Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

By default, as users or groups are granted access to a node within the Shopping console, the console adds these users or groups (under the context of the logged on user) to the relevant database access groups according to the access required for that particular node. This requires the Full Shopping DB Admin Access group to be granted full permissions on itself and the other two groups when they are first set up in AD. 
This automatic group management can be disabled in the Console Settings by setting the Admin Console Manages Groups setting to False. If this is done, users and groups will need to be manually added to the appropriate groups before they attempt to use the Shopping Console. The table below lists the Admin Console Nodes and the group memberships that provide access to them.


Console Node

Full Shopping DB Access group

Limited Shopping DB Access group

SMS/ConfigMgr DB Access group

Sites

P

 

P

Approvers

P

P

 

User Categories

P

P

 

Computer Categories

P

P

 

Applications

P

 

P

Settings

P

 

 

Node Security

P

 

 

Event Log

P

P

 

Ensure users and groups have email AD attribute set

...

1eolstart
startat65


1eli
Log on to 1ETRNDC as 1ETRN\Administrator and start Active Directory Users and Computers


1eli
Review the following users and groups and ensure they have the specified email address defined in the General Properties tab


User or Group

Email address

svc_ShoppingCentral

SVC_ShoppingCentral@1etrn.local

Shopping_Admins (group)

shopping_admins@1etrn.local

Shopping_LicenseManagers (group)

Shopping_LicenseManagers@1etrn.local

Manager1

manager1@1etrn.local

Manager2

manager2@1etrn.local

User

user@1etrn.local

Finance Director

FinanceDirector@1etrn.local


1ebest practice

As Shopping is used by most users throughout an organization, it is good practice to use an easily remembered DNS alias for the Shopping Central Web Server. This alias is then defined as the Host Header for the Shopping web site in IIS. This not only makes it easier for users to remember the site name, but also allows the web site to be moved to a different server in the future if required.


...

1eolstart
startat189


1eli
Return to the Shopping.Receiver.exe.config file


1eli
Locate the <appSettings> section and observe the values in RootDeviceCollectionId and RootDeviceCollectionName


1eli
Replace the RootDeviceCollectionId value with PS10000B


1ewarning

Be sure to input the collection name and ID exactly as they are in the console. The ID is with 4 zeros. If these values are not inputted correctly, the Shopping Receiver will fail to create objects in ConfigMgr.


1eli
Replace the RootDeviceCollectionName value with Lab Workstations


1eli
Save and close the file


1eli
Restart the 1E Shopping Receiver+ 5.5.0 service


1ehot tip

All collections created by the Shopping Receiver will now use Lab Workstations as the limiting collection. This methodology can be used to prevent certain machines (servers for example) from getting software inadvertently deployed to them by not allowing them to be members of the Shopping deployment collections


Deploy the

...

1E Client

Previous versions of Shopping used the Shopping Agent to enable the Shopping website to retrieve information about the user's PC. In an effort to reduce the number of agents customers need to deploy, 1E is in the process of combining has combined existing agent functionality into a single agent, which happens to be the Tachyon Agent1E Client. With Shopping 5.5, the functionality of the Shopping Agent and the new Windows Servicing Assistant (WSA) functionality has been implemented as a module of via the 1E Tachyon Agent v3Client. 2. The Tachyon Agent v3.2 The 1E Client must be installed on all PCs from which users will access the Shopping portal. This integration requires specific client machine identification so that Configuration Manager knows the correct client deployment target. 

In this exercise, we will use the 1E Agent Endpoint Installation Solution Accelerator Client Deployment Assistant to create the ConfigMgr deployment objects and deploy the Tachyon Agent 1E Client to all ConfigMgr clients.

Prepare to Deploy the

...

1E Client

1evirtualmachine

1ETRNCM


1eolstart
startat195


1eli
Launch the SkyTap Shared Drive shortcut on the desktop and navigate to 1ETools and download copy the contents of EndpointInstallation.1.2.1.6 folder to 1EClientDeploymentAssistant.v1.4.0.27.zip to C:\Temp\ EndpointInstallation.v1.2.1.6 (you may need to create the folder in Temp)then right click and extract all


1eli
Browse to the C:\Temp\EndpointInstallation1EClientDeploymentAssistant.v1.24.10.627 folder and double-click on EndpointInstallation1EClientDeploymentAssistant.exe to launch the wizard


1ehot tip

You might have to change the resolution of the remote computer session to fit the wizard to the screen depending on the size of your display.


1eli
On the Welcome page, click Next to continue


1eli
Accept the license terms on the License Terms page and click Next


1eli
On the ConfigMgr Connection page, with Local ConfigMgr Site Server selected, click Connect. When the status changes to Connected, click Next


1eli
On the General Settings page, note that the fields are pre-populated with information that is enter the following information which are appropriate for the lab environment. Click NextThen click Next


1eimplementationicontable
1E License File: Browse to c:\temp\1EClientDeploymentAssistant.v1.4.0.27 and select the License.txt file downloaded previously
1E ActiveEfficiency Server URL: http://1etrnap/ActiveEfficiency
Application Content Source: \\1etrndc\ConfigMgrSource\Software
Package Content Source: \\1etrndc\ConfigMgrSource\Software
Distribute Content: Check
Distribution Point Group: All 


