Enforce requirements

Review the requirements before you install and use Enforce.

Tanium dependencies

In addition to a license for the Protect module, make sure that your environment meets the following requirements.

Component Requirement
Taniumâ„¢ Client 7.2.314.3211 or later

Endpoints

Enforce policies support the following endpoint operating systems:

Anti-malware policy

System Center Endpoint Protection (SCEP)

  • Windows 7
  • Windows Server 2008 R2, 2012 or 2012 R2

Windows Defender

  • Windows 8 or 10
  • Windows Server 2016

Windows Firewall Management

  • Windows Vista or later
  • Windows Server 2008 or later

Machine Administrative Templates

  • Windows 7 and later
  • Windows Server 2008 R2 and later

Host and network security requirements

Specific processes are needed to run Enforce.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.

Table 1:   Enforce security exclusions
Target Device Process Notes
Windows x86 endpoints <Tanium Client>\Tools\StdUtils\7za.exe  
<Tanium Client>\Tools\Enforce\devcon32.exe  
<Tanium Client>\Python27\TPython.exe (7.2.x clients)
<Tanium Client>\Python38\TPython.exe (7.4.x clients)
<Tanium Client>\Python38\*.dll (7.4.x clients)
<Tanium Client>\TaniumCX.exe  
Windows x64 endpoints <Tanium Client>\Tools\StdUtils\7za.exe  
<Tanium Client>\Tools\Enforce\devcon64.exe  
<Tanium Client>\Python27\TPython.exe (7.2.x clients)
<Tanium Client>\Python38\TPython.exe (7.4.x clients)
<Tanium Client>\Python38\*.dll (7.4.x clients)
<Tanium Client>\TaniumCX.exe  
macOS endpoints <Tanium Client>/python27/python (7.2.x clients)
<Tanium Client>/python27/bin/pybin  
<Tanium Client>/python38/python (7.4.x clients)
<Tanium Client>/python38/bin/pybin  
<Tanium Client>/TaniumCX  
Linux x86 and x64 endpoints <Tanium Client>/python27/python (7.2.x clients)
<Tanium Client>/python27/bin/pybin  
<Tanium Client>/python38/python (7.4.x clients)
<Tanium Client>/python38/bin/pybin  
<Tanium Client>/TaniumCX  

User role requirements

Table 2:   Enforce Global user role permissions
Permission Enforce Operator2 Enforce Service Account2 Enforce Policy Administrator (Global)2 Enforce Policy User (Global)2 Enforce Policy Viewer (Global)2

Enforce Operator

Read, edit, and delete most Enforce objects (except edit access to Enforce settings)






Enforce Administrator

Unrestricted access to Enforce






Enforce Settings Read

Globally all Enforce settings






Enforce Settings Write

Globally edit all Enforce settings






Enforce Operator Settings Read

Globally read most Enforce settings






Enforce Operator Settings Write

Globally edit most Enforce settings






Show Enforce1

View the Enforce workbench






Enforce Policy Read

Read Enforce policies






Enforce Policy Write

Edit Enforce policies






Enforce Policy Prioritize

Edit Enforce policy priorities






Enforce Create Enforcement

Enforce policies






Enforce Edit Any Enforcement

Edit available policy enforcements. Users always have access to enforcements that they created.






Enforce Managed Definitions Read

Read managed definitions






Enforce Managed Definitions Write

Edit managed definitions






Enforce Disk Encryption Recovery Keys - Read

Read recovery keys for disk encryption






Enforce Disk Encryption Recovery Keys - Delete

Delete recovery keys for disk encryption






Enforce Policy Template Read

Read policy templates in given content sets






Enforce Policy Template Write

Edit policy templates in given content sets






Enforce Policy Template Delete

Delete policy templates in given content sets






Enforce Policy Type Read

Read policy types in given content sets






Enforce Policy Type Write

Edit policy types in given content sets






Enforce Policy Type Delete

Delete policy types in given content sets






Enforce Reports Read

Read reports in given content sets






Enforce Reports Write

Edit reports in given content sets






Enforce Reports Delete

Delete reports in given content sets






2 This role provides module permissions for Tanium Trends. You can view which Trends permissions are granted to this role in the Tanium Console. For more information, see Tanium Trends User Guide: User role requirements.

 

Table 3:   Global Template (Permissions restricted by operating system content sets: Windows, macOS, or Linux) user role permissions
Permission Enforce Policy Administrator (Template)2 Enforce Policy User (Template)2 Enforce Policy Viewer (Template)2 Enforce Recovery Key Administrator (Template) Enforce Recovery Key User (Template) Enforce Recovery Key Viewer (Template)

Enforce Operator

Read, edit, and delete most Enforce objects (except edit access to Enforce settings)







Enforce Administrator

Unrestricted access to Enforce







Enforce Settings Read

Globally read all Enforce settings







Enforce Settings Write

Globally edit all Enforce settings







Enforce Operator Settings Read

Globally read most Enforce settings







Enforce Operator Settings Write

Globally edit most Enforce settings







Show Enforce1

View the Enforce workbench







Enforce Policy Read

Read the Enforce policy in given content sets







Enforce Policy Write

Edit the Enforce policy in given content sets







Enforce Create Enforcement

Enforce policies in given content sets







Enforce Edit Any Enforcement

Edit available policy enforcements. Users always have access to enforcements that they created







Enforce Managed Definitions Read

Read managed definitions in given content sets







Enforce Managed Definitions Write

Edit managed definitions in given content sets






Enforce Disk Encryption Recovery Keys - Read

Read recovery keys for disk encryption in given content sets







Enforce Disk Encryption Recovery Keys - Delete

Delete recovery keys for disk encryption in given content sets







Enforce Policy Template Read

Read policy templates in given content sets







Enforce Policy Template Write

Edit policy templates in given content sets







Enforce Policy Template Delete

Delete policy templates in given content sets







Enforce Policy Type Read

Read policy types in given content sets







Enforce Policy Type Write

Edit policy types in given content sets







Enforce Policy Type Delete

Delete policy types in given content sets







Enforce Reports Read

Read reports in given content sets







Enforce Reports Write

Edit reports in given content sets







Enforce Reports Delete

Delete reports in given content sets







2 This role provides module permissions for Tanium Trends. You can view which Trends permissions are granted to this role in the Tanium Console. For more information, see Tanium Trends User Guide: User role requirements.

Table 4:   Module Objects with Access Control by Content Sets
Access Control Type Policy Definition Policy Type Policy Templates Policy Item Managed Definition Files Reports Disk Encryption Recovery Keys
Global






Content Set






Table 5:   Provided Enforce Advanced user role permissions
Permission Enforce Operator Enforce Service Account Enforce Policy Administrator Enforce Policy User Enforce Policy Viewer
Read Sensor
Read Plugin

Execute Plugin

For more information and descriptions of content sets and permissions, see the Tanium Core Platform User Guide: Users and user groups.