Preparing the Tanium Client on OS images

You can install the Tanium Client on an operating system (OS) image that you use as a template when provisioning an OS for new endpoints or virtual desktop infrastructure (VDI) instances. The following sections describe best practices for preparing the Tanium Client on OS images.

Registration and ComputerID

When you start the OS image for the first time and the Tanium Client registers with Tanium™ Cloud the Tanium Server, Tanium Cloud the server assigns a unique computer ID to the endpoint. Tanium CloudThe Tanium Server uses this computer ID to track and monitor each endpoint even if other identifiers change, such as the computer name, IP address, MAC address, or OS GUID. Tanium Cloud The server detects and resolves duplicate IDs during registration to ensure each computer has a unique identifier, even if computers are cloned from an OS image that has a non-zero value for the computer ID.

To avoid the additional processing that is required to resolve duplicate IDs and the potential data infidelity during that processing, delete the Tanium Client ComputerID setting in the OS image.

Preparing the Tanium Client on a Windows OS image

For additional Windows information, see the following sections:

Refer to Microsoft documentation for complete details on Windows OS imaging.

Prepare the Tanium Client on a reference computer:

  1. Install the Tanium Client. See the endpoint requirements and Deploy the Tanium Client to Windows endpoints using the installer. During the installation, make sure you do the following:

    • Configure the appropriate server settings. See Configuring connections to the Tanium Core Platform.
    • Leave the LogVerbosityLevel setting at the default of 1.

    • Keep the tanium‑init.dat file from the installation package in a separate location for use in a later step.

      Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

      Though these files do this file does not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them it to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  2. Open the Windows Services program, stop the Tanium Client service, and verify that its Startup Type is set to Automatic.

  3. To avoid unnecessary processing to resolve conflicts or duplicates when deploying the image, use the CLI to delete the Tanium Client ComputerID, RegistrationCount, and LastGoodServerName settings:

    TaniumClient config remove ComputerID
    TaniumClient config remove RegistrationCount
    TaniumClient config remove LastGoodServerName

  4. Use the CLI to configure any necessary client settings that you did not configure during the initial installation. See CLI on Windows endpoints and Tanium Client settings reference.

  5. Perform the following deletions in the Tanium Client installation directory.

    • Delete the following directories, including subdirectories and files:

      • Downloads
      • Logs
      • Backup
    • (Tanium Client 7.4 or later) Delete pki.db.

    • (Optional) For an image that you plan to use for a long period of time without updates, delete the Tools directory. This step ensures a fresh installation of endpoint tools when you provision each endpoint, but the endpoint requires more time and bandwidth to initialize the Tanium Client and deploy endpoint tools.

      If you regularly update the image with Tanium Client upgrades and updated endpoint tools from your Tanium Client, this step is unnecessary. Newly provisioned endpoints that already have endpoint tools require less time and bandwidth to initialize.

  6. Copy the tanium‑init.dat file from the Tanium installation package into the Tanium Client installation directory.

    If you do not have access to the tanium-init.dat file from the installation package, you can also download it from Client Management without redownloading a larger installation package. From the Overview page, click Download Installers > Download Cloud Initialization File.

    Obtain the latest tanium‑init.dat file (version 7.4 or later) or tanium.pub file (version 7.2) and add it to the client.

    1. From the Main menu in the Tanium console, go to Administration > Configuration > Tanium Server > Infrastructure Configuration Files.
    2. Click Download in the Clients v7.4+ and Zone Server or Clients v7.2 section, depending on which file you need.
    3. Copy the downloaded file into the Tanium Client installation directory.

    Confirm that the date and time stamp of the file in the Tanium Client installation directory match the date and time stamp of that file on the Tanium Server (top-level installation directory).

    If you are using Client Management, you can also obtain a version of tanium-init.dat that includes ServerNameList from the client configuration that is associated with the image you are preparing. When you use this version, the ServerNameList specified in tanium-init.dat overwrites the ServerName or ServerNameList that are specified in the Windows registry for Tanium Client 7.4 or later. For more information about managing client configurations in Client Management, see Create a client configuration. For more information about downloading a preconfigured version of tanium-init.dat, see Download the installation bundle or tanium-init.dat file for alternative deployment.

    Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

    Though these files do this file does not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them it to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  7. Shut down the computer and save the image.

