Settings features
The Settings application lets you configure the 1E system and application settings. For more information please refer to the Using Settings section of this documentation.
Settings features
Instructions, DEXPacks, Instruction sets, and permissions
1E lets you investigate your network using questions and actions, which are collectively known as Instructions.
You can load Instructions into 1E, either individually or with a DEXPack, which is essentially a zip file containing one or more Instructions. 1E comes with a range of pre-framed questions and actions in the form of DEXPacks, providing extensive out-of-the-box capabilities that can be extended as new and updated DEXPacks are made available.
1E permissions for the Instructions are handled using Instruction sets. You create Instruction sets, then define roles that specify particular permissions on those sets, and then assign the roles to users. Each Instruction is only allowed to reside in one Instruction Set, which associates it with a role and thereby the users that have that role and can run the Instruction. The roles have associated Management groups that determine the devices that users with the role have access.
When Instructions are loaded into 1E they are placed in the default Unassigned Instruction Set, so you must move them into previously created Instruction sets before they can be run.
For more information on uploading product packs into 1E and managing Instruction sets, please refer to Instruction sets page.
Server software
Category | Product | Notes |
|---|---|---|
Server OS |
| For more detail about configuration of servers, please refer to Windows Server requirements. Only 64-bit server OS are supported. The server must be domain-joined. This version of 1E requires the server OS to be English because of a Known issues with certain regional settings. If TLS 1.0 is disabled, then please ensure you follow the steps in If TLS1.0 is disabled to add registry entries, for the 1E Catalog Update Service to successfully connect to the 1E Cloud Catalog. NoteThis list shows only those OS versions in mainstream support by Microsoft, and therefore supported by 1E, and by 1E Client 23.7. Please refer to Constraints of Legacy OS regarding the end of mainstream support. For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search. Refer to Support for Microsoft Rapid-Release Cycle on https://support.1e.com/ for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions. |
SQL Server and SQL Server Analysis Services (SSAS) |
| For more detail, please refer to SQL Server requirements. Standard and Enterprise editions of these versions of SQL Server and SQL Server Analysis Services (SSAS) are supported. SQL Server 2016 RTM is not supported due to some issues, which are resolved by SP3. Note1E only supports AlwaysOn Availability Groups on SQL Server Enterprise Edition. Please refer to High Availability options for SQL Server for HA options and their requirements. NoteIf you intend to integrate with third-party business intelligence products such as Power BI, you must install the Enterprise edition of SSAS as per their requirements. A SQL Server database instance is required for the following databases:
SLA Inventory databases1E Server Setup can install the above databases on separate SQL Server instances, however SLA-Data, SLA-Integrate, and SLA-Shared must exist on the same instance. A SQL Server Analysis Services (SSAS) instance installed in Multidimensional mode is required for SLA Business Intelligence. SLA Business IntelligenceSLA Business Intelligence (BI) is only required for the Patch Success application. Together, the SLA Platform and BI installers create the following:
If the SLA databases, BI database, or SSAS instance for BI, are on different SQL Servers then the BI installer enforces the use of a SQL login on each instance. If they are on the same SQL Server then the installer gives you a choice of using integrated security (domain user account) or a SQL login. However, if you are installing all the components using 1E Server Setup instead of their individual installers, then you are not given the choice. 1E Server Setup always uses integrated security. Contact your 1E Account Team if your scenario requires the above-mentioned databases to be on different SQL Servers. This affects different servers, not different instances. All SQL Server instances must be configured with the following:
All SQL Servers should be configured with the SQL Server Browser service running in order for the BI installer to select from a list of instances. SQL Server Management Studio is required to review the configuration and edit settings in 1E database tables. If installing SQL Server locally, note:
For the latest information about SQL Server prerequisites, please refer to http://go.microsoft.com/fwlink/?LinkId=622999. |
Microsoft Endpoint Configuration Manager |
| 1E uses Configuration Manager for the following optional apps and features:
Content Distribution provides the following Content Distribution features for Configuration Manager:
Content Distribution requires the Content Distribution web service to synchronize with the Configuration Manager database. For standalone primary site environments, permissions are automatically assigned to the service account of Content Distribution's web application pool service (by default Network Service) using the ConfigMgr_DViewAccess localgroup native to Configuration Manager. For a CAS, this group is not created natively therefore additional steps are required to allow access. Please refer to Preparation: Microsoft Endpoint Configuration Manager preparation. |
Web Server |
| See Windows Server roles and features for details about required Web Server roles and features. |
Runtime libraries |
| See Windows Server roles and features for details about required .NET Framework roles and features. To know supported combinations of OS and .NET Framework, please refer to: https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/versions-and-dependencies.
