Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Advanced Panelboxes for Confluence
namegrey
titleExercise Overview:

Table of Contents
maxLevel3
minLevel2
indent20px
excludeSummary|On this page|In this section...
separatornewline

Working with Instructions

Now that we have added a Product Pack and analysed the inner working of the Instruction, we will add more Instructions and begin working with Tachyon. The Instructions we add will provide different functionality in terms of questions we can ask as well as actions we can take.

Work with Instructions

Adding Instructions via Product Packs

1evirtualmachine

1ETRNAP


1eolstart


1eli
Launch the SkyTap Shared Drive shortcut on the desktop and navigate to 1E Tachyon - Course Content\Tachyon 5.0 Course Content\


1eli
Download and copy the Icons.zip folder to c:\temp\ right click and extract all


1eli
Also download and copy the 1E Tachyon - Course Content\Tachyon 5.0 Course Content\AdditionalProductPacks.zip to c:\temp and extract the contents


1eli
Launch the Settings Application from the Tachyon Portal if not already open


1eli
Click on the Instructions node and then select Instruction Sets


1eli
Click on the Upload button at the top right


1eli
Navigate to C:\Temp\tachyonplatform.v5.0.0.592\ProductPacks\Classic and select 1E-Patch-Success.zip. Click Open


1eli
There will be 3 instructions in the Unassigned Instruction Set, Select the 3 instructions


1eli
Click Add new set


1eli
In the Add new instruction set box type Patch Success in the Name field


1eli
Click Choose file in the Custom Icon box. Navigate to c:\temp\icons and select Tachyon.png


1eli
Click Open. Click Add


1eli
Click the Upload button again


1eli
In the Open dialog box navigate to C:\Temp\tachyonplatform.v5.0.0.592\ProductPacks\Classic and multi-select 1E-ConfigMgrConsoleExtensions.zip, 1E-Explorer-TachyonAgent.zip, and 1E-Explorer-TachyonCore.zip Click Open


1eli
Ensure that the Instructions are successfully verified and installed. Navigate to the Recent Uploads tab to see status


1eli
Click on Upload again navigate to c:\temp\AdditionalProductPacks


1eli

Multi-select 1E-Explorer-1ECore.zip and 1E-Explorer-Examples.zip Click Open


1eli
Ensure that you now have 197 instructions in your unassigned instruction set


1eli
If you see the Errors count go above zero, ping your instructor to troubleshoot


1eli
Navigate to c:\programdata\1E\Tachyon and open Tachyon.ConsumerAPI.log


1eli
Search for Uploaded in the log and note all the Instruction uploaded


Managing Instructions in Sets

The Product Packs have a varying number of Instructions within them. Once imported into Tachyon, we must group them into Instruction Sets before we can use them. In this exercise we will group the Instructions into Instruction Sets to demonstrate the process. In the next exercise we will use the Product Pack Deployment Tool to perform a bulk import of product packs.

1evirtualmachine

1ETRNAP


1eolstart
startat22


1eli
Return to the Settings Application and navigate to Instructions – Instruction Sets. In the Instruction set pane, click the Unassigned Instruction Set and then click the plus sign + at the end of the sort by field but in front of Unassigned


1eli
Type in Processes in the Name field. In the custom icon field click on Choose File. Navigate to c:\temp\icons. Click the Process.png Click Open. Click Add


1eli
Select the Unassigned Instruction Set to review all the uploaded Instructions


1eli
In the Search field under the name of the instruction set (Unassigned), type Process into the filter box


1eli
In the lower right click on the 50 button to show additional rows


1ewarning

For the grouping on Instructions into Instruction Sets, please ensure you are searching for the words as exactly documented here, or you will possibly miss some Instructions and in later labs will not be able to execute them.


1eli
Click Select All and click on Move in the right panel. Drop down to the Processes Instruction Set and click Move


1eli
Create an Instruction Set named Services


1eli
Add a custom icon from c:\temp\icons\service.png


1eli
Select the Unassigned Instruction Set in the Instruction Sets pane


1eli
From the Instructions pane, type Service into the filter box


1eli
Move the services related Instructions into the Services Instruction set


1eli
Create an Instruction Set named Registry


1eli
Add a custom icon from c:\temp\icons\registry.png


1eli
Select the Unassigned Instruction Set in the Instruction Sets pane


1eli
From the Instructions pane, type Registry into the filter box


1eli
Move the Registry related Instructions into the Registry Instruction Set


1eli
Create an Instruction Set named 1E Client


1eli
Add a custom icon from c:\temp\icons\Tachyon.png


1ediscussion point

If you forget to add your custom icons you can also select the instruction set and click on the hamburger menu next to the name and choose Edit


1eli
Select the Unassigned Instruction Set in the Instruction Sets pane


1eli
From the Instructions pane, type Tachyon Agent into the filter box


1eli
Move the Tachyon Agent related Instructions into the 1E Client Instruction Set


1eli
From the Instructions pane, type 1E Client into the filter box


1eli
Move the 1E Client related Instructions into the 1E Client Instruction Set


1eli
Select the Unassigned Instruction Set and in the Search field type in Operating System


1eli
Select all the instructions and then Click the Add new set box at the right to create a New Instruction Set


1ewarning

Again, use caution when using the Select All button in this window as it only selects the displayed instructions. Notice the control in the lower right to display 12-24-48 items in the list.


