Installing Patch

Install Patch by importing the module, setting the service credentials, and organizing your computer groups.

Install Patch solution

Import Patch from the solutions page.

Installing Patch 2.0 or later disables the Tanium Windows Security Patch content. You do not need both solutions.

  1. From the Main Menu, click Tanium Solutions.
  2. Under Patch, click Import.

    A progress bar is displayed as the installation package is downloaded.

  3. Click OK.

    The Import Solution window opens with a list of all the changes and import options.

  4. Click Proceed with Import and enter your password.
    The Patch installation and configuration process begins.
  5. Click Close.
  6. To confirm the installation, return to the Tanium Solutions page and check the Installed: X.X.X.XX version for Patch.

    If you do not see the Patch module in the console, refresh your browser.

Set the service account

For recurring maintenance activities, specify a Tanium user with administrator or content administrator permissions. Specifying these credentials is a one-time configuration. No other credentials need to be added.

  1. From the Patch home page, in the Configure Patch section, click the Configure Service Account step and click Configure Service Account.

    If the Configure Patch section is not visible in the Patch home page, click Manage Home Page, select Configure Patch, and click Save.

  2. Enter the Tanium credentials and click Set Credentials.

Organize computer groups

One way to apply patches and view deployment results is by computer group. Create relevant computer groups to organize your endpoints. Some options include:

  • Endpoint type, such as servers or employee workstations
  • Endpoint location, such as by country or time zone
  • Endpoint priority, such as business-critical machines
  • Endpoint configuration needs, such as VDI machines

For more information, see Tanium Core Platform User Guide: Managing computer groups.

Add computer groups to Patch action group

Importing the Patch module automatically creates an action group to target specific endpoints. Select the computer groups to include in the Patch action group. By default, Patch targets No Computers.

  1. From the Patch home page, in the Configure Patch section, click the Select Computer Groups step and click Configure Action Group.

    If the Configure Patch section is not visible in the Patch home page, click Manage Home Page, select Configure Patch, and click Save.

  2. Select the computer groups that you want to include in the action group. If you select multiple computer groups, choose an operand (AND or OR) to combine the groups.
  3. (Optional) In the All machines currently included in this action group section, review the included endpoints.

    These results might take a few moments to populate.

  4. Click Save.

Initialize Patch

Patch installs a set of tools on each endpoint that you have targeted.

  1. From the Patch home page, in the Configure Patch section, click the Initialize Endpoints step and click Initialize Endpoints to start the Patch service and begin distributing these tools to your endpoints.

    If the Configure Patch section is not visible in the Patch home page, click Manage Home Page, select Configure Patch, and click Save.

  2. Enter the Tanium credentials and click Confirm.

Install the Tanium End-User Notifications solution

By installing the Tanium End-User Notifications solution, you can create a notification message with your deployment to notify the user that the system is going to restart, and gives the user the option to postpone the restart.

  1. From the main menu, click Tanium Solutions.
  2. In the Tanium Content section, select the Tanium End-User Notifications row and click Import Solution.
  3. Review the list of packages and sensors and click Proceed with Import.
  4. To distribute the end user notification tools to endpoints, you can set up a scheduled action that distributes the Distribute End User Notification Tools package with a starting question such as: Get Online from all machines with ( Is Windows = "true" and Has End User Notification Tools containing "No" ) For more information, see Tanium Core Platform User Guide: Managing scheduled actions.
  5. To check if your endpoints have the end user notification tools, ask the question: Get Has End User Notification Tools from all machines with Is Windows = "true"

Upgrade the Patch version

Upgrade Patch to the latest version from the Solutions page.

Patch 1.x must be uninstalled before installing Patch 2.x. Uninstalling Patch 1.x includes removing the Patch folder on the Tanium Module Server. Contact your TAM for assistance.

  1. From the main menu, click Tanium Solutions.
  2. Locate Patch and click Upgrade to X.X.X.XX.
  3. Click OK.

    The Import Solution window opens with a list of all the changes and import options.

  4. Click Proceed with Import and enter your password.
    The Tanium Patch installation and configuration process begins.
  5. To confirm the upgrade, return to the Tanium Solutions page and check the Installed: X.X.X.XX version for Patch.

    If the Patch version is not updated, refresh your browser window.

Last updated: 5/24/2018 9:03 AM | Feedback