Shopping client settings

Installer properties and configuration settings for the Shopping client module of the 1E Client supported only on Windows computers. This module supports users connecting to the Shopping Portal.

Note

Installer properties and Configuration file settings:

Module.Shopping.Enabled | Module.Shopping.FirefoxSupportEnabled | Module.Shopping.InitializationFailureSleepSecs | Module.Shopping.LocalhostUrl | Module.Shopping.LoopbackExemptionEnabled | Module.Shopping.OrderTrackingEnabled | Module.Shopping.ShoppingCentralUrl | Module.Shopping.SsoEnabled

Configuration file settings are the same as the installer properties. There are no registry settings. Configuration file settings can be managed using 1E Client command-line parameters, Endpoint Troubleshooting configuration instructions, Endpoint Automation policies, Configuration Manager baselines or other means.

Note

When the 1E Client starts, if the Shopping module is enabled the 1E Client will automatically remove any previous installation of the 1E Shopping Agent.

The Shopping client module is not supported on:

  • Non-Windows devices

  • Legacy OS (that is OS which Microsoft no longer support, including XP, Vista, Server 2008 etc.). Refer to Supported platforms.

Shopping client settings

The table below lists the settings required to enable the Shopping client required for integration with Shopping v5.5 or later. The Shopping client module must be enabled on all Windows computers that will connect to the Shopping self-service portal.

Note

You must use UPPERCASE when specifying the name of any installer property in a mst transform file, and preferably when including them in a msiexec command-line.

Names of settings stored in the configuration file are not case-sensitive. Setting names stored in the registry may be case-sensitive and should be specified as shown.

Settings that have numeric values must be set using decimal integers, unless otherwise specified.

Shopping module setting

Installation default

Description

Module.Shopping.Enabled

false

Set the value to true to enable the Shopping module. The default value is false.

Shopping must be enabled so that users of a computer can use the 1E Shopping self-service portal, the Windows Servicing Assistant, and the 1E Virtual Assistant.

Note

If enabled, when the 1E Client starts it will attempt to automatically remove any previous installations of the 1E Shopping Agent.

Module.Shopping.FirefoxSupportEnabled

Note

This setting is not in the template configuration file.

(blank)

Optional. If this setting is not specified the value defaults to false. Set this value to true to enable support for the Firefox browser on HTTPS. If enabled, 1E Client Shopping module will create a CA certificate and a certificate with subject 'localhost' signed by the CA certificate and add those certificates to the Trusted Root Certification Authorities.

The Shopping client requests this value from the Shopping Central website (admin console setting: Firefox support enabled). If the client fails to connect to the website, it defaults to using this local setting and retries later.

Module.Shopping.InitializationFailureSleepSecs

Note

This setting is not in the template configuration file.

30

This setting controls the time the client waits before attempting to connect to the website specified in Module.Shopping.ShoppingCentralUrl. If the client module fails to connect during startup, it does not initialize, and will retry at gradually increasing intervals until it is able to connect.

Range is 10 to 900, default is 30.

The log file may show this setting as InitializationRetryIntervalSecs.

Module.Shopping.LocalhostUrl

Note

This setting is not in the template configuration file.

(blank)

Optional. The localhost URL used by the Shopping client module to listen for localhost API calls. For example: https://localhost:8000/ShoppingClientAgent/MachineInfo

The Shopping client sets the value of LocalhostUrl by calling a server API which returns the value of 1E Client loopback URL setting in the Shopping Admin Console. However, if the device is in a workgroup, or Module.Shopping.SsoEnabled is set to true, or some other reason the API cannot be called, then Module.Shopping.LocalhostUrl must be set locally. If set locally, the local setting will override the server setting, and you must ensure it matches the value configured in the Shopping Admin Console.

LocalhostUrl must be set to https if ShoppingCentralUrl is set to https, otherwise it can be http or https.

ShoppingCentralUrl

LocalhostUrl

http

http or https

https

https

When LocalhostUrl uses https the 1E Client Shopping client creates the following certificates on startup, and deletes them when shutting down:

  • a self-signed certificate issued to 1ECA added to the machine's Trusted Root Certification Authorities (ROOT) store

  • a certificate issued by 1ECA issues to localhost added to the machine's Personal (MY) store.

If using https and Firefox browsers are used, then Module.Shopping.FirefoxSupportEnabled must be set to true.

Shopping client only allows inbound connections to localhost (127.0.0.1) which prevents remote access.

See Information provided by the Shopping client below for details of localhost API calls.

Module.Shopping.LoopbackExemptionEnabled

false

Optional. Default value is false. Set this value to true if users are likely to use Microsoft Edge or other Metro browsers to access the Shopping website.

The Shopping client requests this value from the Shopping Central website (admin console setting: Loopback exemption enabled). If the client fails to connect to the website, it defaults to using this local setting and retries later.

When users connect to the Shopping Portal, the website needs to get the latest details about the local computer. Shopping may already have details from the Configuration Manager database, but these need to be confirmed and updated. Browser standards only allow websites to get limited information about the user and computer, therefore the website needs to make loopback calls to the local computer via the Shopping client. The following browsers permit loopback calls by default:

  • All versions of Chrome

  • All versions of Firefox

  • Non-Metro UI based Internet Explorer browsers (including legacy Internet Explorer)

If your Shopping users are using Edge and Metro Internet Explorer browsers, you must enable a Loopback Exemption to allow these browsers to make loopback calls. Exemption affects the browser as a whole and is not just restricted to the Shopping website. Before enabling this option, check your corporate security policy and be aware of the implications of allowing access between browsers and the local machine. By enabling loopback, you are only setting the Edge/Metro Internet Explorer browsers to the same level of security as other browsers which allow this setting already.