The Tanium Client service is configured to start automatically when the OS is started. If the reference computer is restarted before the reference image is captured, you might need to repeat these steps.

Preparing the Tanium Client on a macOS image

For additional macOS information, see the following sections:

Refer to Apple documentation for complete details on macOS imaging.

Prepare the Tanium Client on a reference computer:

Prepare the Tanium Client on a reference computer:

  1. Install the Tanium Client. See the endpoint requirements and Deploy the Tanium Client to macOS endpoints using the installer. During the installation, make sure you do the following:

    • Configure the appropriate server settings. See Configuring connections to the Tanium Core Platform.
    • Leave the LogVerbosityLevel setting at the default of 1.

    • Keep the tanium‑init.dat file from the installation package in a separate location for use in a later step.

      Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

      Though these files do this file does not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them it to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  2. Open Terminal and use the launchctl command to stop the Tanium Client daemon (sudo permissions are required):

    sudo launchctl unload /Library/LaunchDaemons/com.tanium.taniumclient.plist

  3. To avoid unnecessary processing to resolve conflicts or duplicates when deploying the image, use the CLI to delete the Tanium Client ComputerID, RegistrationCount, and LastGoodServerName settings:

    sudo ./TaniumClient config remove ComputerID
    sudo ./TaniumClient config remove RegistrationCount
    sudo ./TaniumClient config remove LastGoodServerName

  4. Use the CLI to configure any necessary client settings that you did not configure during the initial installation. See CLI on non-Windows endpoints and Tanium Client settings reference.

  5. Perform the following deletions in the Tanium Client installation directory.

    • Delete the following directories, including subdirectories and files:

      • Downloads
      • Logs
      • Backup
    • (Tanium Client 7.4 or later) Delete pki.db.

    • (Optional) For an image that you plan to use for a long period of time without updates, delete the Tools directory. This step ensures a fresh installation of endpoint tools when you provision each endpoint, but the endpoint requires more time and bandwidth to initialize the Tanium Client and deploy endpoint tools.

      If you regularly update the image with Tanium Client upgrades and updated endpoint tools from your Tanium Client, this step is unnecessary. Newly provisioned endpoints that already have endpoint tools require less time and bandwidth to initialize.

  6. Copy the tanium‑init.dat file from the Tanium installation package into the Tanium Client installation directory.

    If you do not have access to the tanium-init.dat file from the installation package, you can also download it from Client Management without redownloading a larger installation package. From the Overview page, click Download Installers > Download Cloud Initialization File.

    Obtain the latest tanium‑init.dat file (version 7.4 or later) or tanium.pub file (version 7.2) and add it to the client.

    1. From the Main menu in the Tanium console, go to Administration > Configuration > Tanium Server > Infrastructure Configuration Files.
    2. Click Download in the Clients v7.4+ and Zone Server or Clients v7.2 section, depending on which file you need.
    3. Copy the downloaded file into the Tanium Client installation directory.

    Confirm that the date and time stamp of the file in the Tanium Client installation directory match the date and time stamp of that file on the Tanium Server (top-level installation directory).

    If you are using Client Management, you can also obtain a version of tanium-init.dat that includes ServerNameList from the client configuration that is associated with the image you are preparing. When you use this version, the ServerNameList specified in tanium-init.dat overwrites the ServerName or ServerNameList that are specified in the Windows registry for Tanium Client 7.4 or later. For more information about managing client configurations in Client Management, see Create a client configuration. For more information about downloading a preconfigured version of tanium-init.dat, see Download the installation bundle or tanium-init.dat file for alternative deployment.

    Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

    Though these files do this file does not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them it to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  7. Shut down the computer and save the image.

The Tanium Client service is configured to start automatically when the OS is started. If the reference computer is restarted before the reference image is captured, you might need to repeat these steps.

Preparing the Tanium Client on a Linux OS image

For additional Linux information, see the following sections:

Linux service commands vary by Linux distribution. This documentation provides examples but is not a reference for each Linux distribution. If you are not already familiar with installing and managing services on your target Linux distribution, review the documentation for the particular Linux operating system before starting.

Prepare the Tanium Client on a reference computer:

  1. Install the Tanium Client. See the endpoint requirements and Deploy the Tanium Client to Linux endpoints using package files. Be sure to use the Tanium Client installation package file for your particular Linux distribution, as listed under Tanium Client package files for Linux. During the installation, make sure you do the following:

    • Configure the appropriate server settings. See Configuring connections to the Tanium Core Platform.
    • Leave the LogVerbosityLevel setting at the default of 1.

