Common client requirements

Multi-tenant SaaS platform Green checkmark | Single-tenant SaaS platform | On-premises platform Red x

Prerequisites and dependencies that are common to all client features and modules of the 1E Client.

1E Client contains client features and modules for 1E, Shopping, WakeUp, Content Distribution and PXE Everywhere clients. You can optionally enable and configure clients during and after installation.

Installation account for Windows

The 1E Client installer installs a service as local system, therefore the installation account for Windows clients must be capable of being elevated in order to run the installer. The simplest way of achieving this is for the account to have full local administrator rights (as a member of the localgroup administrators, either directly or indirectly).

Installation account for non-Windows

To install the 1E Client on a non-Windows client the installation account must have privileges to run the sudo command.
1E Client supports only 1E Platform client features on non-Windows devices.

Supported platforms

For a list of supported platforms, and the software required to allow them to be installed or to work, refer to Supported platforms.

Feature dependencies

Products and Features with dependencies on the 1E Client.

Products and features that depend on 1E Client	Details of companion products
1E	1E Platform requires the 1E Client (with 1E Client platform features enabled) to be installed on all client computers. 1E Platform features: Real-time response to instructions, which supports the retrieval of information using questions, and running actions Tags (freeform and device/coverage) Criticality and Location 1E Client UI to support the Real-Time Control Center, Announcements, Surveys, and Sentiment features of the Experience application # Inventory, including process usage, to support the: 1E Activity Record feature Inventory and other consumer applications. Performance metrics features to support the Experience Analytics application # Policy feature to support consumer applications: Endpoint Automation ##, Experience Analytics #, and Content Distribution # Patch Insights application # Command and script execution Content Distribution Device criticality Manipulation of files and processes Manipulation of the registry and WMI # Security # Software uninstallation User sessions, including Primary User. Modules to support: # not supported on non-Windows, ## partially supported on non-Windows Clients can optionally use the Content Distribution client module of 1E Client to more efficiently download content.
Content Distribution	Content Distribution requires the 1E Client (with Content Distribution client module enabled) to be installed on all client computers, and on Distribution Points if Configuration Manager is used.
Content Distribution	Content Distribution Download Pause is an optional feature of Content Distribution. It requires the 1E Client (with Content Distribution client module enabled) to be installed on all client computers, and 1E Platform.
PXE Everywhere	PXE Everywhere requires the 1E Client (with PXE Everywhere Agent client module enabled) to be installed on all client computers.
Shopping	Shopping requires the 1E Client (with Shopping client module enabled) to be installed on all client computers. This replaces the legacy Shopping Agent.
WakeUp	WakeUp requires the 1E Client (with WakeUp client module enabled) to be installed on all client computers, and WakeUp Servers.

1E companion products that 1E Client features depend on.

Products and features that 1E Client depends on	Details of companion products
1E	1E real-time and other features require 1E Platform and a 1E license.
Content Distribution	1E clients can optionally use Content Distribution (1E Client with Content Distribution client features enabled) to provide more efficient downloading of content.

Firewall ports

1E does not provide a combined diagram showing every component and feature, refer to the communications reference page for each product:

Content Distribution Design Considerations: Diagrams and tables with lists of all the Content Distribution communication ports.
PXE Everywhere Communication ports: A list of communication ports used by PXE Everywhere. Useful, if needed, for network and device firewalls.
Shopping Communication ports: A diagram and a table with a list of all the Shopping communication ports.
NightWatchman Enterprise Communication ports:Tables with lists of all the NightWatchman Enterprise components and their communication ports.

Zscaler and F5 devices can affect the client-to-platform connection, especially with SaaS. To prevent this, ensure the 1E Client uses mutual TLS authentication, and packets are allowed through on port 443.

Anti-virus and malware

Exclude the following from scans to prevent file locking and resource deletion.

1E log files: Refer to Log files.
1E Client temporary directory: We recommend modifying the TemporaryDirectory 1E Client configuration setting to %programdata%\1E\Client\Temp and excluding that directory. Refer to 1E Client settings. TemporaryDirectory must be specified as an absolute path. The directory is not automatically created by 1E Client. It must be created before being set otherwise 1E Client will use its default.
Third-party intrusion detection systems: The 1E Client is used for a number automations that may include random hard drive block performance gathering. During these polls, the 1E Client does not directly access data, or read/store this information. This may cause third- party security tools to register these scans as a potential issue.

Refer to 1E trust, security, and compliance.

Customers using Crowdstrike should ensure that 1E.Client.exe and Tachyon.performance.metrics.exe are included in their allow list.

Digital signing certificates

On Windows computers, the installation MSIs, executables, and DLLs of the 1E software are digitally signed by 1E using the 1E Limited SHA256 signature certificates. These signing certificates are issued by the DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, which in turn is issued by the root CA DigiCert Assured ID Root CA. The SHA256 signature certificate is also countersigned with the Timestamp signature certificate DigiCert SHA256 RSA4096 Timestamp Responder 2025 1, which is issued by the root CA DigiCert Assured ID Root CA.

The root CA certificates (for signing and countersigning) must be present in the Third-Party Root Certification Authorities store, which is replicated in the Trusted Root Certification Authorities store. These root CA certificates are normally automatically provided by Microsoft's Update Root Certificates feature. However, for legacy OS computers in a lab environment that are not connected to the Internet, refer to Supported platforms.