Return to the Explorer Application. Note that we are on the Responses page
  10. Click the Filter Results tab, and input 1ETRNW71 into the Device name box. Click Search
  11. Confirm the results seen here match what is shown in the registry, clear the search filter
  12. Click on the Actions tab, and input registry into the search box, and click on Set registry entry <hive> <subkey> <name> to <valuetype> <value>
  13. In the subkey box, input software\1E\Client
  14. In the name box, input Test
  15. Change the type to REG_SZ
  16. In the value box, input Test
  17. Click Perform this action
  18. Follow the two factor authentication process by providing the password and then inputting the authentication code provided in the resultant email, as done in previous tasks


  1. From the start menu in windows, type regedit in the search window and launch regedit
  2. Navigate to HKLM\software\1E\Client. Note that a default and the InstallationDirectory values exist
  3. Approve the action in the Tachyon exchange console
  4. Review the details of the action. Note that is it going to all 7 devices
  5. In the registry, return to HKLM\Software\1E\Client. Click F5 to refresh the view
  6. Note that a REG_SZ value named Test is created, with the data set to Test
  7. The change is almost immediate. This is because we do not need a script to make this change, rather we are using the native language. This allows Tachyon to immediately execute the action we deployed via Tachyon. In a later lab, we will talk about native language vs. scripts.


  1. Return to the Explorer Application. Note that it is now on the Content page, and the status shows a count of 7
  2. Switch to the Aggregated table view. Click on the aggregated row with the count to see the list of machines this action was applied to
  3. Click on the Summary tab to validate that the action was successful on all 7 machines
  4. Return to regedit. Navigate to HKLM\software\1E\Client. Confirm the Test value we set has been created via the Tachyon action
  5. You will likely need to refresh the view to see the new value

Working with Device Tags

Device Tags allow you to add custom labels to devices for use by Tachyon. We have two types of Tags – Coverage and Freeform. Coverage Tags can be used for targeting instructions and are configured by a Tachyon Admin, devices can then be set using an instruction. Freeform Tags can be used to label the devices in your organization but are only set using instructions and cannot be used for coverage. In this exercise we will create the device tag that we will use for our Phased Deployments. We will have values for the devices that are used for Testing (TestGroup), Pilot (PilotGroup), Group1 and Group2 will show the example of Day 1 deployments and Day 2 deployments. We will set our 2 Windows 10 machines as a Pilot group in our lab using Tags. We will then ask a question using the Tag as our coverage parameter.

Creating the Pilot Group Tag

Planning the coverage tags for the entire environment should be done thoughtfully. Each device has a list of the tags that have been set on the 1E Client. The list includes Name=Value plus a delimiter. The entire list for each Agent cannot be over 512 characters.


  1. Logged into 1ETRNW102 as 1ETRN\Tachyon_AdminPP
  2. Open Google Chrome and switch to the Settings application
  3. Navigate to Configuration – Custom Properties
  4. Click Add. In the Add Custom Property box type PhasedRollout in the Name field
  5. Tag names can only be a maximum of 16 characters any tags exceeding the length limit will not be reported back and those devices will not be included in the coverage.
  6. In the Property Type box select CoverageTag
  7. In the Values box type in the following values
  8. TestGroup
  9. You will need to click the + sign after adding the first value to add the additional fields
  10. Click Add

Setting a Tag on Devices

We use instructions to tell the 1E Client which tags to add to each device. We have two types of Tags in Tachyon. Coverage Tags and FreeForm Tags. FreeForm tags have less stringent limitations for length but cannot be used to define coverage (you would ask a question to get a list of devices that have that freeform tag). Tag data is stored in the Tachyon Master Database for each device. The entire list of Coverage Tags on each device must not exceed 512 characters.


    Ensure you switched to the correct device for this task
  1. Switch to the Explorer Application. Navigate to Home
  2. Click on All Instructions and select the None radio button to display all the Instructions. (Note you could look in the Instruction set to find the instruction, if you know which it is in)
  3. Search for and select What are the coverage tags. Leave the parameters as they are
  4. Click Ask This Question
  5. When the results come back notice we have 0 tags on our devices. You may need to switch to Aggregated table view
  6. Notice the || in our results. These are the delimiters that will be used for the list of tags on each device. You must factor in these characters when planning for your coverage tags
  7. Stop the Instruction
  8. Ask the question again but this time change the coverage to All Win10 Lab Workstations Management Group. Click on Ask This Question
  9. Click on Actions from the Question we just asked
  10. Click All Actions
  11. Expand the Tags Instruction Set. Notice the Actions we have available in this instruction set
  12. We use these instructions to set tags and delete tags for the devices in our environment.

