Tanium Provision: Add a Choose Job Profile Prompt

This article shows two ways to create a job profile tag during Tanium Provision deployment. The tag can then be used to target a software package or an application bundle after the operating system deployment.

The first method uses a native Key Value Entry. The second method uses a custom PowerShell script. Both methods create a tag on the newly deployed computer.

Solution 1: Key Value Entry

This is the simplest option. Use it when you only need to ask the technician to select a value from a predefined list.

Configuration

  • Edit the Provision bundle, scroll to the bottom, and open Key Value Entries.
Tanium Provision key value entries section
  • Select Add Key Value.
Tanium Provision add key value button
  • Create a new key for the profile selection. In this example, the key is ProfileMetier.
Tanium Provision create ProfileMetier key
  • Select the required Prompt Type.
Tanium Provision prompt type selection
  • Add the allowed values for the key.
Tanium Provision key value allowed values
  • Save the bundle.

Provision Deployment

  • During deployment, the technician selects the required profile.
Tanium Provision choose job profile prompt
  • After deployment, the selected value is available as a tag on the new computer.
Tanium Provision profile tag on deployed computer

Solution 2: Custom PowerShell Script

Use this option when the prompt must be more customizable than the native Key Value Entry. The menu appears later in the deployment workflow, but the logic is fully controlled by the PowerShell script.

Use one or more of the following script names, depending on when you want your scripts to run:

  • Customer-PE-Pre.ps1: called at the start of the Windows PE phase, before applying the OS image.
  • Customer-PE.ps1: called at the end of the Windows PE phase, after applying the OS image, injecting drivers and updates, and placing the unattend.xml file.
  • Customer-Pre.ps1: called at the start of the Windows configuration process, before installing the Tanium Client or joining Active Directory / Azure AD.
  • Customer.ps1: called at the end of the Windows configuration process, as the last action before completion.

Reference: Tanium Provision advanced configuration.

Configuration

  • Edit the Provision bundle, scroll to the bottom, and open Scripts and Other Files.
Tanium Provision scripts and other files section
  • Add the custom files required by the PowerShell script.

Download the sample files from GitHub: Tanium Provision Add a Choose Job Profile Prompt.

Tanium Provision custom PowerShell files

Provision Deployment

The custom menu is displayed later than the Key Value Entry prompt. The advantage is that the PowerShell script can be adapted to your naming rules, profile list, or validation logic.

Tanium Provision custom PowerShell job profile menu
  • After deployment, the expected tags are also available on the computer.
Tanium Provision custom script profile tag result

Software Deployment

For both methods, the generated tag can be used to target a software package or an application bundle.

  • Create or edit the application bundle.
  • Add a targeting rule based on the custom tag.
  • Deploy the bundle only to computers matching the selected profile.
Tanium Deploy application bundle targeting
  • Select the custom tag created during Provision deployment.
Tanium Deploy custom tag selection