1eli
In the Add new Instruction Set box Name field type OS


1eli
Add a custom icon from c:\temp\icons\Win10.png


1eli
Ensure that the box is checked to Include the X number of Selected Instructions


1eli
Click Add


1eli
Create an Instruction Set named ConfigMgr


1eli
Add a custom icon from c:\temp\icons\sccm.jpg


1eli
From the Instructions pane, type ConfigMgr into the filter box


1eli
Move the CM related Instruction into the ConfigMgr Instruction Set


1eli
After searching for ConfigMgr also search for SCCM and move those instructions into the ConfigMgr instruction Set


1eli
Create an Instruction Set named Tags


1eli
Click on the Unassigned instruction set. Type Coverage Tag in the search box


1eli
Move these instructions to the Tags Instruction Set


1eli
Do another search for Freeform Tag


1eli
Move all the Tag related instructions to the Tags Instruction Set


1eli
Create an Instruction Set named Quarantine


1eli
Click on the Unassigned instruction set. Type in Quar and move all the Quarantine related instructions to the Quarantine Instruction Set


1eli
Create an Instruction Set named Device Criticality


1eli
Click on the Unassigned instruction set. Type in Critical in the search field


1eli
Move the 2 instructions for Device Criticality to the Device Criticality Instruction Set


1eli
Now that we've added instructions to Tachyon and organized them into Instruction Sets, we are ready to begin engaging clients. There are two types of instructions, Questions and Actions. In these exercises, we will ask questions and execute actions on our Tachyon clients


1ehot tip

We are only using a subset of Instructions which were uploaded from the Product Packs. Don't be concerned about the instructions still residing in the Unassigned group.


Using the Product Pack Deployment Tool for the Integrated Product Packs

Tachyon 5.0 ships with the Tachyon Product Pack Deployment Tool which gives you a way to bulk import Product Packs and Guaranteed State artifacts into Tachyon. We also have a set of Integrated Product Packs to import. We can use this during the Tachyon install or as a standalone bulk import. The product packs must be in the same folder as the tool. Your Guaranteed State Administrator must also have Instruction Set Administrators role to use the Product Pack Deployment Tool for Integrated Product Packs.

1evirtualmachine

1ETRNW72


1eolstart
startat67


1eli
Still logged into 1ETRW72 as 1ETRN\Manager1


1eli
Click Start and in the Search field type \\1ETRNAP\temp Click the temp folder to Launch Windows Explorer. Right click tachyonplatform.v5.0.0.592\ProductPacks\ folder and select copy. Navigate to c:\tools and right click and select Paste


1eli
Double click c:\tools\ProductPacks\Tachyon.ProductPackDeploymentTool.exe


1eli
Type in https://tachyon.1etrn.local/consumer in the Server field. Click on Test Connection


1eli
We should see connected to the Tachyon Server and the version number in the Results pane


1eli
Ensure that all the Integrated Product Packs are selected and click Upload Selected


1ebest practice

The Tachyon Product Pack Deployment Tool will import them into Tachyon. It will also move them into an Instruction Set named the same as the .zip file. The Tachyon Product Pack Deployment Tool will also upload Classic Product Packs into Tachyon. You would need to copy the Classic Product Packs into the same folder as the tool and the supporting files. You may want to rename the Instructions Sets as the tool will name them the same as the name of the .zip file which may not be the name that you want for the instruction sets. These are easier to use in production if the Instruction Set name is indicative of the instructions that are in the set.


Changing Tachyon Agent Settings

In this exercise, we will evaluate the 1E Client settings, and make a change to one of them.

1evirtualmachine

1ETRNW71


1eolstart
startat73


1eli
Navigate to the Home node in the Explorer Application


1eli
Click on All Instructions on the top right


1eli
Expand 1E Client instruction set to review the available instructions


1eli
Click on Set a 1E Client configuration property <agentconfig> to <agentconfigvalue> for the Tachyon Agent


1ebest practice

Tachyon no longer requires us to ask a question in order to deliver an action. We already know our client settings we can make the change that is required for our lab now.


