Recovering License Keys with Tanium

Lately I’ve been exploring the content that is posted in the Tanium Community Repository and found an interesting content pack called License Key Recovery.  For the purposes of this article I will assume you already have a Tanium server setup and have a half dozen or more windows clients reporting into this infrastructure.  In my case I’m using a personal lab deployment Tanium Server v6.2.314.3258 that has various Windows, Mac and Linux endpoints located all around the state of Arkansas.

Acquire and Import the Content Pack

You’ll need the content pack XML which is available from your assigned TAM, if you don’t have one reach out to Tanium Support, I bet they’ll get you the help you need.  After you have the file browse to Authoring and push the “Import Content…” button on the far right.  The import preview window should look something like this:

licensekey1

Update and Distribute Package

This content pack uses an 3rd party utility that is licensed separately from Tanium and can be downloaded/purchased from recover-keys.com, you’ll need the enterprise version which includes the command line executable.  After acquiring the software, find the file named RecoverKeysCmd.exe.   The Recover Keys product also uses SQLite which must also be downloaded separately from SQLite.org.  (Find the section called Precompiled Binaries for Windows and download the sqlite-dll-win32-x86…)

Edit the “Distribute Recover Keys Utility” package under Authoring->Packages and filter by package name.  Remove both the exe and dll from the Files list and add the newly acquired files by clicking “Add Local Files…” button.

licensekey2

Deploying the Utility

Included in the content pack is a saved action which automatically attempts to distribute the above package every two hours.  However, if you can’t wait that long and want to distribute it immediately, ask the following Tanium question:

Get Has Recover Keys Tool from all machines

Right click on the “No” answer and deploy the “Distribute Recover Keys Utility” for one time distribution… to all endpoints.  Any endpoint not currently online will receive the package command via the scheduled action within the content pack.

licensekey3

Retrieving License Keys

Everything is now prepared for the very fast and easy question you really want to know…

Get License Keys from all machines

licensekey4

In Conclusion…

Utilizing Tanium to take advantage of a 3rd party utility is extremely easy.   Break open the content by editing the packages or sensors and you will see exactly how simple it was to distribute and retrieve the results of the Recover Keys Utility.

Advertisements

Installing Tanium v6.1

Installing Tanium is actually really easy and I’m going to make it even easier by walking you through the express installation of the product.

In the following article I’ll provide you with the various screen shots for the express installation of Tanium v6.1.314.2342 and I’ll call out screens that may need additional explainations. Let’s get started!
I assume you’ve already acquired the installation executable from your Technical Account Manager or Sales person…
tanium01
Double click it to launch the installer. If you’re installing onto a Windows 2008r2 server, like I am here, you may need to click yes to the UAC request dialog:
tanium02
tanium03
tanium04
This virtual computer I’m installing our server onto, does not have an MSSQL server installed, so we’ll choose to install the MSSQL Express Edition.
tanium05
tanium06
tanium08
We’ll have to agree to Microsoft’s EULA…
tanium09
I’ve chosen to download and install updates to MSSQL here.
tanium10
I’m also using the default options…
tanium13
Leave the named instance settings as is.
tanium14
As well as the service configuration settings…
tanium15
We only support Windows authentication so choosing between only Windows Auth or both is up to you.
tanium16
tanium19
Now… back to the Tanium installation… choose the Express Install.
tanium20
Provide your windows credentials for the initial user. If your server is linked to a domain, it can be a domain login (does not need to be an admin or anything). If your server is NOT on a domain, simply provide one of the local accounts username/passwords to continue.
tanium22
All done!
tanium23

The express installation of our product creates a self signed certificate for the console, so you’ll need to agree to continue.
tanium24
Log in with the username/password you specified earler…
tanium25
When you have successfully logged in, an initial content load will occur. This means your server is downloading a “starter” pack of content (sensors, packages, dashboards, etc) which will get you started with the product immediately. This process does take several minutes, so please be patient.
tanium26
Once the content load is complete, you’ll get to play around with the product!
tanium27

Currently you do not have any endpoints to work with. I’ll release another article very soon which explains a few ways of getting agent installed onto your computers.

How to use the BigFix Software Distribution Wizard

BigFix is of course now called Tivoli Endpoint Manager a product of IBM.  I’m getting a bit lazy and calling it BigFix for short from now on.

Anyways… This article will provide helpful direction when you want to distribute software within your organization.

I have recently wrote a c# application and want to have it automatically installed across my infrastructure.  When new systems come on-line, I want my application to automatically be installed once it is properly linked into my BigFix infrastructure.  One note to be made when writing your own applications… be sure to properly register your application so you can easily detect that software on your endpoints.  I wrote an article which will show you how to properly register your app when creating your Visual Studio Setup application.