ASP.NET Core Hosting Bundle is required only for the Content Distribution. It is not included with the Operating System, and must be downloaded and installed separately. If it not already installed, 1E Server Setup will attempt to automatically download version 3.1.11 and install it. Alternatively you can download it, or a later version, and install it yourself. For more detail please refer to ASP.NET Core Hosting Bundle. Installers include and automatically installs the redistributable packages for Visual C++ 2013 and Visual C++ 2015-2019. The Coordinator (licensing module on the Master Stack), and Switch (on Response Stack) are written in C++ using Visual Studio 2013 and 2019, therefore require the runtime (x64) versions of these packages. Other server components use .NET Framework. SQL BCP is required by the Export All feature described in Exporting data from Endpoint Troubleshooting, and must be installed on each Tachyon Response Stack server (specifically the servers which have the Tachyon Core installed). BCP uses ODBC, which requires Microsoft ODBC Driver versions 13.1 and 17 and Visual C++ 2017 Redistributable to be installed first. Please refer toP SQL BCP for more detail. |
Other software |
| PowerShell is required by 1E installer during installation. |
Browsers | Latest version of:
| A browser is not a prerequisite for installation of 1E servers but is required to use and administer the 1E platform. The administration is performed via the 1E portal and can be on a remote computer. These browsers are supported on all OS platforms which the browser vendor supports. The Portal and any API should be added as a trusted site. This is especially important when running scripts that may produce unexpected errors. Please review Known Issues Using 1E. NoteSupport has been withdrawn for Internet Explorer 11 and legacy Microsoft Edge (non-Chromium version) because Microsoft no longer supported them since 2021. We recommend you use Google Chrome, Firefox, or Microsoft Edge Chromium browser. |
Connectors
Connectors are used to connect to other 1E and third party systems and populate repositories. When more than one connector to different data sources is used, the information from those different data sources is de-duplicated and normalized into a single cohesive view that is then stored in a repository. In this way, you can use the data from different sources to augment each other and build a better picture of "what's out there?".
For example, you can sync inventory data from Configuration Manager into an inventory repository, which will fetch information about your Windows devices. You could then augment that with inventory data synced from 1E which could include information about non-Windows devices where the client has been installed.
Note
For more information on connectors, please refer to:
The following connectors are supported:
BigFix connector — Connects to a BigFix Inventory database server.
BigFixInv connector — Connects to a BigFix Inventory database.
File Upload connector — Uploads inventory data from a folder containing tab (TSV) and comma (CSV) separated value file(s).
Intune connector — Connects to an Intune application and collects inventory and usage data.
Microsoft Office 365 connector — Connects to an Office 365 application in InTune and pulls in inventory and usage data.
OpenLM connector — Connects to an OpenLM database server.
Oracle LMS connector — Connects to Oracle LMS and queries it for inventory information.
ServiceNow connector — Connects to a ServiceNow instance to import basic inventory data into SLA Platform.
System Center Configuration Manager connector — Connects to a Configuration Manager database and pulls in inventory and usage data.
1E connector — Connects the 1E and SLA components to support the Management group and 1E Powered Inventory features. The 1E Powered Inventory feature uses instructions to fetch inventory data from clients, and is a prerequisite for Patch Insights.
vCenter connector — Connects to a vCenter server and pulls in inventory data.
Windows Server Update Services connector — Connects to a WSUS database and pulls in patch data.
Repositories
Repositories are used by applications to process and store information. For example, the Patch Insights application uses both an inventory and a BI repository to process the information needed to report on how successful patching is in your enterprise. Normally a connector is used to connect a data source to an appropriate repository.
Tip
Repositories are also useful when you want to segregate different types of data. For example, you could have one inventory repository for Configuration Manager inventory data, and another one for BigFix data. Alternatively, you can have connectors to different inventory sources pushing data into one repository. Any Management Groups that you create will span all the repositories you have.
Device Tags
Device Tags are generally associated with Endpoint Troubleshooting and can be used when setting coverage to target Instructions to particular devices, but they can also be used to define Management Groups optionally used by all applications.
Device Tags must be defined by a Full Administrator before they can be used to tag devices or used to set the coverage of Instructions.