1eli
From the Please Choose dropdown, select DefaultStaggerRangeSeconds


1ewarning

Clicking on Please Choose exposes the list of available properties to select


1eli
Set the value to 30


1eli
Click Perform this action


1eli
Input Passw0rd for the password


1eli
Launch LiveMail and click Send/Receive to update the inbox


1eli
Retrieve the authentication code from the latest email and input it into the console



1evirtualmachine

1ETRNW73


1eolstart
startat83


1eli
Launch LiveMail and click Send/Receive to update the inbox


1eli
Open the latest email with subject Tachyon action X requires approval


1eli
Click on the Go to approval page link


1eli
Click on the approval request. Review the details of the action request. Note that all 7 clients are targeted


1eli
Input a comment if you wish. Check the I understand the impact of this action and approve this request box. Click Approve



1evirtualmachine

1ETRNW71


1eolstart
startat88


1eli
Check the inbox in LiveMail. An email confirming the instruction was approved will be present with a current timestamp


1eli
Return to the Explorer Application. It should be on the responses page for our Agent reconfiguration instruction


1eli
Wait a few minutes as the results of our action are returned


1ehot tip

Remember the default stagger setting? This action requires a script, so there will be a random wait between 0-300 seconds for the agents to download the script. We are changing that setting to 30 so future Instructions which require a script are executed quicker. In a production environment you want to be careful not setting this value too low.


1eli
On the Content page, note a pie graph detailing Success/Error


1eli
Click on Aggregated Table View at the top right to get details on the action


1eli
Click the Row that displays Exit Code and Count to expand results


1eli
Note the Output column, now showing DefaultStaggerRangeSeconds=30


1eli
Click on Raw Table View at the top right to get details on the action, this lists the machines that have responded, similar to that of the Aggregated Table View


1eli
Note the Output column, now showing DefaultStaggerRangeSeconds=30


1eli
Once 1ETRNW71 returns a result, navigate to c:\program files\1E\Client and edit 1E.Client.conf with Notepad


1eli
Review the settings. Note that DefaultStaggerRangeSeconds is now set to 30, per the action which we initiated


1eli
Once all machines have responded click Stop, and navigate to the Home node in the Explorer application and in the I want to know box type in What are the 1E Client settings


1eli
Click Ask this question button


1eli
Note that the Default Stagger Range Seconds now shows 30 for all the clients


1ediscussion point

Did you notice the speed of the results returning compared to the first time you asked this question? This is because we changed the stagger setting from 300 to 30, thus causing the clients to download the script a lot quicker, thus returning the results a lot quicker.


1eli
Click Stop once all the agents have reported in. Click Keep on the dialog box to keep the responses


1eli
Review the config file on other machines if you wish to manually confirm the setting change



1evirtualmachine

1ETRNAP


1eolstart
startat102


1eli
Open SQL Management Studio and navigate to Databases>TachyonResponses>Tables. Refresh to see all the tables


1eli
Note there are multiple Response tables suffixed by a number. Right-click on the table with the largest number and select Select Top 1000 Rows


1eli
Note the results from the last question asked are present here


1eli
Right click on the Error table with the corresponding number. If there are any failures to execute the instruction, information on that failure would reside in this table


Working with Processes

Quite often, for security reasons or otherwise, there might be certain processes running on machines in your environment which you do not want to run. In this exercise, we will query for processes, and based on what is returned, kill a process.

1evirtualmachine

1ETRNW71


1eolstart
startat106


1eli
Navigate to the Home node in the Explorer Application


1eli
Click on All Instructions at the top right of the page and expand Processes


1eli
Click on What Processes are Running?


1eli
Leave the Parameters default, click Ask this question


1eli
On the Responses page, once results are presented, scroll down as far as you wish, reviewing the different columns returned from the question


1eli
Click on any row to expand the results showing which machines have the process running. Click Close to return to the entire list


1eli
Return to the Home node, and type Process into the I want to know box, and select What Processes are Running?


1eli
Click Edit in the Parameters window


1eli
In the Parameters section on the right, expand Coverage and expand Device


1eli
Leave the condition to contains, and type in 1ETRNW73. Click Set


1eli
Click on Ask the question to execute the question


1eli
Once the results are returned, click on the Summary tab. Validate that Approximate target and Responses count both show 1, and Responses > Successes shows a count of 1


1eli
Return to the Content tab. Note the only machine returning processes information is 1ETRNW73


1eli
Click on the Filter results button, and type calc.exe into the Executable box. Click Search


1eli
Note the results are now filtered onto the single process. This indicates that calc.exe process is running on 1ETRNW73


1eli
Click on Follow-up action in the filter space


1eli
In the question box, type in Kill


1eli
Click on Kill Process(es) with image name matching <exename>


1eli
In the input box for enter process name, type in calc.exe


1eli
Note the Approximate target value in the Parameters window. Since we are doing a follow up action, only the initial coverage will be impacted by this action. Any other clients running calc.exe will not be impacted by this action