The following screen shots might help you with accomplishing this.

First we’ll need to launch the wizard itself, then specify the application name.

Distribute Windows Software 1

Here we’ll need to specify our MSI installer.  Visual studio creates both a setup.exe and a setup.msi.  the exe is a stand-alone file which creates an environment with which to launch the msi.  IE:  you can distribute the msi all by itself, but if you want to use the exe, you must distribute both the exe and msi files.

BigFix can handle, so if your application has a simple stand-alone exe, then point the wizard to it.  Or the folder or URL of the file in question.  It even has the capability of handling ZIP files.  (if you’d like more info on this, ask me in the comments section below).

Distribute Windows Software 2

Now we’ll need to specify the operating systems that our application will work on.  In my case I want to limit it to newer computers which will have my requirement of .NET to be installed.  Note:  With Windows 8 coming out soon, you may need to modify the relevance of the resulting task in order to install this application onto those endpoints.  As of v8.2 of Tivoli Endpoint Manager, we do not recognize Windows 8.  It appears in the console as “WinUnknown 6.2.8250” for the Consumer Preview Release.

Distribute Windows Software 3

Our next step is to help the wizard “craft” our relevance that will be used for this software distribution task.  Since my application follows proper registration techniques, it is as easy as specifying my executable within the Registered Application box.

Distribute Windows Software 5

Step 5 of our wizard asks us to properly craft the command line that will be used to silently install our application.  Since I’m using an msi installer file that follows Microsoft standards, the defaults are fine.  Otherwise you can change the command line parameters here.  Remember that the end user will NOT see the installer GUI.  So if the installer hangs at a certain step, it will never be noticed and you will have to manually kill the installer before the task will respond with a status.

Distribute Windows Software 6

Complete the wizard by validating the parameters and hitting Finish.

Distribute Windows Software 7

Here we have our newly generated task.  I like to fully customize my tasks, especially when I create something that will become customer facing. 

Thus I’ll work on each tab in order… First we’ll modify the description so the admin launching the task will know what this task is/does and what to expect.

Also remember to modify which site to “save” the task into and which domain it belongs to.  For more on domains, read one of my other articles covering that domains.

I also like to follow naming standards by the BigFix home office, thus on software, I’ll name it as such:  [application name] v[version number] Available

Distribute Windows Software 8

Next I like to include a URL link to the application so if the admin wants additional information or support links it’s as easy as clicking one of the actions.

Distribute Windows Software 9

The Software Distribution Wizard does a great job of creating the basic relevance that will be used.  I, however, like to separate out my relevance for easy reading.  Here I’m separating the OS relevance from my RegApp relevance.  Remember that you can only separate if they are connected by an AND, so be careful!

Distribute Windows Software 10

A final piece of “ribbon” for this task is to specify the various properties.  View my other article on BigFix Task Properties.

Distribute Windows Software 11

And there we have it… If you look under the site you specified and “Fixlets and Tasks” you will see your task.  It is unlikely that any of your endpoints have responded to your new task… therefore you may need to click the “Show Non-Relevant Content” button.

Distribute Windows Software 12

Now that you have the software distribution task created you can Activate it by following this guide.

For your convenience, here is a zip file containing the content covered in this article: http://dl.dropbox.com/u/41985632/Content/ScreenResolutionRuler.zip

If you have any questions or comments, please leave them below.

TEM SUA Upgrade 1.3.0.592 –> 1.3.1.597

Lately I released an article on installing Tivoli Endpoint Manager’s add-on product Software Usage Analysis (SUA) v1.3.0.592.  Well… we have release another upgrade and here’s how you can upgrade your installation:

Launching the installation is pretty easy… unlike the initial installation, there is basically one “step”.  Launch the installer:

SUA_Upgrade_1

SUA_Upgrade_2

Typical license agreement stuff.

SUA_Upgrade_3

SUA_Upgrade_4

SUA_Upgrade_5

Since this is an upgrade, we are good about warning you that no one will be able to access the GUI interface at this point.

SUA_Upgrade_6

We’ll need to confirm the user account that is being used for the services here.

SUA_Upgrade_7

SUA_Upgrade_8

I ran into one little problem where but it was due to service account permissions to the database.  After adjusting them for the duration of this install, the installation continued.

SUA_Upgrade_10

SUA_Upgrade_13

SUA_Upgrade_14

SUA_Upgrade_17

SUA_Upgrade_19

 

The installation went well with just the one permissions based hiccup.  To confirm installation was successful simply log into the GUI and look at the bottom right for version and catalogue numbers.

SUA_Upgrade_20

 

If you have any questions or comments, please leave them below.

To view all of the images from this upgrade visit:  http://www.flickr.com/photos/danielheth/sets/72157629743080378/