    • Keep the tanium‑init.dat file from the installation package in a separate location for use in a later step.

      Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

      Though these files do this file does not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them it to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  2. Stop the Tanium Client service daemon by entering the service command for your Linux distribution. See Manage the Tanium Client service on Linux.

  3. To avoid unnecessary processing to resolve conflicts or duplicates when deploying the image, use the CLI to delete the Tanium Client ComputerID, RegistrationCount, and LastGoodServerName settings:

    sudo ./TaniumClient config remove ComputerID
    sudo ./TaniumClient config remove RegistrationCount
    sudo ./TaniumClient config remove LastGoodServerName

  4. Confirm that the Tanium Client daemon is in place in the system init directory . For example: /etc/init.d/TaniumClient or /etc/systemd/system/multi-user.target.wants/taniumclient.service. This ensures that the daemon is launched when the system is rebooted.

  5. Use the CLI to configure any necessary client settings that you did not configure during the initial installation. See CLI on non-Windows endpoints and Tanium Client settings reference.

  6. Perform the following deletions in the Tanium Client installation directory.

    • Delete the following directories, including subdirectories and files:

      • Downloads
      • Logs
      • Backup
    • (Tanium Client 7.4 or later) Delete pki.db.

    • (Optional) For an image that you plan to use for a long period of time without updates, delete the Tools directory. This step ensures a fresh installation of endpoint tools when you provision each endpoint, but the endpoint requires more time and bandwidth to initialize the Tanium Client and deploy endpoint tools.

      If you regularly update the image with Tanium Client upgrades and updated endpoint tools from your Tanium Client, this step is unnecessary. Newly provisioned endpoints that already have endpoint tools require less time and bandwidth to initialize.

  7. Copy the tanium‑init.dat file from the Tanium installation package into the Tanium Client installation directory.

    If you do not have access to the tanium-init.dat file from the installation package, you can also download it from Client Management without redownloading a larger installation package. From the Overview page, click Download Installers > Download Cloud Initialization File.

    Obtain the latest tanium‑init.dat file (version 7.4 or later) or tanium.pub file (version 7.2) and add it to the client.

    1. From the Main menu in the Tanium console, go to Administration > Configuration > Tanium Server > Infrastructure Configuration Files.
    2. Click Download in the Clients v7.4+ and Zone Server or Clients v7.2 section, depending on which file you need.
    3. Copy the downloaded file into the Tanium Client installation directory.

    Confirm that the date and time stamp of the file in the Tanium Client installation directory match the date and time stamp of that file on the Tanium Server (top-level installation directory).

    If you are using Client Management, you can also obtain a version of tanium-init.dat that includes ServerNameList from the client configuration that is associated with the image you are preparing. When you use this version, the ServerNameList specified in tanium-init.dat overwrites the ServerName or ServerNameList that are specified in the Windows registry for Tanium Client 7.4 or later. For more information about managing client configurations in Client Management, see Create a client configuration. For more information about downloading a preconfigured version of tanium-init.dat, see Download the installation bundle or tanium-init.dat file for alternative deployment.

    Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

    Though these files do this file does not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them it to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  8. Shut down the computer and save the image.

The Tanium Client service is configured to start automatically when the OS is started. If the reference computer is restarted before the reference image is captured, you might need to repeat these steps.

Preparing the Tanium Client on a Solaris OS image

For additional Solaris information, see the following sections:

Prepare the Tanium Client on a reference computer:

  1. Install the Tanium Client. See the endpoint requirements and Deploy the Tanium Client to Solaris endpoints using a package file. During the installation, make sure you do the following:

    • Configure the appropriate server settings. See Configuring connections to the Tanium Core Platform.
    • Leave the LogVerbosityLevel setting at the default of 1.

    • Keep the tanium‑init.dat file from the installation package in a separate location for use in a later step.

      Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

      Though these files do this file does not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them it to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  2. Stop the Tanium Client service by entering the following command:

    svcadm disable taniumclient

  3. To avoid unnecessary processing to resolve conflicts or duplicates when deploying the image, use the CLI to delete the Tanium Client ComputerID, RegistrationCount, and LastGoodServerName settings:

    sudo ./TaniumClient config remove ComputerID
    sudo ./TaniumClient config remove RegistrationCount
    sudo ./TaniumClient config remove LastGoodServerName

  4. Confirm that the Tanium Client daemon is in place in the system init directory (/etc/init.d/TaniumClient). This ensures that the daemon is launched when the system is rebooted.

  5. Use the CLI to configure any necessary client settings that you did not configure during the initial installation. See CLI on non-Windows endpoints and Tanium Client settings reference.

  6. Perform the following deletions in the Tanium Client installation directory.

    • Delete the following directories, including subdirectories and files:

      • Downloads
      • Logs
      • Backup
    • (Tanium Client 7.4 or later) Delete pki.db.

    • (Optional) For an image that you plan to use for a long period of time without updates, delete the Tools directory. This step ensures a fresh installation of endpoint tools when you provision each endpoint, but the endpoint requires more time and bandwidth to initialize the Tanium Client and deploy endpoint tools.

      If you regularly update the image with Tanium Client upgrades and updated endpoint tools from your Tanium Client, this step is unnecessary. Newly provisioned endpoints that already have endpoint tools require less time and bandwidth to initialize.

  7. Copy the tanium‑init.dat file from the Tanium installation package into the Tanium Client installation directory.

    If you do not have access to the tanium-init.dat file from the installation package, you can also download it from Client Management without redownloading a larger installation package. From the Overview page, click Download Installers > Download Cloud Initialization File.

    Obtain the latest tanium‑init.dat file (version 7.4 or later) or tanium.pub file (version 7.2) and add it to the client.

    1. From the Main menu in the Tanium console, go to Administration > Configuration > Tanium Server > Infrastructure Configuration Files.
    2. Click Download in the Clients v7.4+ and Zone Server or Clients v7.2 section, depending on which file you need.
    3. Copy the downloaded file into the Tanium Client installation directory.

    Confirm that the date and time stamp of the file in the Tanium Client installation directory match the date and time stamp of that file on the Tanium Server (top-level installation directory).

    If you are using Client Management, you can also obtain a version of tanium-init.dat that includes ServerNameList from the client configuration that is associated with the image you are preparing. When you use this version, the ServerNameList specified in tanium-init.dat overwrites the ServerName or ServerNameList that are specified in the Windows registry for Tanium Client 7.4 or later. For more information about managing client configurations in Client Management, see Create a client configuration. For more information about downloading a preconfigured version of tanium-init.dat, see Download the installation bundle or tanium-init.dat file for alternative deployment.

    Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

    Though these files do this file does not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them it to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  8. Shut down the computer and save the image.

The Tanium Client service is configured to start automatically when the OS is started. If the reference computer is restarted before the reference image is captured, you might need to repeat these steps.

Preparing the Tanium Client on an AIX OS image

For additional AIX information, see the following sections:

Prepare the Tanium Client on a reference computer:

  1. Install the Tanium Client. See the endpoint requirements and Deploy the Tanium Client to AIX endpoints using a package file. During the installation, make sure you do the following:

    • Configure the appropriate server settings. See Configuring connections to the Tanium Core Platform.
    • Leave the LogVerbosityLevel setting at the default of 1.

    • Keep the tanium‑init.dat file from the installation package in a separate location for use in a later step.

      Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

      Though these files do this file does not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them it to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  2. Stop the Tanium Client service by entering the following command:

    stopsrc -s taniumclient

  3. To avoid unnecessary processing to resolve conflicts or duplicates when deploying the image, use the CLI to delete the Tanium Client ComputerID, RegistrationCount, and LastGoodServerName settings:

    sudo ./TaniumClient config remove ComputerID
    sudo ./TaniumClient config remove RegistrationCount
    sudo ./TaniumClient config remove LastGoodServerName

  4. Confirm that the Tanium Client daemon is in place in the system init directory (/etc/inittab/TaniumClient). This ensures that the daemon is launched when the system is rebooted.

  5. Use the CLI to configure any necessary client settings that you did not configure during the initial installation. See CLI on non-Windows endpoints and Tanium Client settings reference.

  6. Perform the following deletions in the Tanium Client installation directory.

    • Delete the following directories, including subdirectories and files:

      • Downloads
      • Logs
      • Backup
    • (Tanium Client 7.4 or later) Delete pki.db.