1eli
Click Perform this action


1eli
Input Passw0rd for the password and click Confirm and Send


1eli
Open LiveMail. Click Send/Receive to ensure the authentication email is in the inbox


1eli
Open the email with title Instruction X requires authentication with the appropriate time stamp and type the authentication code into the Tachyon console where requested



1evirtualmachine

1ETRNW73


1eolstart
startat130


1eli
Log onto 1ETRNW73 with 1ETRN\Tachyon_adminG if not already logged in


1eli
Confirm that Calculator is running and present in the task bar


1eli
Launch the Explorer application if not already open in Chrome, and note that a notification is available for the pending request


1eli
Click on the Notifications


1eli
On the Request for action approval page, review the details of the request


1eli
Expand the 1 setting and 1 device details and validate the filters we set when asking the original question


1eli
Check the I understand the impact of this action and approve this request box. Click Approve


1eli
Wait a few seconds. Note that the Calculator application disappears from the Taskbar


1eli
Navigate to c:\programdata\1E\Client and double-click 1E.Client.log


1eli
At the bottom of the log, note that the agent is running an instruction which kills the calc.exe process




1ediscussion point
Your log will look similar to this one.



1evirtualmachine

1ETRNW71


1eolstart
startat140


1eli
Return to 1ETRNW71


1eli
Note the console is on the Content page


1eli
Note the results show a count of 1 for Killed and 0 for Failed


1eli
Click on the Summary tab to validate the coverage of the action as well as the success


1eli
Note Approximate target, Sent count and Responses count are all 1, and the Responses Success count is 1


1eli
Click Stop for the Kill Process(es) calc.exe action. Click Ok


1ediscussion point

The duration of this action was set to 60 minutes by default, so it will continue for 60 minutes if not stopped. This is to account for machines which might not be online at the start of a question or an action but come online before the duration expires. You may find in your environment different questions and actions dictate different durations.


1eli
Ask the processes question again and validate that calc.exe is no longer running


1eli
You may repeat the process of killing a process, using the Process ID instead of the executable name if you wish


Working with Services

In an enterprise, having real time knowledge of Services on client machines is very valuable information. Often, you might want to stop or disable a service. Other times, you might want to start or enable a service. In this exercise, we will work with Services, both querying and taking actions.

1evirtualmachine

1ETRNW71


1eolstart
startat148


1eli
Navigate to Home in the Explorer Application


1eli
Click on All Instructions


1eli
Expand the Services Instruction Set, and review the questions available


1eli
Click on What services are running?


1eli
Leave the parameters default. Click Ask this question


1eli
Review the results, scrolling down to see all services listed


1eli
You must scroll quite a while to see all the services. We will filter the results to drill down onto a specific service on a single machine


1eli
Click the Back to top button to return to the top


1eli
Expand Filter Results. In the Name box, input RemoteRegistry. Click Search


1eli
Note the service is stopped on all machines but 1ETRNCM


1eli
Return to the home page, and in the search box, type in Services


1eli
Click on Which Windows services are disabled?


1eli
Click Ask this question


1eli
On the Contents page, change view from graph to table view at the top right


1eli
Click on the Filter results button, and in the caption type in Remote. Click Search


1eli
Click on Remote Registry to expand the results. Note the machines on which the service is disabled


1ehot tip

The service is disabled on the Windows 10 machines in our environment. Though it is stopped on all machines except 1ETRNCM, it is not disabled on all the machines, except for the Windows 10 machines.


1eli
Click the Follow-up Action tab, and in the search box, type Service


1eli
Select Set service <servicename> startup type to <startuptype> and state to <state>


1eli
In the Set service box, input RemoteRegistry. Set Startup type to Manual. Set state to Start


1eli
Note the Approximate target number


1ediscussion point

Even though it shows 7 as the approximate target the instruction will only run on the 2 that were returned by the filter. We have 3 types of filters in Tachyon Coverage Filter is applied before the question is asked and limits the devices that get the question or the action. Question Filters use the attributes of the responses and are applied after a question is asked – it limits the number of devices that will respond. View Filters use the attributes of the responses and are applied after a question is asked and after the responses have returned but limit what is displayed.


1eli
Return to the home page


1eli
Type Services into the search box, and select Which Windows services are disabled?


1eli
Click Edit in the Parameters space


1eli
Expand Coverage


1eli
Click on Management Group, click in the search box to display our list of Management Groups, select All Win 10 Lab Workstations. Click Set


1ediscussion point

We could also use our Device attributes to set our coverage based on Name of Device.


1ehot tip

Note the Approximate target has changed to 2 connected devices. We have 2 machines in our environment that are members of our Management Group.


