1E PowerShell Toolkit release notes

Platform support:

  • 1E 8.2 and ongoing SaaS releases.
  • Tachyon 8.0 and ongoing on-premises releases; however, it should also work with earlier versions of the platform that are out of support.

Version 1.2.25

  • We added the Invoke-1EInventoryRebuild cmdlet.

Version 1.2.24

  • We added the get-1einstructioninfo and update-1einstructioninfo cmdlets.

  • We added the set-1etenantid cmdlet.

  • We added the set-1edefaultinstructionsigningcert cmdlet.

  • We removed the dependency on tachyon.instructionsigner.exe. The Toolkit can now sign XML files directly.

  • We fixed an issue where the update-1eresource cmdlet would fail if the instruction only contained that single resource.

  • We added the add-1etriggertemplate and remove-1etriggertemplate cmdlets.

  • We modified the get-1eplatformtoken cmdlet to handle legacy and elastic SaaS environments in terms of differing assertion format.

  • We added the get-1econfigurationsettings, get-1econfigurationsetting, and set-1econfigurationsetting cmdlets.

Version 1.2.23

  • We fixed regex in doPkceGrantFlow used by get-1ebearertoken for interactive login testing so it works with KeyCloak, and we added the prompt=login oAuth parameter so that all identity providers always prompt for a full login.

  • We fixed an issue where get-1epolicy could return invalid JSON.

  • We added the -Version parameter to the update-1eresource cmdlet.

  • We added support for v8.1 Surveys APIs.

Version 1.2.22

  • We fixed an issue of version 1.2.21 where it was giving a warning while importing the 1EPowerShellToolkit files.

Version 1.2.21

  • We added Windows AD certificate management cmdlets for JWT authentication. Applicable for Windows-based authentication.
    • Get-1EWindowsAdCertificateInfo
    • Get-1EWindowsAdCertificate
    • Set-1EWindowsAdCertificate
    • Remove-1EWindowsAdCertificate

Version 1.2.20

  • We added the Update-1EResource cmdlet.
  • The Get-1EResourceInfo cmdlet was not correctly returning resource information from instructions. This has been corrected.

Version 1.2.19

  • We added management group safeguarding cmdlets.

Version 1.2.18

  • We added the Connect-1EPowerBI cmdlet.

Version 1.2.17

  • We added the Set-1ESurveyManagementGroup cmdlet.
  • Workaround for API issues with importing surveys so that the Import-1ESurvey cmdlet correctly sets the management group assignments and enabled status of a survey when imported.

Version 1.2.16

  • You can now escape any URL parameters so that instruction set names and other entities passed as part of a URL that contain special characters are handled correctly.
  • We added the Get-1ELicenseInfo cmdlet.

Version 1.2.15

  • When exporting any entity that is represented as XML, attribute values are now properly escaped so that, for example, embedded quotes map to " etc.
  • The Get-1EGroupMember cmdlet did not translate the group name to base 64 before calling the API.
  • The Add-1EJwtPrincipalMapping cmdlet now checks that the principal exists on the RBAC subsystem or is a member of a group on RBAC.

Version 1.2.14

  • We added the following new cmdlets: Add-1EConsumer, Remove-1EConsumer, Update-1EConsumer, and Update-1EEventSubscription.
  • We add the -Path parameter to Add-1EEventSource to support JSON directly from a file.

Version 1.2.13

  • We added functionality to Get-1EBearerToken to support obtaining bearer tokens interactively.
  • We added the new Invoke-1EIdentityProviderAPI cmdlet to allow identity provider APIs to be directly called for test purposes.

Version 1.2.12

  • We added cmdlets to get and set platform settings.

Version 1.2.11

  • When an expression tree is created for either scope or management group expressions, operators are coerced to lowercase. This is to resolve an API validation issue with the SLA subsystem where operators are not case normalized, causing subsequent UI misinterpretation of the expression operators. Note that the consumer scope APIs accept operators in either case correctly.
  • The update-1eslamanagementgroup cmdlet now accepts a JSON expression tree directly as well as parsing a human-readable expression. This is to mitigate an issue where currently an expression containing multiple AND or OR terms is not flattened out into a single management group rule. Although the rule functions correctly, it appears as a nested set of AND or OR terms in the UI, which can be confusing.

Version 1.2.10

  • Rules and policies containing names which would cause XML serialization issues have the characters in these names mapped to a hyphen (-) during export
  • We added the Get-1EAnnouncementResponse cmdlet.
  • Platform migration support cmdlets have been added to the PS Toolkit.