    • (Optional) For an image that you plan to use for a long period of time without updates, delete the Tools directory. This step ensures a fresh installation of endpoint tools when you provision each endpoint, but the endpoint requires more time and bandwidth to initialize the Tanium Client and deploy endpoint tools.

      If you regularly update the image with Tanium Client upgrades and updated endpoint tools from your Tanium Client, this step is unnecessary. Newly provisioned endpoints that already have endpoint tools require less time and bandwidth to initialize.

  7. Copy the tanium‑init.dat file from the Tanium installation package into the Tanium Client installation directory.

    If you do not have access to the tanium-init.dat file from the installation package, you can also download it from Client Management without redownloading a larger installation package. From the Overview page, click Download Installers > Download Cloud Initialization File.

    Obtain the latest tanium‑init.dat file (version 7.4 or later) or tanium.pub file (version 7.2) and add it to the client.

    1. From the Main menu in the Tanium console, go to Administration > Configuration > Tanium Server > Infrastructure Configuration Files.
    2. Click Download in the Clients v7.4+ and Zone Server or Clients v7.2 section, depending on which file you need.
    3. Copy the downloaded file into the Tanium Client installation directory.

    Confirm that the date and time stamp of the file in the Tanium Client installation directory match the date and time stamp of that file on the Tanium Server (top-level installation directory).

    If you are using Client Management, you can also obtain a version of tanium-init.dat that includes ServerNameList from the client configuration that is associated with the image you are preparing. When you use this version, the ServerNameList specified in tanium-init.dat overwrites the ServerName or ServerNameList that are specified in the Windows registry for Tanium Client 7.4 or later. For more information about managing client configurations in Client Management, see Create a client configuration. For more information about downloading a preconfigured version of tanium-init.dat, see Download the installation bundle or tanium-init.dat file for alternative deployment.

    Be careful not to allow the tanium-init.dat or tanium.pub file to be distributed or stored outside of your organization, such as in a publicly accessible source code repository or any other location accessible from the public internet. Limit the distribution to specific use in the deployment of Tanium Clients.

    Though these files do this file does not contain private keys and cannot be used to provide control over a Tanium environment, a user with malicious intent could use them it to connect an unapproved client and use this unauthorized access to learn how your organization is using Tanium.

  8. Shut down the computer and save the image.

The Tanium Client service is configured to start automatically when the OS is started. If the reference computer is restarted before the reference image is captured, you might need to repeat these steps.

Preparing the Tanium Client on a virtual desktop infrastructure (VDI) instance

For licensing and performance considerations that apply in VDI environments, see Assess the environment where you are deploying the Tanium Client.

Create a VDI golden image by preparing a reference endpoint:

  1. Prepare the Tanium Client based on the OS of the intended endpoints:

    It is not necessary to delete the ComputerID setting during this step, since the client will reregister with Tanium Cloud the Tanium Server or Tanium Zone Server during the following additional steps. You delete this setting in a later step.

  2. Check the ComputerID, which should be a non-zero numeric value, to verify that the client has registered with Tanium Cloud the Tanium Server or Tanium Zone Server. In the endpoint CLI, navigate to the Tanium Client installation directory, and run one of the following commands based on the OS:

    • Windows: TaniumClient config get ComputerID
    • Non-Windows: sudo ./TaniumClient config get ComputerID

  3. Review the action history in the Tanium Console to make sure that the client runs any scheduled actions that affect the client configuration. For more information, see Tanium Console User Guide: Manage actions that are completed or in progress.

    To run actions immediately instead of waiting for them to run according to a schedule, use one-time actions to deploy the associated packages to the endpoint that hosts the golden image. For more information, see Tanium Console User Guide: Deploying actions.

  4. From each solution in the Tanium Console, deploy any endpoint tools that are required by the Tanium solutions that you plan to use with VDI instances. The tool deployment method varies for each solution.

    For example, if you are using Threat Response, create a profile that includes all components that you plan to use with VDI instances, and deploy that profile to the endpoint. The deployment includes any tools that the Threat Response profile requires, such as Tanium™ Index if you included an index configuration.

    For more information about how to deploy tools for a solution, go to https://docs.tanium.com/ and review the documentation for that solution.