1eli
Click Ask this question. Review the results in the Aggregated table view


1eli
Click the Actions tab, and in the search box, type Service


1eli
Select Set service <servicename> startup type to <startuptype> and state to <state>


1eli
In the Set service box, input RemoteRegistry. Set Startup type to Manual. Set state to Start. Click Perform this action


1eli
Note the Approximate target is now limited to 2 devices, which is the coverage of the original question


1eli
Input Passw0rd for the password


1eli
Launch LiveMail. Click Send/Receive to get the latest email in the inbox


1eli
Retrieve the authentication code from the email and input it into the Explorer Application. Click Submit



1evirtualmachine

1ETRNW101


1eolstart
startat181


1eli
Log into 1ETRNW101 as 1ETRN\User


1eli
Double-click the Services applet on the desktop


1eli
Scroll down to Remote Registry and validate that it is not running and set to disabled



1evirtualmachine

1ETRNW73


1eolstart
startat184


1eli
Still logged into the Explorer application as 1ETRN\Tachyon_adminG click on the notifications node


1eli
If already on the Notifications page, refresh the page


1eli
Click on the pending request. Review the details of the action, and note that it is now only going to 2 machines


1eli
Check the I understand the impact of this action and approve this request box. Click Approve



1evirtualmachine

1ETRNW101


1eolstart
startat188


1eli
Click the refresh button in the Services applet to refresh the view. Note that the Remote Registry service is now running, and the startup type is changed from Disabled to Manual


1eli
Review the 1E.Client.log. Note the reference to remoteregistry at the bottom of the log, along with a successful status for the corresponding InstructionId



1evirtualmachine

1ETRNW71


1eolstart
startat190


1eli
Return to the Explorer Application. It should be on the Content page


1eli
Note that the Action column shows Manual + Start for both machines in scope


1eli

Click on the Summary tab and note that the Target, Sent, Responses, and Success counts are all 2


Working with the Registry

1evirtualmachine

1ETRNW71


1eolstart
startat193


1eli
Navigate to the Home node in the Explorer Application


1eli
Type Registry into the I want to know box and select What are all the values under the registry key <hive> <subkey>?


1eli
In the subkey box, type in software\1E\Client\Persist


1eli
The value must be inputted exactly as shown above. If the value doesn't match what is on the clients, no results will be returned


1eli
Click Ask this question


1eli
From the start menu in windows, type in regedit in the search window and launch regedit


1eli
Navigate to HKLM\software\1E\Client\Persist


1eli
Review the different values present under this key. Leave regedit running


1eli
Return to the Explorer Application. Note that we are on the Responses page


1eli
Click the Filter Results tab, and input 1ETRNW71 into the Device name box. Click Search


1eli
Confirm the results seen here match what is shown in the registry, clear the search filter


1eli
Click on the Actions tab, and input registry into the search box, and click on Set registry entry <hive> <subkey> <name> to <valuetype> <value>


1eli
In the subkey box, input software\1E\Client


1eli
In the name box, input Test


1eli
Change the type to REG_SZ


1eli
In the value box, input Test


1eli
Click Perform this action


1eli
Follow the two factor authentication process by providing the password and then inputting the authentication code provided in the resultant email, as done in previous tasks



1evirtualmachine

1ETRNW73


1eolstart
startat211


1eli
From the start menu in windows, type regedit in the search window and launch regedit


1eli
Navigate to HKLM\software\1E\Client. Note that a default and the InstallationDirectory values exist


1eli
Approve the action in the Tachyon exchange console


1eli
Review the details of the action. Note that is it going to all 7 devices


1eli

In the registry, return to HKLM\Software\1E\Client. Click F5 to refresh the view


1eli
Note that a REG_SZ value named Test is created, with the data set to Test


1ediscussion point
The change is almost immediate. This is because we do not need a script to make this change, rather we are using the native language. This allows Tachyon to immediately execute the action we deployed via Tachyon. In a later lab, we will talk about native language vs. scripts.



1evirtualmachine

1ETRNW71


1eolstart
startat217


1eli
Return to the Explorer Application. Note that it is now on the Content page, and the status shows a count of 7


1eli
Switch to the Aggregated table view. Click on the aggregated row with the count to see the list of machines this action was applied to


1eli
Click on the Summary tab to validate that the action was successful on all 7 machines


1eli
Return to regedit. Navigate to HKLM\software\1E\Client. Confirm the Test value we set has been created via the Tachyon action


1eli

You will likely need to refresh the view to see the new value


Working with Device Tags

Device Tags allow you to add custom labels to devices for use by Tachyon. We have two types of Tags – Coverage and Freeform. Coverage Tags can be used for targeting instructions and are configured by a Tachyon Admin, devices can then be set using an instruction. Freeform Tags can be used to label the devices in your organization but are only set using instructions and cannot be used for coverage. In this exercise we will create the device tag that we will use for our Phased Deployments. We will have values for the devices that are used for Testing (TestGroup), Pilot (PilotGroup), Group1 and Group2 will show the example of Day 1 deployments and Day 2 deployments. We will set our 2 Windows 10 machines as a Pilot group in our lab using Tags. We will then ask a question using the Tag as our coverage parameter.

Creating the Pilot Group Tag

Planning the coverage tags for the entire environment should be done thoughtfully. Each device has a list of the tags that have been set on the 1E Client. The list includes Name=Value plus a delimiter. The entire list for each Agent cannot be over 512 characters.

1evirtualmachine

1ETRNW102


1eolstart
startat222


1eli
Logged into 1ETRNW102 as 1ETRN\Tachyon_AdminPP


1eli
Open Google Chrome and switch to the Settings application


1eli
Navigate to Configuration – Custom Properties


1eli
Click Add. In the Add Custom Property box type PhasedRollout in the Name field


1ewarning

Tag names can only be a maximum of 16 characters any tags exceeding the length limit will not be reported back and those devices will not be included in the coverage.


1eli
In the Property Type box select CoverageTag


1eli
In the Values box type in the following values


1eimplementationicontable
TestGroup
PilotGroup
Group1
Group2


1eli
You will need to click the + sign after adding the first value to add the additional fields


1eli

Click Add


Setting a Tag on Devices

We use instructions to tell the 1E Client which tags to add to each device. We have two types of Tags in Tachyon. Coverage Tags and FreeForm Tags. FreeForm tags have less stringent limitations for length but cannot be used to define coverage (you would ask a question to get a list of devices that have that freeform tag). Tag data is stored in the Tachyon Master Database for each device. The entire list of Coverage Tags on each device must not exceed 512 characters.

1evirtualmachine

1ETRNW71


1eolstart
startat230


1eli
Switch to the Explorer Application. Navigate to Home


1eli
Click on All Instructions and Expand the Tags Instruction Set


1eli
Select What are the coverage tags. Leave the parameters as they are


1eli
Click Ask This Question


1eli
When the results come back notice we have 0 tags on our devices. You may need to switch to Aggregated table view


1eli
Notice the || in our results. These are the delimiters that will be used for the list of tags on each device. You must factor in these characters when planning for your coverage tags


1eli
Stop the Instruction


1eli
Ask the question again but this time change the coverage to All Win10 Lab Workstations Management Group. Click on Ask This Question


1eli
Click on Actions from the Question we just asked


1eli
Click All Actions


1eli
Expand the Tags Instruction Set. Notice the Actions we have available in this instruction set


1ebest practice

We use these instructions to set tags and delete tags for the devices in our environment.


1eli

Select the Set coverage tag <tagname> to <tagvalue> action


1eli
Click in the first parameter field – notice our only choice is PhasedRollout. We have only created one tag in our Settings Application – Custom Properties but with multiple values. Select PhasedRollOut and PilotGroup


1eli
Click Perform this Action. You will have to enter your password


1eli
Open LiveMail and enter your Authentication Code



1evirtualmachine

1ETRNW73


1eolstart
startat245


1eli
In Google Chrome – Explorer Application


1eli
Navigate to Notifications and Approve the Instruction number from above



1evirtualmachine

1ETRNW71


1eolstart
startat247


1eli
In the Explorer Application ask the question What are the coverage tags?


1eli
Notice we have 2 devices set as our PhasedRollout - PilotGroup



1evirtualmachine

1ETRNW102


1eolstart
startat249


1eli
Open File Explorer and Navigate to c:\ProgramData\1E\Client


1eli
Open the 1E.Client.log and look for the instruction number from the approval that you did


1eli
You will see the action of running the instruction logged and also that the Tags have changed




1ediscussion point
Your log will look similar to this.


Asking a Question Using our Coverage Tag

Now that we have our devices tagged, we will ask another question. We will use the Device Tag for our coverage.

1evirtualmachine

1ETRNW71


1eolstart
startat252


1eli
Navigate to the Home screen of the Explorer Application


1eli
In the I want to know field type in Operating and choose What Operating System Information Does Windows SystemInfo Report?


1eli
Next to Parameters click Edit


1eli
Expand Coverage – Tags


1eli
In the Select Key field choose PhasedRollout


1eli
In the Select Value field choose PilotGroup Click Set


1eli
Click Ask this Question 


1eli

Notice that we only have responses from our 2 Windows 10 Devices


Working with Quarantine

In the event of a security breach, Tachyon can quarantine devices. This will cut off the device from all network traffic except for the Tachyon Switch. This can contain an outbreak while the device is remediated. In this exercise, we will target a specific system and quarantine it. We with then remove it from quarantine.

1ewarning

It is recommended that due to the powerful nature of the 3 quarantine instructions you permission them thoughtfully in Tachyon.