  13. Select the Set coverage tag <tagname> to <tagvalue> action
  14. Click in the first parameter field – notice our only choice is PhasedRollout. We have only created one tag in our Settings Application – Custom Properties but with multiple values. Select PhasedRollOut and PilotGroup
  15. Click Perform this Action. You will have to enter your password
  16. Open LiveMail and enter your Authentication Code


  1. In Google Chrome – Explorer Application
  2. Navigate to Notifications and Approve the Instruction number from above


  1. In the Explorer Application ask the question What are the coverage tags?
  2. Notice we have 2 devices set as our PhasedRollout - PilotGroup


  1. Open File Explorer and Navigate to c:\ProgramData\1E\Client
  2. Open the 1E.Client.log and look for the instruction number from the approval that you did
  3. You will see the action of running the instruction logged and also that the Tags have changed

Your log will look similar to this.

Asking a Question Using our Coverage Tag

Now that we have our devices tagged, we will ask another question. We will use the Device Tag for our coverage.


  1. Navigate to the Home screen of the Explorer Application
  2. In the I want to know field type in Operating and choose What Operating System Information Does Windows SystemInfo Report?
  3. Next to Parameters click Edit
  4. Expand Coverage – Tags
  5. In the Select Key field choose PhasedRollout
  6. In the Select Value field choose PilotGroup Click Set
  7. Click Ask this Question 
  8. Notice that we only have responses from our 2 Windows 10 Devices

Working with Quarantine

In the event of a security breach, Tachyon can quarantine devices. This will cut off the device from all network traffic except for the Tachyon Switch. This can contain an outbreak while the device is remediated. In this exercise, we will target a specific system and quarantine it. We with then remove it from quarantine.

It is recommended that due to the powerful nature of the 3 quarantine instructions you permission them thoughtfully in Tachyon.

Checking Quarantine State


  1. Logged into 1ETRNW102 as 1ETRN\Tachyon_AdminPP
  2. Open Google Chrome and Navigate to the Explorer Application
  3. From the Home screen click All Instructions
  4. Expand Quarantine
  5. Click Are my devices quarantined?
  6. Read the warning here – this is a very powerful feature and can take all your devices off the network if the coverage is not correct.
  7. Click Ask this question
  8. This is a simple query to see if the devices are actually quarantined. As you can see none of our devices are in quarantine

Quarantine a Device

In this task we are going to quarantine 1ETRNW72


  1. Navigate to Explorer application – Home screen
  2. In the I want to know field type in Quarantine
  3. Click on Quarantine Selected Devices. Click Edit on parameters
  4. It is possible to quarantine the Tachyon server so be extremely careful with your coverage.
  5. Click coverage
  6. Expand Device. Choose in the first field and type in 1ETRNW72.1ETRN.local in the second field
  7. Use the FQDN here to ensure you don't quarantine the wrong machine.
  8. Click Set
  9. Click Perform this Action
  10. Type in your Password
  11. Open LiveMail and enter your authentication code


  1. Open LiveMail and Launch the Notification Page or refresh Chrome and navigate to Notifications
  2. Approve the Request

Checking the Quarantined Device


  1. In the Explorer application check the results from the instruction
  2. Notice there is now 1 device quarantined
  3. Click on Quarantined in Status and see the device name
  4. Launch a Command Prompt and type in ping 1etrnw72. Your request will time out without a response


  1. Launch a command prompt and ping 1ETRNDC
  2. Ping 1ETRNCM
  3. These should both time out without a response. Once placed in quarantine a device can only be accessed from the Tachyon server.
  4. Ping Tachyon (our alias for 1ETRNAP)
  5. This should ping as normal – all remediation efforts will have to originate from the Tachyon server for this device that is quarantined. This will greatly stop the propagation of any malware that gets introduced into your environment.
  6. Launch a new browser window and navigate to Google.com
  7. Notice that our device cannot get to other devices or the internet

Removing a Device from Quarantine

Now we will issue the instruction that will remove the device from quarantine. The device can only communicate with the Tachyon Switch at this time.


  1. Still logged in as 1ETRN\Tachyon_Admin1
  2. Open Google Chrome – the Explorer Application should still be open
  3. Navigate to Home and in the I want to know field type in Quaran and Select Releases Selected devices from Quarantine
  4. Click Edit on the Parameters
  5. Expand Coverage – Expand Device
  6. In the contains field select =
  7. In the next field type in 1ETRNW72.1ETRN.Local click Set
  8. Type in the entire FQDN or the instruction will fail
  9. Click Perform this action
  10. Type in Passw0rd and click Confirm and Send
  11. Open LiveMail and copy the authentication code for Instruction X
  12. Paste the code into the Authentication Code box. Click Submit


  1. Still logged in as 1ETRN\Tachyon_AdminG
  2. Open Chrome and refresh the page
  3. In the Explorer Application navigate to Notifications
  4. Approve Instruction X from above


  1. In the Explorer Application – Navigate to Instructions – History
  2. Select our Releases selected devices from quarantine
  3. Wait for this one to complete
  4. Move back to Instructions – History. Select Are my devices quarantined?
  5. Rerun this instruction
  6. Wait for it to complete and see that all 7 devices are now NotQuarantined
  7. Open a command prompt and Ping 1ETRNW72. Device should respond


  1. Ping any of the other devices in the lab
  2. All the devices should now respond to the ping request
  3. Browse to the Internet
  4. The device should be able to get to the internet
  5. The ability to quarantine devices is critical to be able to combat a security emergency. This functionality is also dangerous as the devices are only able to communicate with the Tachyon server to enable the ability to remediate the issue and the remove the quarantine. It is possible to quarantine the Tachyon Server, and this would prevent you from removing the quarantine.

