How to install and use VMware Security Server Client Deployment Tool
search cancel

How to install and use VMware Security Server Client Deployment Tool


Article ID: 341513


Updated On:




This article helps to install and use the VMware Security Server Client Deployment Tool. This tool is used to deploy the VMware Security Server agent to virtual and physical end points so you can manage then through the console. The VMware Security Server agent must be installed and the end point connected to the VMware Security Server console for management.

Note: You must have the VMware Security Server Agent installed to deploy the Imaging Service Agent.


VMware TrustPoint Security Server 7.0.x
VMware TrustPoint 1.0.x


To deploy VMware TrustPoint Security Server Client to the component server host systems:

  1. Log in to the VMware TrustPoint Security Server host system as a local administrator or domain user with administrator privileges.
  2. Navigate to the location where you downloaded the VMware TrustPoint Security Server Client Deployment Tool Installer and execute it.

    Note: You can download the tool from

  3. The installation wizard prompts you for the installation directory. The default directory is C:\Program Files (x86)\Tanium\Tanium Client Deployment Tool.
  4. Select Start > Tanium Client Deployment Tool to open the tool.

    On initialization, the tool prompts you to download the latest endpoint software from
  5. Click OK to download the latest endpoint software.
  6. Configure the settings and take the actions to deploy the client to the SQL Server host computer and the VMware TrustPoint Module Server host computer.




    Local or domain user with administrative privileges on the targeted endpoints. The deployment utility uses this account when it connects to the targeted endpoint and executes the client installer.


    The corresponding password.

    Use su - command

    • Use sudo: Check this option when you target Linux or Mac OS endpoints on which root access with SSH is disabled. This option enables the deployment utility to connect to the target endpoint using the values provided in the UsernameandPassword fields and then elevate to root privileges by using the su command.
    • Root password: The password to elevate privileges on the target end points.

    Tanium pub file

    Type or browse to the VMware TrustPoint Security Server public key file. The default installation location is C:\Program Files\Tanium\Tanium Server\ The Tanium Server public key is included in the client installation.

    Server Name

    The FQDN of the VMware TrustPoint Security Server. For example, ts1.tam.local.


    The default is 17472.

    Log Verbosity Level

    Sets the VMware TrustPoint Security Server Client log level:

    • 0: Disable logging. Recommended for clients installed to sensitive or VDI endpoints.
    • 1: Recommended logging level during normal operation.
    • 41: Recommended logging during troubleshooting.
    • >=91:Enable the most detailed log levels for short periods of time only.

    Execution Method

    Specify which Windows operating system command line utility the Client Deployment Tool uses to analyze target computers and perform the remote installation of the client:

    • PSEXEC: Recommended because it is faster.
    • WMIC: Recommended if analysis using PSEXEC returns endpoints with OS "Unknown" and status "Processing".

    Impersonate User

    Select this option to use the PSEXEC user impersonation option. The credentials specified in the Settings section are used to connect to endpoint using a PSEXEC process that is run under those credentials on the Client Deployment tool host computer. Those credentials are also used to install the client.

    Target Folder Override

    Specify an installation folder if you do not want to use the default. On Windows, the default is C:\Program Files (x86)\Tanium\Tanium Client.

    Active Directory

    In this initial setup, you can use the deployment tool Active Directory settings or Computer List settings to discover endpoints.

    To use Active Directory

    1. Domain: Specify the Active Directory domain to which the targeted endpoints belong. For example, tam.local.
    2. Connect using credentials: Select this option to use the administrator credentials specified in Settings instead of the logged in user credentials.
    3. Include computers in child containers: When this option is unchecked, computer names from endpoints within only the first level are included in the target list, not computers contained in child containers. When checked, all computers within an Organizational Unit or container and all child Organization Units or containers are included in the list.
    4. Click Analyze to query the list and populate the results table. Click Retry Bind if necessary in the event the AD query fails.
    5. Select one or more rows in the results table and click Install.

    Computer List

    To use Computer List settings

    1. Specify a list of computer names, IP addresses, and/or IP address ranges in the text box. One item per line.
    2. Select filters for results: Windows_Only, Linux_Mac_Only, Windows_First (and then Linux and Mac), Linux_Mac_First (and then Windows).
    3. Click Analyze to query the list and populate the results table.
    4. Select one or more rows in the results table and click Install.

    Unmanaged Assets

    Not applicable in this initial setup when VMware TrustPoint Security Server Client has yet to be deployed on any computers in the target network. The Unmanaged Assets depends on VMware Trust Point Security Server Client on at least one endpoint to discover unmanaged peers.


    The Status table has information about the deployment tool operation. Review the information to confirm deployment. Click Clear Completed or Clear All to clear Status table entries.

  7. In Interact, verify the endpoints respond by running this query:

    Get Computer Name and VMware TrustPoint Security Server Name from all machines

  8. Review the answer grid to verify that all of the test endpoints on which VMware TrustPoint Security Server Client software was deployed are now reporting.
  9. You can also go to the System Status page to review recent client registration details. Click the M icon and select Administration > System Status to display the page.