Checking Quarantine State

1evirtualmachine

1ETRNW102


1eolstart
startat260


1eli
Logged into 1ETRNW102 as 1ETRN\Tachyon_AdminPP


1eli
Open Google Chrome and Navigate to the Explorer Application


1eli
From the Home screen click All Instructions


1eli
Expand Quarantine


1eli
Click Are my devices quarantined?


1ewarning

Read the warning here – this is a very powerful feature and can take all your devices off the network if the coverage is not correct.


1eli
Click Ask this question


1eli

This is a simple query to see if the devices are actually quarantined. As you can see none of our devices are in quarantine


Quarantine a Device

In this task we are going to quarantine 1ETRNW72

1evirtualmachine

1ETRNW71


1eolstart
startat267


1eli
Navigate to Explorer application – Home screen


1eli
In the I want to know field type in Quarantine


1eli
Click on Quarantine Selected Devices. Click Edit on parameters


1ewarning

It is possible to quarantine the Tachyon server so be extremely careful with your coverage.


1eli
Click coverage


1eli
Expand Device. Choose in the first field and type in 1ETRNW72.1ETRN.local in the second field


1ehot tip

Use the FQDN here to ensure you don't quarantine the wrong machine.


1eli
Click Set


1eli
Click Perform this Action


1eli
Type in your Password


1eli
Open LiveMail and enter your authentication code



1evirtualmachine

1ETRNW73


1eolstart
startat276


1eli
Open LiveMail and Launch the Notification Page or refresh Chrome and navigate to Notifications


1eli

Approve the Request


Checking the Quarantined Device

1evirtualmachine

1ETRNW71


1eolstart
startat278


1eli
In the Explorer application check the results from the instruction


1eli
Notice there is now 1 device quarantined


1eli
Click on Quarantined in Status and see the device name


1eli
Launch a Command Prompt and type in ping 1etrnw72. Your request will time out without a response



1evirtualmachine

1ETRNW72


1eolstart
startat282


1eli
Launch a command prompt and ping 1ETRNDC


1eli
Ping 1ETRNCM


1ehot tip

These should both time out without a response. Once placed in quarantine a device can only be accessed from the Tachyon server.


1eli
Ping Tachyon (our alias for 1ETRNAP)


1ehot tip

This should ping as normal – all remediation efforts will have to originate from the Tachyon server for this device that is quarantined. This will greatly stop the propagation of any malware that gets introduced into your environment.


1eli
Launch a new browser window and navigate to Google.com


1eli

Notice that our device cannot get to other devices or the internet


Removing a Device from Quarantine

Now we will issue the instruction that will remove the device from quarantine. The device can only communicate with the Tachyon Switch at this time.

1evirtualmachine

1ETRNW71


1eolstart
startat287


1eli
Still logged in as 1ETRN\Tachyon_Admin1


1eli
Open Google Chrome – the Explorer Application should still be open


1eli
Navigate to Home and in the I want to know field type in Quaran and Select Releases Selected devices from Quarantine


1eli
Click Edit on the Parameters


1eli
Expand Coverage – Expand Device


1eli
In the contains field select =


1eli
In the next field type in 1ETRNW72.1ETRN.Local click Set


1eli
Type in the entire FQDN or the instruction will fail


1eli
Click Perform this action


1eli
Type in Passw0rd and click Confirm and Send


1eli
Open LiveMail and copy the authentication code for Instruction X


1eli
Paste the code into the Authentication Code box. Click Submit



1evirtualmachine

1ETRNW73


1eolstart
startat299


1eli
Still logged in as 1ETRN\Tachyon_AdminG


1eli
Open Chrome and refresh the page


1eli
In the Explorer Application navigate to Notifications


1eli
Approve Instruction X from above



1evirtualmachine

1ETRNW71


1eolstart
startat303


1eli
In the Explorer Application – Navigate to Instructions – History


1eli
Select our Releases selected devices from quarantine


1eli
Wait for this one to complete


1eli
Move back to Instructions – History. Select Are my devices quarantined?


1eli
Rerun this instruction


1eli
Wait for it to complete and see that all 7 devices are now NotQuarantined


1eli
Open a command prompt and Ping 1ETRNW72. Device should respond



1evirtualmachine

1ETRNW72


1eolstart
startat310


1eli
Ping any of the other devices in the lab


1ehot tip

All the devices should now respond to the ping request


1eli
Browse to the Internet


1eli
The device should be able to get to the internet


1ehot tip

The ability to quarantine devices is critical to be able to combat a security emergency. This functionality is also dangerous as the devices are only able to communicate with the Tachyon server to enable the ability to remediate the issue and the remove the quarantine. It is possible to quarantine the Tachyon Server, and this would prevent you from removing the quarantine.