This is done from the Settings→Configuration→Custom properties→ Device Tags page, which can be viewed by users with the Full Administrator role.
Note
For more information on managing and using Device Tags, please refer to:
Software Tags
Using Software Tags allows you to create custom labels and associate them with the software titles you have deployed in your estate.
You can do this from the Settings→Configuration→Custom properties→Software Tags page, which can be viewed by users with the Full Administrator role.
Using Software Tags allows you to create custom labels and associate them with the software titles you have deployed in your estate. An administrator with either the Full Administrator or Group Administrator role can set Software Tags in their environment, they can also create Management Groups based on the tag name and value. For details about configuring 1E users, Roles, and Management Groups refer to the Permissions Menu pages.
In short, you can work with Software tags by:
Creating your Software Tag.
Associating the new tag with a software title.
Creating a Management Group based on the Software Tag name and Tag value rules (This step can be run anytime before evaluation).
Evaluating the new Management Group by running a Basic Inventory Consolidation.
If an administrator adds or modifies Software Tags or associations, they will have to run the Management Group evaluation report again to see the updated devices reflected in Inventory.
Schedules
Schedules can be created to execute specific operations on repositories in 1E so that they are kept up to date with their data sources and processing. These operations include:
Syncing data sources to repositories using connectors
Processing the BI data cube.
Repository schedules are different from Instruction schedules that can be set in Endpoint Troubleshooting.
Consumers, Applications, Components, and Providers
There are pages in the Settings application for each of these. They are described in the following table:
Configuration objects | Description |
|---|---|
Consumers | These can access 1E using the 1E Consumer API. To enhance the security of the 1E system, only consumers that have been registered on the Settings→Configuration→Consumers page will be allowed to access 1E. |
Applications | Features of 1E that is hosted in the 1E portal. Applications are generally Consumers as they need to interact with 1E using the 1E API. These are available on the Switch App menu. |
Components | These form part of SLA and cannot be changed or altered by a user. These can be viewed using the Settings→Configuration→Components page. |
Providers | These are components that can be configured to provide a particular operation in SLA. These can be viewed and configured using the Settings→Configuration→Provider configuration page. |
Note
For more information on Consumers, Components, and Providers, please refer to:
Information pages
Information on your 1E license is available, as well as the ability to, reactivate it following an update.
You can view information on the 1E system information for the Consumer, Coordinator, Background channel, Core and Switch.
Monitoring log files
The monitoring pages let you view how 1E is performing its tasks. Four key log pages are provided:
Page | Description |
|---|---|
Process log | Whenever you execute a sync or process a repository the steps are displayed here. This page is updated in real-time and shows the status of each step as it happens. |
Sync log | The results of performing a sync are displayed here. |
Infrastructure log | Information on the 1E infrastructure is displayed here, such as license status and instruction workflow. |
Audit information log | This page displays information on the Instructions that have been run in Endpoint Troubleshooting. This includes the instruction text and the user that requested it. |
Note
For more information on monitoring please refer to:
Defining users and roles
1E users or groups can be added from AD. They can be assigned roles that determine what aspects of 1E they can access. Custom roles can be created that let you associate particular permissions on particular Instruction sets for particular management groups.
Note
For more information on users and roles please refer to:
Management groups
Management groups use inventory-based rules to define groups of particular devices, they are implemented in SLA and then made available to 1E applications and other consumers. After a management group is defined, each time the inventory is updated the device membership of the groups is re-evaluated by applying the management group's rules to the new inventory.
Custom roles can be created that tie particular Instruction sets to particular management groups. This means you can not only set the permissions for users to access the Instructions in specific Instructions sets, but you can also determine which devices they can target using those Instructions.
Once defined, management groups can then be used to set the coverage for Instructions in Endpoint Troubleshooting and also which devices can be targeted by particular users. Management groups are also used by the Patch Insights and Endpoint Automation applications to determine which devices are being targeted.
Note
For more information on management groups, please refer to:
Uploading Instructions into 1E and creating Instruction sets
You determine the capabilities of Endpoint Troubleshooting by uploading Instructions from product packs into 1E. DEXPacks are either provided with the release or downloaded from the 1E Exchange. Once the Instructions have been uploaded into 1E you then need to put them into Instruction sets. The Instruction sets can then be associated with custom roles to determine the permissions applied to the Instructions. The custom roles are then applied to users to determine which Instructions each user has access to.
Note
For more information on uploading product packs into 1E and managing Instruction sets, please refer to: