Managing client settings

Tanium Client settings are stored in Windows registry settings on Windows endpoints, or in an SQLite database on non-Windows endpoints.

Do not edit Tanium Client keys and values in the Windows registry. Use one of the methods in Modify client settings to configure client settings.

For the list of client settings that you can review or configure, see Tanium Client settings reference.

Review client settings

Use any of the methods in this section to review client settings. A setting that has not been configured on a client uses the default value that is configured in the Tanium Console (see Modify default client settings in the Tanium Console), or if no value is configured in the Tanium Console, the default that is listed in the Tanium Client settings reference applies.

Client Health view

Use the Client Health view in the Client Management service to review a summary of client settings that are configured across endpoints or detailed client settings on individual endpoints.

Summary view

Use the main Client Health view to review a summary of client settings that have been changed from their defaults on some endpoints and the count of endpoints on which each setting has been changed.

  1. From the Main menu, go to Administration > Shared Services > Client Management.
  2. From the Client Management menu, go to Client Health.

  3. Click the Settings tab.

  4. (Optional) Select a Computer Group to filter the summary information.

Detail view

Connect directly to an endpoint to view each client setting that has been configured for that endpoint.

  1. In the Direct Connect search box in the Client Health view, enter all or part of an IP address or a computer name.

    Matching results are displayed after the search completes.

  2. From the search results, click the computer name to connect to the endpoint.
  3. Click the Configuration tab to view client settings for the endpoint.

  4. When you finish reviewing client health information for the endpoint, click Disconnect to disconnect from the endpoint and return to the client health summary.

Tanium Client Explicit Setting Sensor

Ask a question using the Tanium Client Explicit Setting sensor to review client settings on endpoints. For example, the following question returns the LogVerbosityLevel setting for endpoints that have a computer name that includes Lab:

Get Tanium Client Explicit Setting[LogVerbosityLevel] from all machines with Computer Name contains Lab

For more information about working with question results, see Tanium Interact User Guide: Managing question results.

Command line interface (CLI)

Use the CLI to review client settings locally on an individual endpoint or to retrieve client settings in a script.

  • Windows: TaniumClient config get <SettingName>

  • Non-Windows: sudo ./TaniumClient config get <SettingName>

For detailed information about using the CLI, see Tanium Client command line interface (CLI).

Modify client settings

Use any of the methods in this section to modify client settings as necessary.

For the list of client settings that you can configure, see Tanium Client settings reference.

Settings configurations in Client Management

For certain client settings (including all VDI-related settings, and the specific settings noted in the Tanium Client settings), you can use the Client Management service to create settings configurations that apply those settings to different groups of clients. For more information and the steps to create client profiles, see Managing client settings in Client Management.

Packages

Deploy the Modify Tanium Client Setting or Modify Tanium Client Setting [Non-Windows] package to configure a client setting on all targeted endpoints. Because Windows and non-Windows endpoints require separate packages to update settings, repeat the steps for both types of endpoints.

  1. In Interact, ask a question to target the Windows endpoints on which you want to modify a client setting.

  2. Select the endpoints to target and click Deploy Action.

    You can drill-down or merge questions to refine the results before selecting endpoints. For more information, see Tanium Interact User Guide: Managing question results.

  3. For Deployment Package, select one of the following packages:

    • Modify Tanium Client Setting for Windows endpoints

    • Modify Tanium Client Setting [Non-Windows]

  4. Configure the following settings:

    • (Windows only) For RegType, select the Windows registry value type that is listed in the Tanium Client settings reference for the setting that you want to modify.
    • (Non-Windows only) For Type, select the non-Windows setting type that is listed in the Tanium Client settings reference for the setting that you want to modify.
    • For ValueName, enter the name of the setting that you want to modify, as listed in the Tanium Client settings reference.
    • For ValueData, enter the value to configure for the setting on targeted endpoints.

    For the following frequently used settings, you can use specific packages that let you enter only the value to configure.

    • LogVerbosityLevel: Use the Set Windows Tanium Client Logging Level or Set Tanium Client Logging Level [Non-Windows] package.

    • ServerName: Use the Set Tanium Server Name or Set Tanium Server Name [Non-Windows] package.
    • ServerNameList: Use the Set Tanium Server Name List or Set Tanium Server Name List [Non-Windows] package.

    For the frequently used LogVerbosityLevel: setting, you can use the Set Windows Tanium Client Logging Level or Set Tanium Client Logging Level [Non-Windows] package and enter only the value to configure.

  5. (Optional) In the Deployment Schedule section, configure a schedule for the action.

    If some target endpoints might be offline when you initially deploy the action, select Recurring Deployment and set a reissue interval.

  6. In the Targeting Criteria section, make sure that the settings target only endpoints that meet the following criteria:

    • The targeted endpoints require the updated setting.
    • The targeted endpoints run an operating system that matches the selected package (Windows or non-Windows).
  7. Click Show Preview To Continue, review the list of targeted endpoints, and then click Deploy Action.

    Clients do not apply the updated setting until you manually restart them or wait for the automatic client reset, which by default is a random interval in the range of 2 to 6 hours.

  8. (Optional) Restart the Tanium Client service on each endpoint to apply the updated setting immediately:

  9. Review the setting on the targeted clients to verify that it has been correctly updated: see Review client settings.

Command line interface (CLI)

Use the CLI to configure client settings locally on an individual endpoint or from a script.

  • Windows: TaniumClient config set <SettingName> <Value>

  • Non-Windows: sudo ./TaniumClient config set <SettingName> <Value>

For detailed information about using the CLI, see Tanium Client command line interface (CLI).

Deployment with Client Management

You can configure specific client settings for newly installed clients during deployment with Client Management. For more information, see Create a client configuration.

Modify default client settings in the Tanium Console

Many client settings have a default value that applies when the setting is not configured on a client, as listed in the Tanium Client settings. You can modify the default value for a client setting in the advanced settings in the Tanium Console. This default applies to any managed endpoint that does not have the setting explicitly configured locally.

  1. From the Main menu, go to Administration > Configuration > Settings > Advanced Settings and click the Client tab.
  2. Edit or add a setting as necessary:

    • If the setting for which you want to configure a default appears in the list, click the name of the setting, enter a new Value, and click Save.
    • If the setting for which you want to configure a default does not appear in the list, click Add Setting, configure the following properties, and click Save:

      • For Setting Type, select Client.

      • For Platform Setting Name, enter the name of the setting from the Tanium Client settings.
      • For Value Type, select Text for a setting that lists "REG_SZ" as the registry value type or "STRING" as the setting type, or select Numeric for a setting that lists "REG_DWORD" as the registry value type or "NUMERIC" as the setting type.
      • For Value, enter the value to use as the default for the client setting.

Managing client settings in Client Management

Use the Client Management service to manage client settings to different groups of clients.

  1. From the Client Management menu, click Configuration Management > Settings Configurations, and click Create Settings Configuration.

    To edit an existing settings configuration, click the name of the configuration, and click Edit. When you edit a configuration, you must manually redeploy it.

  2. Enter a Name for the profile configuration.
  3. Click Select Computer Groups, select the computer groups where you want the settings configuration to apply, and click Save.
  4. Configure the following general client settings.

    Setting Name Description
    Cache Size

    The size limit, in MB, for the file cache on an endpoint. The default is 100. For more information, see Chunk caching.

    Logging Level

    The level of logging on an endpoint. The following values are best practices for specific use cases:

    • 0: Use this value to disable logging; use for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 1 (default): Use this value during normal operation.
    • 41: Use this value during troubleshooting.
    • 91 or higher: Use this value for full logging, for short periods of time only.
    Extensions Logging Level

    The level of logging for client extensions (such as the Tanium™ Client Recorder Extension and Tanium™ Index) on an endpoint. The following values are best practices for specific use cases:

    • 0: Use this value to disable logging; use for clients installed on sensitive endpoints or virtual desktop infrastructure (VDI) endpoints.
    • 11 (default): Use this value during normal operation.
    • 41: Use this value during troubleshooting.
    • 91 or higher: Use this value for full logging, for short periods of time only.
  5. If you are creating a settings configuration that applies to virtual desktop infrastructure (VDI) endpoints, select Enable VDI Settings, and configure the following VDI settings. Configuring these settings on individual endpoints overrides the values configured in Platform Settings (Administration > Configuration > Settings > Advanced Settings) and can reduce resource use on VDI endpoints when you set the best practice values for VDI. For more information about tuning settings for VDI endpoints, see Tuning Tanium Client settings for VDI endpoints and other endpoints with limited resources.

    Client Setting Default Value Best Practice Value for VDI Explanation
    RandomSensorDelayInSeconds 0 20 By default, sensors run immediately. This setting delays the execution of any sensor by a random time up to 20 seconds, which reduces concurrent execution of sensors and packages.
    MaxAgeMultiplier 1 2 Each sensor has a Max Sensor Age setting that determines how long the client caches sensor results for subsequent questions that include the same sensor. This setting causes the client to multiply the maximum age configured for each sensor by 2, which doubles the time results are cached for each sensor and reduces sensor executions.
    MinDistributeOverTimeInSeconds 0 60 Each action has a Distribute Over setting that randomizes the distribution of that action over the specified time. By default, no minimum applies, and some actions might be configured for immediate distribution. This setting forces all actions to distribute over at least 1 minute.
    SaveClientStateIntervalInSeconds 300 1800 By default, the client state is written to disk every 5 minutes. This setting increases the time to 30 minutes to reduce disk writes.
  6. Click Save.
  7. To deploy the settings configuration to the selected computer groups, click Actions in the row for the configuration, and select Deploy.

Prioritize configurations

The order of the configurations determines the priority of each configuration. If multiple configurations target an endpoint, the configuration with the highest priority takes effect on the endpoint. You can reorder the list to adjust the priority of each configuration.

  1. From the Client Management menu, click Configuration Management > Settings Configurations, and click Prioritize.
  2. Drag the configurations in the list to reorder them according to priority, and then click Prioritize.