Installing Client Management

Tanium as a Service automatically handles module installations and upgrades.

Use the Solutions page to install Client Management and choose either automatic or manual configuration:

  • Automatic configuration with default settings (Tanium Core Platform 7.4.2 or later only): Client Management is installed with any required dependencies and other selected products. After installation, the Tanium Server automatically configures the recommended default settings. This option is the best practice for most deployments. For more information about the automatic configuration for Client Management, see Import Client Management with default settings.
  • Manual configuration with custom settings: After installing Client Management, you must manually configure required settings. Select this option only if Client Management requires settings that differ from the recommended default settings. For more information, see Import Client Management with custom settings.

Endpoint Configuration is automatically installed when you install Client Management. For more information about Endpoint Configuration, see Tanium Endpoint Configuration User Guide.

When you import Client Management, sign in to the Tanium Console with the account that will be used as the Client Management and Endpoint Configuration service account. The Endpoint Configuration service account is set to the account that you used to import the Client Management service, regardless of whether you use automatic configuration when you import Client Management.

Before you begin

Import Client Management with default settings

(Tanium Core Platform 7.4.5 or later only) You can set the Client Management action group to target the No Computers filter group by enabling restricted targeting before adding Client Management to your Tanium licenseimporting Client Management. This option enables you to control tools deployment through scheduled actions that are created during the import and that target the Tanium Client Management action group. For example, you might want to test tools on a subset of endpoints before deploying the tools to all endpoints. In this case, you can manually deploy the tools to an action group that you configured to target only the subset. To configure an action group, see Tanium Console User Guide: Managing action groups. To enable or disable restricted targeting, see Tanium Console User Guide: Dependencies, default settings, and tools deployment.

When you import Client Management with automatic configuration, the following default settings are configured:

The following default setting is configured:

Setting Default Value
Action group

The action group is set to the All Linux, All Mac, and All Windows computer groups.

  • Restricted targeting disabled (default): All Linux, All Mac, and All Windows computer groups
  • Restricted targeting enabled: No Computers computer group

If you import Client Management with restricted targeting disabled. leave Leave the Client Management action group set to the default of All Linux, All Mac, and All Windows. If you use restricted targeting to set the Client Management action group to target the No Computers filter group, set the action group to target the computer group All Computers or the computer groups All Linux, All Mac, and All Windows.

Service account

The service account is set to the account that you used to import the solution.

Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization. See Configure the service account.

To import Client Management and configure default settings, see Tanium Console User Guide: Import all modules and services. After the import, verify that the correct version is installed: see Verify Client Management version.

Import Client Management with custom settings

To import Client without automatically configuring default settings, be sure to clear the Apply All Tanium recommended configurations check box while performing the steps in Tanium Console User Guide: Import, re-import, or update specific solutions. After the import, verify that the correct version is installed: see Verify Client Management version.

To configure the service account, see Configure the service account.

To configure the Client Management action group, see Configure the Client Management action group.

Review Endpoint Configuration settings

The following default setting is configured:

When you import Client Management (regardless of whether you use automatic configuration), the following default settings are configured for Endpoint Configuration:

Setting Default Value
Action group

The action group is set to the All Computers computer group.

  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

If you use restricted targeting to set the Endpoint Configuration action group to target the No Computers filter group, make sure you set the action group to target the appropriate endpoints (typically All Computers) before using any modules: see Tanium Endpoint Configuration User Guide: Configure the Endpoint Configuration action group. Modules cannot deploy configurations or tools to endpoints that are not targeted by the Endpoint Configuration action group. Use the appropriate targeting groups within modules to control targeted deployment of configurations or tools.

Service account

The service account is set to the account that you used to import the Client Management service.

Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization. See Configure the service account.

For information about initially configuring Endpoint Configuration, see Tanium Endpoint Configuration User Guide: Configuring Endpoint Configuration.

Manage dependencies for Tanium solutions

When you start the Client Management workbench for the first time, the Tanium Console ensures that all of the required dependencies for Client Management are installed at the required version. You must install all required Tanium dependencies before the Client Management workbench can load. A banner appears if one or more Tanium dependencies are not installed in the environment. The Tanium Console lists the required Tanium dependencies and the required versions.

  1. Install the modules and shared services that the Tanium Console lists as dependencies, as described under Tanium Console User Guide: Import, re-import, or update specific solutions.
  2. From the Main menu, go to Modules > Client Management to open the Client Management Overview page.

Verify Client Management version

After you import or upgrade Client Management, verify that the correct version is installed:

  1. Refresh your browser.
  2. From the Main menu, go to Administration > Shared Services > Client Management to open the Client Management Overview page.
  3. To display version information, click Info Info.

Upgrade Client Management

For the steps to upgrade Client Management, see Tanium Console User Guide: Import, re-import, or update specific solutions. After the upgrade, verify that the correct version is installed: see Verify Client Management version.