Managing client settings

Tanium Client settings are stored in Windows registry settings on Windows endpoints, or in an SQLite database on non-Windows endpoints.

Do not edit Tanium Client keys and values in the Windows registry. Use one of the methods in Modify client settings to configure client settings.

For the list of client settings that you can review or configure, see Tanium Client settings reference.

Review client settings

Use any of the methods in this section to review client settings. A setting that has not been configured on a client uses the default value that is configured in the Tanium Console (see Modify default client settings in the Tanium Console), or if no value is configured in the Tanium Console, the default that is listed in the Tanium Client settings reference applies.

Client Health view

Use the Client Health view in the Client Management service to review a summary of client settings that are configured across endpoints or detailed client settings on individual endpoints.

Summary view

Use the main Client Health view to review a summary of client settings that have been changed from their defaults on some endpoints and the count of endpoints on which each setting has been changed.

  1. From the Main menu, go to Administration > Shared Services > Client Management.
  2. From the Client Management menu, go to Client Health.

  3. Click the Settings tab.

  4. (Optional) Select a Computer Group to filter the summary information.

Detail view

Connect directly to an endpoint to view each client setting that has been configured for that endpoint.

  1. In the Direct Connect search box in the Client Health view, enter all or part of an IP address or a computer name.

    Matching results are displayed after the search completes.

  2. From the search results, click the computer name to connect to the endpoint.
  3. Click the Configuration tab to view client settings for the endpoint.

  4. When you finish reviewing client health information for the endpoint, click Disconnect to disconnect from the endpoint and return to the client health summary.

Tanium Client Explicit Setting Sensor

Ask a question using the Tanium Client Explicit Setting sensor to review client settings on endpoints. For example, the following question returns the LogVerbosityLevel setting for endpoints that have a computer name that includes Lab:

Get Tanium Client Explicit Setting[LogVerbosityLevel] from all machines with Computer Name contains Lab

For more information about working with question results, see Tanium Interact User Guide: Managing question results.

Command line interface (CLI)

Use the CLI to review client settings locally on an individual endpoint or to retrieve client settings in a script.

  • Windows: TaniumClient config get <SettingName>

  • Non-Windows: sudo ./TaniumClient config get <SettingName>

For detailed information about using the CLI, see Tanium Client command line interface (CLI).

Modify client settings

Use any of the methods in this section to modify client settings as necessary.

For the list of client settings that you can configure, see Tanium Client settings reference.

Packages

Deploy the Modify Tanium Client Setting or Modify Tanium Client Setting [Non-Windows] package to configure a client setting on all targeted endpoints. Because Windows and non-Windows endpoints require separate packages to update settings, repeat the steps for both types of endpoints.

  1. In Interact, ask a question to target the Windows endpoints on which you want to modify a client setting.

  2. Select the endpoints to target and click Deploy Action.

    You can drill-down or merge questions to refine the results before selecting endpoints. For more information, see Tanium Interact User Guide: Managing question results.

  3. For Deployment Package, select one of the following packages:

    • Modify Tanium Client Setting for Windows endpoints

    • Modify Tanium Client Setting [Non-Windows]

  4. Configure the following settings:

    • (Windows only) For RegType, select the Windows registry value type that is listed in the Tanium Client settings reference for the setting that you want to modify.
    • (Non-Windows only) For Type, select the non-Windows setting type that is listed in the Tanium Client settings reference for the setting that you want to modify.
    • For ValueName, enter the name of the setting that you want to modify, as listed in the Tanium Client settings reference.
    • For ValueData, enter the value to configure for the setting on targeted endpoints.

    For the following frequently used settings, you can use specific packages that let you enter only the value to configure.

    • LogVerbosityLevel: Use the Set Windows Tanium Client Logging Level or Set Tanium Client Logging Level [Non-Windows] package.

    • ServerName: Use the Set Tanium Server Name or Set Tanium Server Name [Non-Windows] package.
    • ServerNameList: Use the Set Tanium Server Name List or Set Tanium Server Name List [Non-Windows] package.
  5. (Optional) In the Deployment Schedule section, configure a schedule for the action.

    If some target endpoints might be offline when you initially deploy the action, select Recurring Deployment and set a reissue interval.

  6. In the Targeting Criteria section, make sure that the settings target only endpoints that meet the following criteria:

    • The targeted endpoints require the updated setting.
    • The targeted endpoints run an operating system that matches the selected package (Windows or non-Windows).
  7. Click Show Preview To Continue, review the list of targeted endpoints, and then click Deploy Action.

    Clients do not apply the updated setting until you manually restart them or wait for the automatic client reset, which by default is a random interval in the range of 2 to 6 hours.

  8. (Optional) Restart the Tanium Client service on each endpoint to apply the updated setting immediately:

  9. Review the setting on the targeted clients to verify that it has been correctly updated: see Review client settings.

Client profiles

For certain client settings (including all VDI-related settings, and the specific settings noted in the Tanium Client settings), you can use the Client Management service to create client profiles that apply those settings to different groups of clients. For more information and the steps to create client profiles, see Managing client settings using profiles.

Command line interface (CLI)

Use the CLI to configure client settings locally on an individual endpoint or from a script.

