Configuring Client Management
If you did not install Client Management with the Apply All Tanium recommended configurations option, you must enable and configure certain features. Additionally, you must add client installation files if you are using an air-gapped environment.
Tanium™ Cloud automatically handles initial configuration for Client Management, but you can set up additional Client Management users.
The following default setting is configured:
Setting | Default Value |
---|---|
Action group |
The action group is set to the All Computers computer group.
|
Review Endpoint Configuration settings
The following default setting is configured:
Setting | Default Value |
---|---|
Action group |
The action group is set to the All Computers computer group. If you use restricted targeting to set the Client Management and Endpoint Configuration action groups to target the No Computers filter group, then make sure that before using any modules, you first set the Client Management action group to target the appropriate endpoints (typically All Computers), and then set the Endpoint Configuration action group to target the same endpoint. For more information, see |
For information about initially configuring Endpoint Configuration, see Tanium Endpoint Configuration User Guide: Configuring Endpoint Configuration.
and select Global.
Configure the Client Management action group
If you imported Client Management without the Apply All Tanium recommended configurations option or with Restricted Targeting enabled, the Client Management action group targets No Computers by default. To enable Client Management functionality after importing without the Apply All Tanium recommended configurations option or with Restricted Targeting enabled, set the Client Management action group to target the computer group All Computers.
- From the Main menu, go to Administration > Actions > Action Groups.
- Click Tanium Client Management.
- Clear the selection for No Computers.
- Select All Computers and click Save.
Set up Client Management users
You can use the following set of predefined user roles to set up Client Management users.
To review specific permissions for each role, see User role requirements for Client Management.
On installation, Client Management creates a Client Management user to automatically manage the Client Management service account. Do not edit or delete the Client Management user.
For more information about assigning user roles, see Tanium Core Platform User Guide: Manage role assignments for a user.
Client Management Administrator
Assign the Client Management Administrator role to users who manage all configuration in Client Management, configure client deployments, and investigate issues with specific clients.
This role can perform the following tasks:
-
View, create, edit, and delete client configurations and client credentials
No user can view passwords in existing credentials.
-
View, create, and delete client deployments
-
View summarized client health information
-
Directly connect to endpoints to view detailed client health information
Client Management User
Assign the Client Management User role to users who execute client deployments.
This role can perform the following tasks:
-
View client configurations and client credentials
No user can view passwords in existing credentials.
-
View and execute client deployments
-
View summarized client health information
Client Management Read-Only User
Assign the Client Management Read-Only User role to users who can review details of client deployments.
This role can view client configurations, client credentials, and client deployments.
Client Management API User
This role is used internally and is not typically assigned to users.
Client Management Auditor
This role is used internally and is not typically assigned to users.
Client Management Operator
Assign the Client Management Operator role to users who
This role can perform the following tasks:
-
Download installation packages for the Tanium Client.
-
Directly connect to endpoints to view detailed client health information.
This role can directly connect to endpoints to view detailed client health information.
Client Management Upgrade Operator
Assign the Client Management Upgrade Operator role to users who manage upgrades of the Tanium Client on endpoints.
This role can perform the following tasks:
-
Upgrade the Tanium Client on endpoints.
-
manage versions of the Tanium Client that are available for upgrades.
Client Management Endpoint Configuration Approver
Assign the Client Management Endpoint Configuration Approver role to a user who approves or rejects Client Management configuration items in Endpoint Configuration.
Do not assign the Client Management Service Account and Client Management Service Account - All Content Sets roles to users. These roles are for internal purposes only.
To configure a user who can only view client health information and connect to endpoints to access detailed client health and troubleshooting information, assign the following roles:
- Direct Connect User
- A custom role with the following permissions:
- Clientmanagement Show
- Client-Management Direct Connect
- Client-Management View Health
For information about creating a custom role, see Tanium Console User Guide: Configure a custom role, and for information about assigning user roles, see Tanium Core Platform User Guide: Manage role assignments for a user.
Manage versions of the Tanium Client available for deployments and upgrades
-
From the Main menu, go to Administration > Shared Services > Client Management.
- From the Client Management menu, click Client Versions.
-
(Optional) To download the latest manifest for Tanium Client installers from content.tanium.com, click Synchronize Manifest.
-
Beside each version that you want to cache for client upgrades, click Cache Packages
.
To remove the cached packages for a version that is no longer needed and free up storage space, click Clear Package Cache
beside that version. That version is not available for client upgrades until you cache it again. You cannot remove the cached packages for a version that is selected in an existing client upgrade.
Manage versions of the Tanium Client available in an air-gapped environment
If you cannot enable communication between your Tanium Module Server and content.tanium.com, you must manually import Tanium Clients instead of caching versions from the online manifest.
-
Contact Tanium Support to obtain a ZIP file with the installation packages.
-
From the Main menu, go to Administration > Shared Services > Client Management.
-
Click Upload Tanium Client, click Select Client ZIP file, select the file, and click Upload.
To delete an imported version, click Delete Version
beside that version. That version is not available for client upgrades until you reimport it. You cannot delete a version that is selected in an existing client upgrade.
Last updated: 3/21/2023 4:37 PM | Feedback