Device Criticality

Within Tachyon we can classify our devices into degrees of importance or how critical the device is to an organization. We can then base our coverage of instructions on this for use in targeting. For example, if we set our domain controllers to Critical we could send an instruction and target all devices except for the Critical ones. We can also view our Guaranteed State results based on Criticality. We will look at that data in the Guaranteed State exercises

First Look at Criticality

In this task we are going to set our Lab Servers to Critical, our Windows 10 devices to High, and our Windows 7 Devices to Medium. We use instructions to set this on the device.

1evirtualmachine

1ETRNW71


1eolstart
startat313


1eli
Still logged in as 1ETRN\Tachyon_Admin1


1eli
Navigate to the Home screen of the Explorer Application


1eli
In the I want to know field type in Critical. Select What is the criticality of my devices?


1eli
Click Ask this Question


1eli
Click Stop once all 7 devices have returned results


1ediscussion point

Notice that all our devices are listed as Undefined. This is how a device shows until a criticality has been set.


Setting Criticality

1evirtualmachine

1ETRNW71


1eolstart
startat318


1eli
Navigate back to Home. Type Critical in the I want to know field


1eli
Select Set the criticality of my devices. Click Please choose in the list select Critical


1eli
Click Edit in the parameters row


1eli
Expand Coverage – Expand Management Group – Choose Lab Servers. Click Set


1eli
Type in Passw0rd and click Confirm and Send


1eli
Open LiveMail and copy the Authentication Code


1eli
Paste it into the Authentication Code box for Instruction XX. Click Submit



1evirtualmachine

1ETRNW73


1eolstart
startat325


1eli
In the Explorer Application navigate to Notifications


1eli
You may need to refresh to see Instruction XX from above


1eli
Type something in the comment box


1eli
Check I understand the impact. Click Approve



1evirtualmachine

1ETRNW71


1eolstart
startat329


1eli
Wait for all devices to respond


1eli
Repeat the Steps above to set the following:


1eimplementationicontable

Windows 10 = High
Windows 7 = Medium


Viewing Criticality

1evirtualmachine

1ETRNW71


1eolstart
startat331


1eli
In the Explorer Application – Home – I want to know


1eli
Type in Critical and select What is the criticality of my devices?


1eli
Click Ask this question


1eli
Drill into each Criticality to see the devices that are assigned to each one



1evirtualmachine

1ETRNAP


1eolstart
startat335


1eli
Still logged into 1ETRNAP as 1ETRN\AppInstaller


1eli
From the Start Menu launch SQL Management Studio


1eli
Connect to the Database Engine


1eli
Expand Databases


1eli
Expand TachyonMaster


1eli
Expand Tables


1eli
Right Click dbo.GlobalSetting and choose Select Top 1000 Rows


1eli
In the Name column look at the CriticalityMapping values


1eli
Right Click on dbo.Device and choose Select Top 1000 Rows


1eli
Scroll over to the Criticality Column to view the settings


1ediscussion point

We will revisit Device Criticality in Guaranteed State


Using the Tachyon Exchange

In this exercise we will download some product packs from the Tachyon Exchange directly from the Explorer Application and import those product packs into Tachyon.

Download the Product Packs

1evirtualmachine

1ETRNAP


1eolstart
startat345


1eli
Still logged into 1ETRNAP as 1ETRN\AppInstaller


1eli
Launch the Settings Application


1eli
Navigate to Instructions – Instruction Sets


1eli
Click on Tachyon Exchange in the upper right


1eli
Scroll down and look at the product packs that are available to download


1ediscussion point
The Tachyon Exchange is a collection of both community written and 1E authored product packs. All have been verified by 1E and signed with the 1E Code Signing Certificate.


1eli
Explore the Tachyon Exchange to see the offerings available. When you are finished download the IT Management any Product Pack
1ediscussion point
This is a very useful product pack for common IT Operations instructions. You will have to log in using your 1E Support Portal credentials.
you choose


1eli
Click on Download Product Packs


1eli
In the Checkout page click Free Download


1eli
On the Purchase Confirmation page click on the link below IT Management. Once the download completes Save the .zip to c:\temp


1eli
Download 2 additional product packs that interest you. Save them to c:\temp


1eli

Upload into Tachyon and move them into an Instruction Set


Lab Summary

In this lab, we worked with Tachyon in a variety of different ways. We added different Product Packs to Tachyon which provided us with specific functionality defined within those Product Packs. We organized the individual instructions from the Product Packs into Instruction Sets. We then asked questions and executed actions using the different instructions. We learned how to create and deploy device tags and use them for Coverage for our Instructions. We learned how to use Quarantine to help us remediate security issues and prevent further spread. We learned how to set and view Device Criticality. We then learned how to download product packs from the Tachyon Exchange and import them into Tachyon for use

Next Page
Ex 6 - TCN Opr v5.0 - Working with Patch Success