General client deployment settings

The following settings are often configured the same for multiple deployments. You can optionally configure these settings in a client deployment template.

Section Setting Description
Content to deploy Client Version

Select the version of the Tanium Client to install.

To manage the client versions that are available for this setting, see Manage versions of the Tanium Client available for deployments and upgrades.

You cannot use Client Management to install a Tanium Client version earlier than 7.4.7.1094.
Method settings SSH Ports Enter the SSH port to use for deployment to non-Windows endpoints. The default port is 22.
Retry Delay Enter the delay between connection retries to a single endpoint during the deployment. The value for this setting must be between 5 seconds and 15 minutes.
Retry Limit Enter the maximum number of attempts to make a connection to a single endpoint during the deployment. The maximum value for this setting is 30.
Installation Limit Enter the maximum number of concurrent installations during the deployment. The maximum value for this setting is 300.
File Transfer Timeout Enter the time-out for file transfers during the deployment. The maximum value for this setting is 60 minutes.
Installation Validation Health Check Retry Limit Enter the maximum number of attempts to check the health of a newly installed Tanium Client to validate the installation. The value for this setting must be between 3 and 75.
Verbose Logging

If you need to troubleshoot client installation issues, select Enable verbose logging for client installations on targeted endpoints.

To view the installation log, see View the deployment status and endpoint installation logs.
Installation options Installation Directory on Windows

(Optional) Enter a custom installation directory for Windows endpoints. Leave blank to use the default installation directory.

  • The installation directory must be located on a local fixed drive on each endpoint.

  • The installation directory must be located on drive C for deployment with Client Management. To install Tanium Client on a different drive, you must use an alternative deployment method. For more information, see Deploying the Tanium Client using an installer or package file.
Space Required (Windows)

(Optional) Enter the disk space that should be available on a targeted Windows endpoint for the client to be installed.

The default of 3000 MB is sufficient for the Tanium Client itself, but the total space required depends on the modules that you use with each endpoint. For more information, see Hardware requirements.
Installation Directory on Non-Windows

(Optional) Enter a custom installation directory for non-Windows endpoints. Leave blank to use the default installation directory.

  • The installation directory must be located on a local fixed drive on each endpoint.

  • (macOS endpoints) You cannot customize the installation directory on macOS. The fixed installation directory for macOS is /Library/Tanium/TaniumClient.
Space Required (Non-Windows)

(Optional) Enter the disk space that should be available on a targeted non-Windows endpoint for the client to be installed.

The default of 3000 MB is sufficient for the Tanium Client itself, but the total space required depends on the modules that you use with each endpoint. For more information, see Hardware requirements.
Client options Endpoints without the Tanium Client To install the client on unmanaged endpoints, select Install Tanium Client. This is a typical deployment.
Endpoints with an Installed Tanium Client

Select one of the following options:

  • No action to endpoint: Ignore endpoints where the client is already installed. Select this option for a typical deployment to unmanaged endpoints.

  • Install if newer Tanium Client version: Install the version that you specified in the selected client configuration only on endpoints where an earlier version is currently installed.

    For general management of upgrades to existing clients, create upgrade deployments that target computer groups. See Upgrade Tanium Clients using Client Management.

  • Reinstall Tanium Client: Reinstall existing clients. Use this option to repair disabled or corrupt clients.

    This selection provides additional options: Clear Existing Data and Overwrite Connected Clients. If neither of these options is selected, Client Management reinstalls clients only on endpoints where the client is not communicating properly with the Tanium Server and where the currently installed version is earlier than or the same as the version that you configure in a client configuration. Any data that the client has collected remains on the client.

    Select Clear Existing Data to wipe all client data. If you select this option, the version that you deploy replaces any existing version, since the deployment first removes any version of the client found on the endpoint.

    Select Overwrite Connected Clients to reinstall clients that are still communicating with the server.

    macOS: If you are installing the universal version of the macOS client on an endpoint where the x86-64 version of the client is installed, you must select Clear Existing Data.

Proxy

If deployed clients must connect through a proxy server, select one of the following options:

  • PAC file (Windows endpoints only): Use a PAC file to configure the proxy on endpoints. Selecting this option automatically adds the ProxyAutoConfigAddress client setting. Configure the URL of the PAC file for the value.
  • Proxy server: Use specific addresses to connect endpoints through a proxy server. Selecting this option automatically adds the ProxyServers client setting. Configure the addresses of proxy servers for the value.

For more information about using a proxy server, see Connect through an HTTPS forward proxy server.
Log Level

(Optional) Enter a log level for the Tanium Client on targeted endpoints. The following values are best practices for specific use cases:

  • 0: Use this value to disable logging; use for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
  • 1 (default): Use this value during normal operation.
  • 41: Use this value during troubleshooting.
  • 91 or higher: Use this value for full logging, for short periods of time only.

This value does not affect the verbosity of the client installation log during deployment. For troubleshooting client installations, enable the Verbose Logging setting.
Client Settings

(Optional) To change a default client setting, click Add Client Setting, and then enter a Key and Value. For information about specific client settings, see Tanium Client settings reference.

  • If you selected PAC file for the Proxy setting, do not delete the ProxyAutoConfigAddress client setting. If you selected Proxy server for the Proxy setting, do not delete the ProxyServers client setting.

  • If you are deploying the Tanium Client to virtual desktop infrastructure (VDI) instances or other endpoints with limited resources, you might need to adjust certain client settings to help to reduce resource usage. For more information, see Tuning Tanium Client settings for VDI endpoints and other endpoints with limited resources.
Custom Tags

(Optional) To add a custom tag to the client during deployment, click Add Custom Tag and enter a tag name. The InstalledByTCM tag is included by default so that you can later easily target clients that were installed using Client Management.

Do not include spaces in a tag name.