Version 1.2.9

  • The Remove-1ESLAManagementGroup cmdlet can now recursively remove parent/child MG hierarchies if the -Force flag is used and enumerate what these would be if the -WhatIf flag is specified. 
  • The New-1ESLAManagementGroup cmdlet now accepts a rule in internal JSON expression tree format as well as human-readable format, facilitating the copying or export/import of management groups and rules.
  • The New-1ESLAManagementGroup cmdlet resolves a breaking change in the API model that caused management group creation to fail on recent 23.x releases of the platform.
  • The Get-1ESLAManagementGroup cmdlet now accepts an -IncludeChildren flag which will enumerate all descendents (if any) of the management group specified.
  • The Get-1EBearerToken cmdlet now allows a custom scope to be requested for applications such as obtaining a bearer token that can access the Azure Key Vault.
  • The Get-1EBearerToken cmdlet now supports retrieving a bearer token using a managed identity as well as a shared secret or JWT signing certificate.
  • The Set-1EServer cmdlet now supports a shared secret and vault appid parameter to allow certificates for non-interactive authentication to be retrieved without using managed identities.
  • The Set-1EServer cmdlet now supports an X509 certificate object as a direct parameter to allow callers who can get a certificate by whatever means to then authenticate with it.
  • The Get-1ECertificateFromKeyVault cmdlet now supports the use of a shared secret to retrieve certificates from the vault as well as a managed identity.
  • We added the Get-1EPermissionForPrincipal cmdlet.
  • We added the New-1ESecurableType cmdlet.
  • We added the Remove-1ESecurableType cmdlet.
  • We added the New-1EOperationForSecurableType cmdlet.
  • We added the Remove-1EOperationForSecurableType cmdlet.
  • We added the Get-1ECertificateFromStore cmdlet.
  • An issue has been corrected where a created JWT could have non-integral issue and expiry time members, causing authentication failure under PowerShell Core in some scenarios.
  • The Get-1ESurvey cmdlet did not correctly retrieve surveys by name and did not throw an exception when an invalid survey name was provided. This has been corrected.
  • The Import-1ESurvey cmdlet now accepts a JSON survey string as an input parameter as well as a file path.

Version 1.2.8

  • The buffer size for websockets has been increased to resolve scenarios where users with a huge number of groups caused interactive authentication to fail due to token truncation.
  • The get-1eresultascsv cmdlet using -raw as the input now uses stream processing and does not consume large amounts of memory; it will convert 4G of raw data in about an hour.
  • Interactive authentication now supports multi-tenant authentication but remains backward-compatible with all releases.
  • The remove-1epolicyrule cmdlet did not operate correctly. This has been corrected.

Version 1.2.7

  • We resolved an issue where platform releases 23.x reported an error regarding incorrect platform version for some cmdlets.

    Version 1.2.6 was not released externally.

Version 1.2.5

  • We changed the model for the Set-1ESLADirectManagementGroup cmdlet to address breaking change made in recent versions of the platform. No documentation or behavioral changes.

Version 1.2.4

  • We removed quotes around the 'exp' and 'iat' properties of a created JWT. While these JWTs are accepted by most identity providers, PingFederate rejects them with the quotes. They should be integer values, unquoted. This is compliant with the appropriate standard and accepted by all IdPs.
  • We added -UseBasicParsing to all uses of invoke-webrequest. Previously only some invocations had this parameter added. This avoids an error when run on systems which have never had Internet Explorer installed.
  • We modified the get-1eeventsource cmdlet to accept an optional Id parameter.
  • We modified the add-1eeventsubscription cmdlet to accept an optional SourceId parameter.
  • We added the following new cmdlets: add-1eeventsource, remove-1eeventsource, and update-1eeventsource.

Version 1.2.3 (web release March 7, 2023)

  • We changed the status check for retrieving instruction results so that an instruction which has been canceled (and is in the 'canceling' state) can still have results retrieved.

Version 1.2.2

  • We added the -PrincipalName parameter to the update-1eprincipal cmdlet.
  • We added the convert-1eprincipal cmdlet.

Version 1.2.1

  • The get-1einstructioninset cmdlet now requests that all instructions, including server-side instructions, are retrieved. Previously, due to an API change, these instructions would not have been returned.

Version 1.2.0  (web release February 15, 2023)

  • Files and cmdlet prefixes have been changed to reflect company rebranding and product renaming.

    • The Tachyon PowerShell Toolkit is now called 1E PowerShell Toolkit.

    • The cmdlets' prefix is now 1E instead of Tachyon. For example, Set-1EServer instead of Set-TachyonServer.

    • For backwards compatibility, refer to Compatibility with legacy scripts to learn how to reconfigure the new toolkit to use the Tachyon prefix.

      Previous release notes retain the original cmdlet names.

  • A failure during non-interactive authentication is now reported as a thrown exception.

Version 1.1.46

  • DENY permission exists, but has never been supported. The Toolkit has been fixed so that it no longer allows DENY permission.

Version 1.1.45

  • We fixed an issue with the get-tachyontriggertemplate -asxml where agent parameters were empty.

Version 1.1.44

Version 1.1.43 (web release November 3, 2022)

  • We added the get-tachyonrulehistory cmdlet.

Version 1.1.42

  • We added the -metadataendpoint parameter to the get-tachyonjwt cmdlet.
  • We added the get-tachyonsignedjwt cmdlet.

Version 1.1.41

  • We added the get-tachyonconnector cmdlet.
  • We added the get-tachyonconnectortype cmdlet.
  • We added the update-tachyonconnector cmdlet.

