Lately I’ve been exploring the content that is posted in the Tanium Community Repository and found an interesting content pack called License Key Recovery. For the purposes of this article I will assume you already have a Tanium server setup and have a half dozen or more windows clients reporting into this infrastructure. In my case I’m using a personal lab deployment Tanium Server v6.2.314.3258 that has various Windows, Mac and Linux endpoints located all around the state of Arkansas.
Acquire and Import the Content Pack
You’ll need the content pack XML which is available from your assigned TAM, if you don’t have one reach out to Tanium Support, I bet they’ll get you the help you need. After you have the file browse to Authoring and push the “Import Content…” button on the far right. The import preview window should look something like this:
Update and Distribute Package
This content pack uses an 3rd party utility that is licensed separately from Tanium and can be downloaded/purchased from recover-keys.com, you’ll need the enterprise version which includes the command line executable. After acquiring the software, find the file named RecoverKeysCmd.exe. The Recover Keys product also uses SQLite which must also be downloaded separately from SQLite.org. (Find the section called Precompiled Binaries for Windows and download the sqlite-dll-win32-x86…)
Edit the “Distribute Recover Keys Utility” package under Authoring->Packages and filter by package name. Remove both the exe and dll from the Files list and add the newly acquired files by clicking “Add Local Files…” button.
Deploying the Utility
Included in the content pack is a saved action which automatically attempts to distribute the above package every two hours. However, if you can’t wait that long and want to distribute it immediately, ask the following Tanium question:
Get Has Recover Keys Tool from all machines
Right click on the “No” answer and deploy the “Distribute Recover Keys Utility” for one time distribution… to all endpoints. Any endpoint not currently online will receive the package command via the scheduled action within the content pack.
Retrieving License Keys
Everything is now prepared for the very fast and easy question you really want to know…
Get License Keys from all machines
Utilizing Tanium to take advantage of a 3rd party utility is extremely easy. Break open the content by editing the packages or sensors and you will see exactly how simple it was to distribute and retrieve the results of the Recover Keys Utility.