If you are running an unattended install, you can use MODULE.SHOPPING.LOOPBACKEXEMPTIONENABLED for all OS but it only works on Windows 8, 8.1, 10 and Windows Server 2012 R2 and later.

Shopping client only allows inbound connections to localhost (127.0.0.1) which prevents remote access.

Module.Shopping.OrderTrackingEnabled

Note

This setting is not in the template configuration file.

.

(blank)

Add this setting to the configuration file and set to false only if you want to override the Order Tracking feature enabled in the Shopping Admin Console, as described in Shopping Admin Console settings: Order Tracking Enabled.

The Console setting, when set to true, globally enables the Order Tracking feature on all clients. You should only use this client setting to override the Console, to disable the feature on a subset of clients.

Tip

This client setting only affects the notification icon (and its popups), it does not affect Order Tracking emails, because they are controlled by the Shopping server.

You can control which notifications and emails that users receive using the web administration settings described in Managing Order Tracking.

Module.Shopping.ShoppingCentralUrl

(blank)

The URL that the Shopping client module uses to connect to the Shopping Central website.

Example: https://shopping.acme.local/Shopping

This is the URL of the Shopping Central website, comprising:

  • scheme - either http or https

  • host header - DNS Name FQDN - this is the host header configured for the Shopping website, which is normally a DNS Name FQDN

  • port number - you do not have to provide this if using default port 80 or 443

  • path - this is always /Shopping.

Note

This setting is mandatory when Module.Shopping.Enabled=true.

Note

The Shopping client uses ShoppingCentralUrl to make the following API calls to obtain configuration settings from the Shopping Central website.

 

Module.Shopping.SsoEnabled

Note

This setting is not in the template configuration file.

false

Optional. Default value is false. Set this value to true if environment uses Single Sign On authentication to access Shopping website.

When set to true, the Shopping client does not try to connect to the Shopping website and just uses the setting Module.Shopping.LocalhostUrl to listen for localhost API calls.

When set to true, the Module.Shopping.LocalhostUrl must be specified and matches the value configured in the Shopping Admin Console under 1E Client loopback URL settings.

The above client request process allows 1E products like Virtual Assistant to use the loopback feature without installing a Shopping website. For example, setting Module.Shopping.SsoEnabled=true allows the client to use the local value of LocalhostUrl.

Information provided by the Shopping client

The following localhost API calls can be entered directly in a browser on a device that has the Shopping client module of the 1E Client enabled and correctly configured. If the Shopping Central website binding is https then the localhost URL can accept either http or https, otherwise it can only accept http.

When using an Edge or Metro versions of Internet Explorer browser, you must set Module.Shopping.LoopbackExemptionEnabled=true.

MachineId

The following table shows example details sent by the Shopping client to the Shopping Central server. The client makes a localhost API call MachineId API to get the details, and then uses a server API call to post them to the Shopping Central website, which creates or updates the machine details in the Shopping database and returns the MachineId GUID from the database. Details are shown in the 1E.Client.log.

This call is made when a user browses to the Shopping Web Portal, and the website uses the loopback feature to query the local computer.

You can test this by entering https://localhost:8000/ShoppingClientAgent/MachineInfo/MachineId directly in a browser.

Attribute

Description

Example

HostName

Computername

ACME-WIN1001

HostDomainName

Computer's NetBIOS Domain Name

ACME

AssignedSite

Configuration Manager client Site code

CM1

MacAddress

Computer's MAC Address

20-68-9D-5B-EB-73

OSVersion

OS Version

10.0.15063

OSArchitecture

OS Architecture

64-bit

OSRole

The role of the OS. Values are:

  • 1 – Workstation

  • 2 – Domain controller

  • 3 – Server

  • 175 - AVD (with latest hotfix)

1

SccmVersion

Configuration Manager client version

5.00.9012.1020

UniqueId

Configuration Manager client GUID

GUID:04804aed-922c-4a4b-9f41-eab6592e7d83

IntuneDeviceId

Intune Device Id

02c967b2-de4d-5ac1-859c-a15cb11b7638

TenantId

Tenant Id

6babcaad-604b-40ac-a9d7-9fd97c0b779f

TenantName

Tenant Name

ACME

Fqdn

Fully Qualified Domain Name

ACME-WIN1001.ACME.LOCAL

Fqdn

The following example is JSON returned by the Shopping client when the Fqdn API call is made by Windows Servicing Assistant and 1E Virtual Assistant. Details are shown in the 1E.Client.log.

You can test this by entering https://localhost:8000/ShoppingClientAgent/MachineInfo/Fqdn into a browser.

{"Fqdn":"1EUKCOL1184.ACME.local"}

Checking loopback exemption on Microsoft Edge and Metro Internet Explorer browsers

The following is valid only for Windows 8.1 and Windows 10.

Open a command-prompt as administrator on the computer you want to check, then run the following command to verify that loopback exemption was enabled during installation of the 1E Client.

CheckNetIsolation LoopbackExempt -s

Output should be:

If either of these items are missing, you can manually add them by executing the following commands. Quotes may be required around the name of the app.

For IE: 

CheckNetIsolation LoopbackExempt -a -n=windows_ie_ac_001

For Edge:

CheckNetIsolation LoopbackExempt -a -n=Microsoft.MicrosoftEdge_8wekyb3d8bbwe

Removing

The exemption from loopback restrictions can also be removed for all apps installed by using the following command:

CheckNetIsolation LoopbackExempt –c

More information

For more information from Microsoft about CheckNetIsolation please refer to: https://docs.microsoft.com/en-us/previous-versions/windows/apps/hh780593(v=win.10).