1eli
On the Agent Selection page, deselect all items except Tachyon 3.21E Client 4.1.0.618267 and click Next


1eli
On the Tachyon 3.21E Client 4.1.0.618 page, verify that 267 page, set the limiting collection is set to Lab Workstations and click Next to continue


1eli
On the Tachyon and other client Settings page, verify that Enable Shopping Module and Edge Windows App browser support are ticked and also ensure that Shopping Web URL has http://appstore/shopping/ address is entered. Click Next to continue


1ehot tip

Enable Shopping Integration : Enables support for the 1E self-service portal and Windows Servicing Assistace, Any previous Installation of Shopping Agent will be removed when Tachyon Agent starts. 
Shopping Central URL : It should be set to the URL for the Shopping website. The Shopping website uses a host header, for which a DNS allias was defined earlier 
http://appstore/shopping/ The Tachyon Shopping module uses a loopback mechanism that enables the browser to make calls to the Shopping Agent via the local computer. The Tachyon Shopping module contacts the Shopping Central website to get the appropriate URL to use for the local loopback mechanism and the URL is no longer locally configured, as was the case for the previous Shopping Agent Installer. 
Enable Edge/Windows App Support: If users are likely to access the Shopping web site using Microsoft Ede or other Metro Browsers.


1eli
Click next on the Nomad client settings page. On the Summary page, once the list is finished compiling, take a moment and review the actions that are about to be taken. When ready, click the Create button


1ehot tip

If Shopping Integration is enabled, when the Tachyon Agent 1E Client starts it will attempt to automatically remove any previous installations of the 1E Shopping Agent.


1eli
The actions will be recorded as they are completed on the Progress page. When the Status changes to Successful, you may review the completed actions and click Next when ready


1eli
Click Finish on the Completion page to close the wizard


Observe the Results of Running

...

the 1EClientDeploymentAssistant

Once we have run the Endpoint Agent installation wizard1EClientDeploymentAssistant, we will look at the objects that were created in the ConfigMgr console.

...

1eolstart
startat207


1eli
In the ConfigMgr console, select the Assets and Compliance workspace and click on Device Collections


1eli
Note that the 1E Tachyon 3Client 4.21.0.618 – 267 – Required collection has been created and has zero members at this point


1eli
Click on the Deployments tab at the bottom of the page and note that the 1E Tachyon 3Client 4.21.0.618 – 267 – Required application has been deployed to the collection


1eli
In the Software Library workspace, expand Application Management and select Applications


1eli
Note the 1E Tachyon 3Client 4.21.0.618 application 267 application has been created and the content has been distributed to the distribution point


Deploy the

...

1E Client to Lab Workstations

Now that all the required components are created in the ConfigMgr console, we simply need to add our desired targets to the 1E Tachyon 3Client 4.21.0.618 – 267 – Required collection and force a machine policy update cycle to deploy the Tachyon Agent.

...

1eolstart
startat212


1eli
In the ConfigMgr console, go to the Assets and Compliance workspace and select Devices


1eli
Multi-select the 1ETRNW71, 1ETRNW72, 1ETRNW73, 1ETRNW101 and 1ETRNW102 computers


1eli
Right-click on any of them, select Add Selected Items > Add Selected Items to Existing Device Collection


1eli
Select the 1E Tachyon 3Client 4.21.0.618 – 267 – Required collection and click OK


1eli
Click on Device Collections, select the 1E Tachyon 3Client 4.21.0.618 – 267 – Required collection and refresh the view until the Member Count shows 5


1eli
Right-click on the 1E Tachyon 3Client 4.21.0.618 – 267 – Required collection, select Client Notification and choose Download Computer Policy


Validate the

...

1E Client installation on each client

After a few minutes, complete the following tasks to ensure the Tachyon Agent is installed and functioning.

...

1eolstart
startat218


1eli
Log on as 1ETRN\user


1eli
Open Programs and Features from Control Panel and verify that 1E Tachyon AgentClient is installed


1ehot tip

Might take a minute or two after policy refresh for the application to install. Hit F5 after a minute to refresh the view. If you don't see it after a few minutes, manually run computer policy on the client.


1eli
Open the Services applet from the desktop and note the 1E Tachyon Agent service running


1eli
Open the Tachyon1E Client.Agent.log file in C:\ProgramData\1E\TachyonClient


1eli
Search for the following in the log file: module.shopping.enabled and note that it is set to true


1eli
Note the line above it, showing the URL to the Shopping API

...

We started this lab identifying the key users and groups that Shopping uses both internally and for administration. We reviewed the permissions and security rights that these specific users and groups require, and which of these are normally configured by the Shopping Central and Receiver installers.
We learned how to use a DNS alias, combined with HTTP Redirection, to enable Shopping to be accessed using an easily remembered URL. You also understand therefore why it is necessary to define a Service Principal Name for the HTTP service class on the alias address.
We prepared the environment for the installation of Shopping. We installed the Shopping Central service on the application server, and then installed the Shopping receiver on the ConfigMgr Primary site server.
Lastly, we deployed the Tachyon agent 1E Client to our lab workstations. The Tachyon agent 1E Client allows for the proper identification of the machine/user accessing the Shopping portal. It is also used for WSA orders.

...