Managing configurations

Each Tanium solution defines configurations. When you create or change a configuration, such as a Threat Response profile or a Patch scan configuration, the configuration appears in Endpoint Configuration and is deployed to the targeted endpoints.

Each Tanium solution defines configurations. If you enable configuration approval, a banner appears in the solution to alert that configuration changes are pending approval in Endpoint Configuration when a user creates or changes a configuration. For example, if a Threat Response profile changes, a banner appears to alert that a configuration change has been made and requires approval in Endpoint Configuration before you can deployed it to endpoints.

When you create or change a configuration, the configuration appears in Endpoint Configuration in the Proposed state. After a configuration approver approves the pending configuration, the configuration is deployed to the targeted endpoints.

For example, if a Tanium Patch Administrator makes or updates scan configurations in Patch, the new and changed scan configurations appear in Endpoint Configuration as Proposed. The data in these configurations is not deployed to the targeted endpoints until they have been approved.

For solutions to Solutions cannot perform configuration changes or tool deployment through Endpoint Configuration on endpoints with action locks turned on, you must enable the Manifest Package Ignore Action Lock and Deploy Client Configuration and Support Package Ignore Action Lock settings. To access these settings, from the Endpoint Configuration Overview page, click Settings and select Global. on. As a best practice, do not turn on action locks. For more information about action locks, see Tanium Console User Guide: Managing action locks.

View configurations

To view configurations, click Configurations from the Endpoint Configuration menu.

The Configurations page lists the configurations for all installed solutions. The Pending Changes column displays Pending Changes  for a configuration if there are changes that have not yet been approved. For more information about approvals, see Managing approvals.

Remove configurations for uninstalled solutions

Some configurations remain installed even after the associated solution is no longer installed. If the solution that is associated with a configuration is no longer installed, the Installed Module column displays No for that configuration.

Manually uninstall a configuration that you no longer need when the associated solution is currently not installed.

  1. From the Endpoint Configuration menu, click Configurations.

  2. Select a configuration and click Delete.