Device Criticality

Within Tachyon we can classify our devices into degrees of importance or how critical the device is to an organization. We can then base our coverage of instructions on this for use in targeting. For example, if we set our domain controllers to Critical we could send an instruction and target all devices except for the Critical ones. We can also view our Guaranteed State results based on Criticality. We will look at that data in the Guaranteed State exercises

First Look at Criticality

In this task we are going to set our Lab Servers to Critical, our Windows 10 devices to High, and our Windows 7 Devices to Medium. We use instructions to set this on the device.


  1. Still logged in as 1ETRN\Tachyon_Admin1
  2. Navigate to the Home screen of the Explorer Application
  3. In the I want to know field type in Critical. Select What is the criticality of my devices?
  4. Click Ask this Question
  5. Click Stop once all 7 devices have returned results
  6. Notice that all our devices are listed as Undefined. This is how a device shows until a criticality has been set.

Setting Criticality


  1. Navigate back to Home. Type Critical in the I want to know field
  2. Select Set the criticality of my devices. Click Please choose in the list select Critical
  3. Click Edit in the parameters row
  4. Expand Coverage – Expand Management Group – Choose Lab Servers. Click Set
  5. Type in Passw0rd and click Confirm and Send
  6. Open LiveMail and copy the Authentication Code
  7. Paste it into the Authentication Code box for Instruction XX. Click Submit


  1. In the Explorer Application navigate to Notifications
  2. You may need to refresh to see Instruction XX from above
  3. Type something in the comment box
  4. Check I understand the impact. Click Approve


  1. Wait for all devices to respond
  2. Repeat the Steps above to set the following:
  3. Windows 10 = High
    Windows 7 = Medium

Viewing Criticality


  1. In the Explorer Application – Home – I want to know
  2. Type in Critical and select What is the criticality of my devices?
  3. Click Ask this question
  4. Drill into each Criticality to see the devices that are assigned to each one


  1. Still logged into 1ETRNAP as 1ETRN\AppInstaller
  2. From the Start Menu launch SQL Management Studio
  3. Connect to the Database Engine
  4. Expand Databases
  5. Expand TachyonMaster
  6. Expand Tables
  7. Right Click dbo.GlobalSetting and choose Select Top 1000 Rows
  8. In the Name column look at the CriticalityMapping values
  9. Right Click on dbo.Device and choose Select Top 1000 Rows
  10. Scroll over to the Criticality Column to view the settings
  11. We will revisit Device Criticality in Guaranteed State

Device Locations

  1. Return to Explorer - Home, and in the I want to know type Location
  2. Select Get the location of my devices, and click Ask this question
  3. When the results return observe that the location is not currently set
  4. Return to Explorer - Home, and in the I want to know type Location
  5. Select Set the location of my devices to instruction
  6. Set the Locations of Each management group to: (remember to follow the approval flow)

  7. Lab Servers - London

    All Win 7 Devices - New York
    All Win 10 Devices - Tokyo
  8. Once all are set rerun the Get the location of my devices question
  9. When the results return observe that the location is correctly set

Using the Tachyon Exchange

In this exercise we will download some product packs from the Tachyon Exchange directly from the Explorer Application and import those product packs into Tachyon.

Download the Product Packs


  1. Still logged into 1ETRNAP as 1ETRN\AppInstaller
  2. Launch the Settings Application
  3. Navigate to Instructions – Instruction Sets
  4. Click on Tachyon Exchange in the upper right
  5. Scroll down and look at the product packs that are available to download
  6. The Tachyon Exchange is a collection of both community written and 1E authored product packs. All have been verified by 1E and signed with the 1E Code Signing Certificate. To download a product pack you will require a support log in.
  7. Explore the Tachyon Exchange to see the offerings available. When you are finished download any Product Pack
  8. You will have to log in using your 1E Support Portal credentials.
  9. Click on the product pack and then click on Download
  10. Select the Platform version (Currently v5.2)
  11. Once the download completes Save the .zip to c:\temp
  12. Download 2 additional product packs that interest you. Save them to c:\temp
  13. Upload into Tachyon and move them into an Instruction Set

Lab Summary

In this lab, we worked with Tachyon in a variety of different ways. We added different Product Packs to Tachyon which provided us with specific functionality defined within those Product Packs. We organized the individual instructions from the Product Packs into Instruction Sets. We then asked questions and executed actions using the different instructions. We learned how to create and deploy device tags and use them for Coverage for our Instructions. We learned how to use Quarantine to help us remediate security issues and prevent further spread. We learned how to set and view Device Criticality. We then learned how to download product packs from the Tachyon Exchange and import them into Tachyon for use

Next Page
Ex 6 - Tachyon v5.2 - Install and Configure - Microsoft Configuration Manager Integration