Provisioning endpoints

Deploy the Tanium PXE service

You can deploy the Tanium PXE service to one or more endpoints. These endpoints can be running Windows, Windows Server, macOS, or Linux.

  1. From the Provision menu, click PXE Endpoints, and then click Add PXE Endpoints.
  2. Search for the endpoint by IP address or computer name, select the endpoint, and click Add PXE Endpoints.

The required service and related files are deployed automatically using Tanium Endpoint Configuration.

This process can take several minutes. The PXE Server Endpoints page is updated when the process is complete.

After you create and deploy a PXE profile, you can boot endpoints on that network segment from a PXE network. The deployed Tanium PXE service detects the PXE boot request and responds with the required information.

If you have more than one PXE server in the same local network, the first PXE server to respond to the PXE boot request might not be the expected Tanium PXE service. For more information, see Error: PXE boot does not boot to the Tanium PXE service.

Initiate PXE network boot

To initiate the PXE network boot process, select one or more keys during the device power-on sequence, which vary by manufacturer. For example, on a Lenovo device, you must select the Enter key and then F12 to get to a boot menu where you can choose the PXE boot (IPv4) option.

After a PXE response is sent, a Grand Unified Bootloader (GRUB) loader screen displays for a few seconds before the Linux boot environment is downloaded and boots. After it initializes, the deployment wizard prompts you to begin the provisioning process.

(Optional) Wipe the drive

You can optionally wipe the drive during a PXE boot and either shut down or display a summary screen when the wipe is completed.

  1. From the boot menu, click Wipe.
  2. Select the number of passes. You can configure 1-25 passes.
  3. To shut down the system after the wipe is complete, select the Shutdown when complete option.

    To display a summary screen after the wipe is complete, do not select this option.

Create bootable USB media for deployments

To create bootable USB media for Unified Extensible Firmware Interface (UEFI) devices, use the USBKey.ps1 script that you previously extracted from the utility.zip file in Download provided files for Provision.

Make sure that your USB media is at least 1 GB in size, but less than 32 GB.

  1. Open an elevated command prompt.
  2. Choose which option you want to run the USBKey.ps1 script:
    • If you want to get the USB content from the Tanium PXE server at the specified IP address and write that content to the USB key at the specified drive, run the script with two parameters. For example:

      .\USBKey.ps1 -TPXEHost 10.1.2.3 -Destination D:

    • If you want to get the USB content from the Tanium PXE server at the specified IP address and write that content to the ISO at the specified drive, run the script with two parameters and specify the ISO file name. For example:

      .\USBKey.ps1 -TPXEHost 10.1.2.3 -Destination C:\Media.iso

    • If you want to get the USB content from the Tanium PXE server at the specified IP address, but configure the USB key to pull the content from an alternate IP address during the boot process, run the script with three parameters. For example:

      .\USBKey.ps1 -TPXEHost 10.1.2.3 -AnchorHost 10.1.5.1 -Destination D:

  3. The script reformats and labels the USB key with a default label of PROVISION and then downloads the required boot files from the specified PXE server. After the script finishes, eject the USB device and use it to boot a physical device.

To boot the device from USB media, you must select one or more keys during the device power-on sequence, which varies by manufacturer. For example, on a Lenovo device, you must select the Enter key and then F12 to get to a boot menu where you can choose the USB key.

Refresh an existing operating system

To refresh an existing operating system, including user state migration, you can target the corresponding Tanium package that is created when you created the OS bundle.

  1. If needed, Configure an OS bundle.
  2. From the main menu, go to Administration > Content > Packages and filter the list to search for Tanium Provision.
  3. Select the package that corresponds to the OS bundle that you created and click Deploy Action.

    When you create an OS bundle, a corresponding Tanium package is created. The package is named Tanium Provision - <OS bundle name> - <time stamp> [<bundle architecture>]. For example, if you created an OS bundle named Windows 10 for the x64 bundle architecture, the corresponding Tanium package is named Tanium Provision - Windows 10 - yyyy-MM-dd'T'HH:mm:ss'Z' [Windows x64].

  4. In the Targeting Criteria section, choose the targeting criteria: computer groups, manual list, or filter question.
  5. Click Show Preview To Continue, review the list of targeted endpoints, and then click Deploy Action.

You can also use Interact to find an endpoint to deploy the corresponding Tanium package.

Monitor a deployment

You can monitor deployments with the Tanium Provision - Deployment Progress sensor.

Monitor in-progress deployments from the Tanium PXE server

To monitor in-progress deployments and deployments that completed in the last 48 hours, ask the following question in Interact:

Get Tanium Provision - Deployment Progress?maxAge=50 from all machines with Tanium Provision - Deployment Progress:Source equals Tanium PXE

View historical deployment information from deployed clients

To see historical information on clients that were deployed by Provision, ask the following question in Interact:

Get Tanium Provision - Deployment Progress?maxAge=50 from all machines with Tanium Provision - Deployment Progress:Source equals Client

Remove the PXE service from endpoints

  1. From the Provision menu, click PXE Endpoints.
  2. Select one or more endpoints and then click Remove PXE Endpoints.