1E Client settings

Installer and configuration settings for 1E Client which affect all client features and modules.

Installer properties:

DataRoot | INSTALLDIR | LogPath | TemporaryDirectory

Configuration file settings:

DataRoot | LogPath | TemporaryDirectory

Please refer to the following pages when deploying 1E Client.

1E Client installers include a template configuration file that contains the more important settings with default values that match hard-coded default values. The configuration file is updated during installation and named 1E.Client.conf in the installation folder along with the 1E Client executable.

After installation, configuration file settings can be managed using 1E Client command-line parameters, Endpoint Troubleshooting configuration instructions, Endpoint Automation policies, Configuration Manager baselines or other means. Registry settings can also be managed by Windows Group Policy.

1E Client settings

You must use UPPERCASE when specifying the name of any installer property in a mst transform file, and preferably when including them in a msiexec command-line.

Names of settings stored in the configuration file are not case-sensitive. Setting names stored in the registry may be case-sensitive and should be specified as shown.

Settings that have numeric values must be set using decimal integers, unless otherwise specified.

Setting

Default

Description

DataRoot

%ALLUSERSPROFILE%\1E\Client

Sets the root directory under which the Client will create the DBs and Persist subfolders and hence the locations of the databases and persistent storage within the local file system. If the specified directory doesn't exist it will be created. Local System (SYSTEM) requires at least modify rights on the directory. If the specified directory is invalid, or cannot be used, the 1E Client will log an error and refuse to start. For example if the directory name is a file, non-existent volume, or SYSTEMdoes not have permission.

If not specified, the default is the %ALLUSERSPROFILE%\1E\Client directory. This is also the default location of client log files, which are not affected by this setting. The location and name of the 1E Client log file is determined by the LogPath setting. Please refer to Log files for details of other client log files.

By default, Windows resolves %ALLUSERSPROFILE% as C:\ProgramData\

This setting is for Windows only. It is ignored on non-Windows platforms, without warnings or errors logged.

Do not use this setting unless required, for example if security software unavoidably conflicts with 1E Client.

INSTALLDIR

%ProgramFiles%\1E\Client

Sets the installation folder.

This value is not stored in the 1E Client configuration file.

This value is stored as InstallationDirectory in the Windows registry under HKLM\SOFTWARE\1E\Client\ and must not be changed.

Some client modules that run on Windows store their registry settings under their own keys in HKLM\SOFTWARE\1E.

This installer property is for Windows only.

LogPath

1E Client logs on Windows

%ALLUSERSPROFILE%\1E\Client\1E.Client.log

1E Client logs on macOS

/Library/Logs/1E.Client.Daemon.log (shows any service start errors)

/Library/Logs/1E.Client.log (shows the current operation of the 1E Client)

1E Client logs on other non-Windows platforms

/var/log/1E/Client/1E.Client.log

The LogPath setting is stored in the 1E.Client.Conf file and determines the full path and filename of the 1E Client log file.

The 1E Client log is shared by:

  • 1E Client

  • 1E client features

  • Shopping client module (only available on Windows OS)

To change the logging level, please refer to LoggingLevel in the 1E.Client.CONF file.

The following are not configurable in this version:

  • Maximum size of 5MB

  • 5 rollover files numbered 1 (newest) to 5 (oldest) with the rollover number included as n.log

By default, Windows resolves %ALLUSERSPROFILE% as C:\ProgramData\

The LogPath setting is not used by Nomad, PXE Everywhere, and WakeUp client modules. For a fresh install they use their defaults, and for upgrades they re-use what is in their registry. In each case these can be over-ridden by installer properties described in Content Distribution client settings, PXE Everywhere Agent settings, and Wakeup client settings. Shopping also has its own configuration file. Please refer to Log files for more details.

TemporaryDirectory

(none)

The TemporaryDirectory setting is stored in the 1E.Client.Conf file specifying the directory path below which the 1E Client and its subprocesses will create temporary files and subdirectories.

The following table shows the OS-specific defaults used if the setting is omitted, blank, or invalid. The default is recommended.

Platform

Environment Variable(s)

Default

Windows

TMP

TEMP

%windir%\Temp which is the default %TEMP% location for SYSTEM.

Linux

TMPDIR

/tmp

Using this setting to specify a non-default value is only necessary if the OS default location is not suitable. For example, some security software forbids scripts being run from certain locations. Or you want to simplify configuration of Windows anti-virus and malware software to the same location as 1E logfiles.

The specified directory:

  • Must be an absolute path appropriate for the OS

  • Must already exist - it will not be created

  • Must be writable by the 1E Client (SYSTEM on Windows, root on Linux)

If any of these criteria is not satisfied then the 1E Client and subprocess falls back to using the default temporary directory.

If the value is validated successfully then environment variables are set so that subprocesses inherit the same temporary directory.

The path can only contain ASCII characters but that is not validated. Unicode characters are not supported.

The 1E Client itself creates a subdirectory under the specified path called  1e.client  which it uses for its own temporary files and directories.

Subprocesses invoked by the 1E Client, such as commands, PowerShell scripts, etc. create their temporary files directly under the specified path.

WindowsShellExecutable

 

This setting allows you to set a custom shell executable for the lookup during the masquerading process, used to launch the 1E Client UI on a logged-on user's session.

The possible values are:

  • Auto ( Default) - Looks up the shell executable by reading the registry value at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell. By default, the value stored at this registry path is explorer.exe

    This value only takes into account the custom shell executables set at the machine level and not the individual users.

  • Name of the custom shell executable. Make sure to only use the name of the executable and not the complete executable path (for example cmd.exe not C:\Windows\System32\cmd.exe)

This installer property is for Windows only.

ClientCertificateProvisioning.Enabled

CLIENTCERTIFICATEPROVISIONING.ENABLED

Default: true

Enables automatic client certificate provisioning on the device.

ClientCertificateProvisioning.Url

 

The URL where new certificate provisioning requests are submitted can be overridden using this setting.

ClientCertificateProvisioning.LastRequestToleranceHours

Default: 24

Minimum: 1

Maximum: 720 (24 * 30)

When the 1E Client submits a certificate signing request to auto-provision a client certificate, it will then not re-submit another certificate signing request for this many hours.

ClientCertificateProvisioning.FutureValidityHorizonDays

Default: 7

Minimum: 1

Maximum: 90

When the 1E Client checks for a usable client certificate for connection to the 1E Platform, it will ensure that any existing certificates are valid for at least this many days in the future.

ClientCertificateProvisioning.AutoRenewalCheckHours

Default: 8

Minimum: Instructs the 1E Client not to perform auto-renewal.

Maximum: 168 (24 * 7)

The 1E Client will periodically check, when running, if it needs to renew its client certificate. This setting determines the frequency of that check.

This check is also performed on 1E Client startup.