  • Windows: TaniumClient config set <SettingName> <Value>

  • Non-Windows: sudo ./TaniumClient config set <SettingName> <Value>

For detailed information about using the CLI, see Tanium Client command line interface (CLI).

Deployment with Client Management

You can configure specific client settings for newly installed clients during deployment with Client Management. For more information, see Create a client configuration.

Modify default client settings in the Tanium Console

Many client settings have a default value that applies when the setting is not configured on a client, as listed in the Tanium Client settings. You can modify the default value for a client setting in the advanced settings in the Tanium Console. This default applies to any managed endpoint that does not have the setting explicitly configured locally.

  1. From the Main menu, go to Administration > Configuration > Settings > Advanced Settings and click the Client tab.
  2. Edit or add a setting as necessary:

    • If the setting for which you want to configure a default appears in the list, click the name of the setting, enter a new Value, and click Save.
    • If the setting for which you want to configure a default does not appear in the list, click Add Setting, configure the following properties, and click Save:

      • For Setting Type, select Client.

      • For Platform Setting Name, enter the name of the setting from the Tanium Client settings.
      • For Value Type, select Text for a setting that lists "REG_SZ" as the registry value type or "STRING" as the setting type, or select Numeric for a setting that lists "REG_DWORD" as the registry value type or "NUMERIC" as the setting type.
      • For Value, enter the value to use as the default for the client setting.

Managing client settings using profiles

Use the Client Management service to create client profiles that apply client settings to different groups of clients.

Create profile configurations that specify client settings, and then create a client profile that defines how to apply those profile configurations to different groups of clients.

Create a profile configuration

Create a profile configuration to define a collection of client settings that you can apply to a group of clients by using it in a client profile.

  1. From the Client Management menu, click Profile Management > Profile Configurations, and click Create Configuration.

    To edit an existing profile configuration, click the name of the configuration, and click Edit. When you edit a profile configuration, you must manually redeploy any client profile that uses that configuration. For more information, see Managing client settings.

  2. Enter a Name for the profile configuration.
  3. Configure the following general client settings.

    Setting Name Description
    Logging Level

    The level of logging on an endpoint. The following values are best practices for specific use cases:

    • 0: Use this value to disable logging; use for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 1 (default): Use this value during normal operation.
    • 41: Use this value during troubleshooting.
    • 91 or higher: Use this value for full logging, for short periods of time only.
    Extensions Logging Level

    The level of logging for client extensions (such as the Tanium™ Client Recorder Extension and Tanium™ Index) on an endpoint. The following values are best practices for specific use cases:

    • 0: Use this value to disable logging; use for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 11 (default): Use this value during normal operation.
    • 41: Use this value during troubleshooting.
    • 91 or higher: Use this value for full logging, for short periods of time only.
    Cache Size

    The size limit, in MB, for the file cache on an endpoint. The default is 100. For more information, see Chunk caching.

  4. If you are configuring a profile to apply to virtual desktop infrastructure (VDI) endpoints, select Enable VDI Settings, and configure the following VDI settings. Configuring these settings on individual endpoints overrides the values configured in Platform Settings (Administration > Configuration > Settings > Advanced Settings) and can reduce resource use on VDI endpoints when you set the best practice values for VDI. For more information about tuning settings for VDI endpoints, see Tuning Tanium Client settings for VDI endpoints and other endpoints with limited resources.

    Client Setting Default Value Best Practice Value for VDI Explanation
    RandomSensorDelayInSeconds 0 20 By default, sensors run immediately. This setting delays the execution of any sensor by a random time up to 20 seconds, which reduces concurrent execution of sensors and packages.
    MaxAgeMultiplier 1 2 Each sensor has a Max Sensor Age setting that determines how long the client caches sensor results for subsequent questions that include the same sensor. This setting causes the client to multiply the maximum age configured for each sensor by 2, which doubles the time results are cached for each sensor and reduces sensor executions.
    MinDistributeOverTimeInSeconds 0 60 Each action has a Distribute Over setting that randomizes the distribution of that action over the specified time. By default, no minimum applies, and some actions might be configured for immediate distribution. This setting forces all actions to distribute over at least 1 minute.
    SaveClientStateIntervalInSeconds 300 1800 By default, the client state is written to disk every 5 minutes. This setting increases the time to 30 minutes to reduce disk writes.
  5. Click Save.

Create and deploy a client profile

Create a client profile to define how to apply profile configurations to a group of endpoints.

  1. From the Client Management menu, click Profile Management > Client Profiles, and click Create Profile.

    To edit an existing client profile configuration, click the name of the profile, and click Edit Profile. When you edit a client profile, you must manually redeploy the profile.

  2. Enter a Name for the profile.
  3. Click Select Computer Groups, select the computer groups where you want the profile to apply, and click Save.
  4. In the Configurations section, select a settings configuration to apply to the endpoints in the selected computer groups.
  5. Click Save.
  6. To deploy the client profile to the selected computer groups, click Actions in the row for the profile, and select Deploy.

Prioritize client profiles

The order of the client profile list determines the priority of each client profile. If multiple client profiles target an endpoint, the profile with the highest priority takes precedence. You can reorder the list to adjust the priority of each profile.

  1. From the Client Management menu, click Profile Management > Client Profiles, and click Prioritize.
  2. Drag the profiles in the list to reorder them according to priority, and then click Prioritize.