  5. Allow any processes that endpoint tools initiate to complete on the endpoint. To determine whether these processes have completed, ask a question from the Tanium Console using a sensor that returns tool status for each solution or client extension.

    For example, if you are using a Threat Response profile with an index configuration, ask the question: Get Client Extensions - Status from all machines with Computer Name contains <reference_computer_hostname>. In the results, for the domain threatresponse and the key initial_index_scan_complete, make sure that the value is true.

    If you are using Index tools with a solution (such as Threat Response, Reveal, Integrity Monitor, or Asset), the following considerations apply:

    • The default "distribute over time" value for the initial index scan is 24 hours, which means that the initial scan occurs at a random time within 24 hours after Index is deployed to the endpoint. Under typical circumstances, this delay helps to reduce resource use during initial deployment. To avoid the delay when creating an image, temporarily set the CX.index.FirstScanDistributeOverTimeMinutes setting to 0. In the endpoint CLI, navigate to the Tanium Client installation directory, and run one of the following commands based on the OS:
      • Windows:
        TaniumClient config set CX.index.FirstScanDistributeOverTimeMinutes 0
      • Non-Windows:
        sudo ./TaniumClient config set CX.index.FirstScanDistributeOverTimeMinutes 0

      After the index scan has started but before saving the image, make sure to restore the original setting to reduce resource use when you create new endpoints from the image. Run one of the following commands based on the OS:

      • Windows:
        TaniumClient config set CX.index.FirstScanDistributeOverTimeMinutes 1440
      • Non-Windows:
        sudo ./TaniumClient config set CX.index.FirstScanDistributeOverTimeMinutes 1440
    • Even when you start the initial index scan immediately, it might take significantly longer to complete than other processes. Make sure that the initial index scan completes before continuing.

    For more information about how to determine tool status for a solution, go to https://docs.tanium.com/ and review the documentation for that solution.

  6. Stop the Tanium Client service:

  7. Verify that the service has stopped and that it is configured to start automatically on the next reboot.

  8. To avoid unnecessary processing to resolve conflicts or duplicates when you later deploy the image, use the CLI to delete the Tanium Client ComputerID setting:

    • Windows: TaniumClient config remove ComputerID
    • Non-Windows: sudo ./TaniumClient config remove ComputerID

  9. Add or update the following settings through the CLI. These settings help to avoid the concentration of resource usage that otherwise might occur as a consequence of cloning and shared hardware. The CLI syntax depends on the endpoint OS:

    • Windows: TaniumClient config set <setting>
    • Non-Windows: sudo ./TaniumClient config set <setting>
     Table 1: Best practice client settings for VDI instances
    Client Setting Default Value Best Practice Value for VDI Explanation
    RandomSensorDelayInSeconds 0 20 By default, sensors run immediately. This setting delays the execution of any sensor by a random time up to 20 seconds, which reduces concurrent execution of sensors and packages.
    MaxAgeMultiplier 1 2 Each sensor has a Max Sensor Age setting that determines how long the client caches sensor results for subsequent questions that include the same sensor. This setting causes the client to multiply the maximum age configured for each sensor by 2, which doubles the time results are cached for each sensor and reduces sensor executions.
    MinDistributeOverTimeInSeconds 0 60 Each action has a Distribute Over setting that randomizes the distribution of that action over the specified time. By default, no minimum applies, and some actions might be configured for immediate distribution. This setting forces all actions to distribute over at least 1 minute.
    LogVerbosityLevel 1 0 Disable logging to reduce disk writes. Temporarily re-enable logging on individual endpoints for troubleshooting.
    Logs.extensions.LogVerbosityLevel 11 0 Disable Tanium™ Client Extensions logging to reduce disk writes. Temporarily re-enable logging on individual endpoints for troubleshooting.
    SaveClientStateIntervalInSeconds 300 1800 By default, the client state is written to disk every 5 minutes. This setting increases the time to 30 minutes to reduce disk writes.
  10. Shut down the reference machine or block network access to Tanium Cloud the Tanium Server so that the Tanium Client on the reference machine does not register with Tanium Cloud the server, and then save the image.

The Tanium Client service is configured to start automatically when the OS is started. If the reference machine is restarted before the reference image is captured, you might need to repeat these steps.

For information about identifying and tuning Tanium Client settings for existing VDI endpoints, see Tuning Tanium Client settings for VDI endpoints and other endpoints with limited resources.