Version 1.1.40

  • We added the -ReceivedOnly param to get-tachyonresultsacsvfile.
  • We change the behavior of received data logic so that if an instruction transitions to complete, then the final received count is taken as the total data set, even if statistics say more devices were targeted than responded. This prevents retry timeouts trying to return data from instructions that were launched from the UI where the scope is dynamic and the statistics may never match up. Instructions launched from the toolkit use targeted FQDNs and are less likely to exhibit this issue.

Version 1.1.39

  • We added the Move-TachyonInstruction cmdlet.
  • Support for OAuth 2.0 (interactive and non-interactive sign in).

Version 1.1.38

  • We added support for full rule modification in update-tachyonrule. It is now possible to update all rule components (or add or remove them), changing parameters if necessary.

Version 1.1.37

  • We added support for shared secret in get-tachyonbearertoken to support Ping identity provider.

Version 1.1.36

  • We fixed an issue in PowerShell Core where get-content -raw returned incorrect length for binary files, causing dynamic file copy to fail and new-tachyonresource to compute an incorrect length for binary resources.

Version 1.1.35

  • We now support repeated trigger template Ids in add-tachyonrule.

Version 1.1.34

Version 1.1.33

  • We added support for Accessing Certificates from the Azure Key Vault and Managing certificates with the Azure Credential Vault.

Version 1.1.32

  • We added support for certificate retrieval from keystore in Linux.

Version 1.1.31

  • We fixed an issue with JWT creation under PowerShell Core.

Version 1.1.30

  • We added functionality to create rules for Guaranteed State and update existing rules (partial functionality).

Version 1.1.29

  • We fixed an issue with certificate KID base 64 url encoding.

Version 1.1.28

  • We fixed an issue with raw HTTP requests when using override NTLM credentials.

Version 1.1.27

  • We fixed a variable misspelling that could cause Tachyon version not to be set when connecting.

Version 1.1.26

  • We added the -name and -force parameters to get-tachyonprincipal and remove-tachyonprincipal.

Version 1.1.25

  • We now support SID for legacy systems when adding principal.
  • We corrected Okta scope issues.

Version 1.1.24

  • We added the get-jwkfromcertificate cmdlet.

Version 1.1.3

  • No functional changes.
  • We resolved an issue where values in scope expressions that contained reserved operators such as 'India' which contains the reserved operator 'in' were not parsed correctly, causing an error to be returned when these values were used in comparisons.

Version 1.1.2

  • No functional changes.
  • The Export-TachyonFragment cmdlet could return an error when invoked. It now correctly defaults the file extension on exported fragments to XML when no extension is provided. 
  • The Export-TachyonPolicy cmdlet did not include override parameter values for fragments in the exported policy.
  • The Invoke-TachyonDynamic cmdlet, when used with the -Files option to copy files, did not correctly handle file names with embedded spaces.

Version 1.1.1 (web release February 8, 2022)

  • No functional changes.
  • Cmdlets referencing Coverage tags now refer to Device tags (due to change in Tachyon 8.0).
  • Cmdlets referencing Scheduled tasks now refer to Schedules.

Version 1.1.0

  • We added the -Credential parameter to the set-tachyonserver cmdlet to allow alternate credentials to be supplied when connecting using Windows authentication.

Version 1.0.2

  • We added support for exporting Guaranteed State policies and their components in XML format and to create an integrated product pack ZIP file from a policy and its components.
  • We fixed an encoding issue when exporting fragments that contained non-ASCII unicode characters.
  • We renamed the search-tachyonserver cmdlet to search-tachyoninstruction.

Version 1.0.1

  • Version 1.0.1 was an internal release only and was not distributed.

Version 1.0.0

  • We fixed an incorrect version prerequisite checking for the Invoke-TachyonWMIQuery cmdlet.
  • We added a check for a proxy connection access denied error.

Version 0.8.24

  • We added support for scheduled tasks and conditional action scripts.
  • We added the Get-TachyonInstructionResultFqdn cmdlet.
  • We added the -Offload parameter to the invoke-tachyoninstruction cmdlet.

Version 0.8.23

  • We added support for SLA management groups.
  • We added support for Experience surveys.

Version 0.8.22

  • We added support for Tachyon Proxy client certificate authentication.

Version 0.8.21

  • We added support for the new v8 management group API to associate role/principal pairs with management groups.
  • We reinstated the add/remove role and add/remove permissions cmdlets now that management groups have been refactored.

Version 0.8.20

  • We added support for the Tachyon Proxy Server (proxy for Consumer Authentication).

Version 0.8.19

  • We added the -Force parameter to the invoke-tachyondynamic and new-tachyonresource cmdlets to allow the remote device PowerShell execution policy to be overridden.

Version 0.8.17

  • We added the -Csv parameter to the Invoke-TachyonInstruction cmdlet.

Version 0.8.16

  • We added the WMI cmdlet. 
  • We added the -Id and -Name parameters to the Get-TachyonInstruction cmdlet.
  • We changed all of the online help examples to ensure that the Tachyon prefix was correctly included in the cmdlet name.

Version 0.8.15

  • We added credential management cmdlets.