Manually configuring MacOS / OSX for Managed Workplace
Manually configuring MacOS / OSX for Managed Workplace
Before you begin
- These instructions assume an intermediate familiarity with MacOs, terminal emulators, and bash/shell commands
- In Managed Workplace, navigate to Site Management -> Sites -> SiteThisDeviceBelongsTo -> Credentials
- Ensure that there are credentials in place for SNMP, SSH, and optionally VNC.
- Ensure you know what the passwords are for the configured SSH and VNC credential sets that are configured there.
- Take note of the SNMP community string(s) you have configured.
- Log in to the Mac you wish to configure with an Administrator-level account. Make sure you know the password for the account you are logged in with, as you will be prompted for it.
Configure the SNMP Service
- If the file /etc/snmp/snmpd.conf exists, back it up before proceeding.
- Open a terminal window
- Run the following commands from the terminal, replacing (click for details)with the community string you have configured for the site:
Callstack: at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/ul[2]/li[3]/span, line 1, column 1
sudo launchctl unload -w /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist
sudo printf "rocommunity
(click for details)
\nsysobjectid 1.3.6.1.4.1.8072.3.2.16\n" > /etc/snmp/snmpd.conf Callstack:
at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[3]/span, line 1, column 1
sudo launchctl load -w /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist
Create the service account
- Choose Apple menu -> "System Preferences", then click "Users & Groups".
- Click the lock icon to unlock it, then enter an the username and password of an existing Administrator
- Click "Add" below the list of users.
- Click the "New Account" pop-up menu, then choose Administrator
- Enter a "Full Name" for the new user. (this can be anything)
- Change the "Account Name" to be the SSH username you have configured in Managed Workplace
- Set the password to the SSH password you have configured in Managed Workplace
- Select "Allow user to administer this computer"
- Click "Create User"
Configure and hide the service account
- Open a terminal window
- Enter the following command:
sudo visudo
- Ensure that the following line is listed in the sudoers file you just opened, with (click for details)replaced by the SSH username you have configured in Managed Workplace:
Callstack: at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/ul[5]/li/span, line 1, column 1
(click for details)
ALL=(ALL) NOPASSWD: ALL
Callstack:
at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[7]/span, line 1, column 1
- For more information on the visudo command, see the offical documentation (https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man8/visudo.8.html) or read the manual page from the terminal (via the command "man visudo")
- Save and exit visudo with the command: :wq
- Optionally, run the following commands from the terminal to hide the service account. As usual, replace (click for details)with the username you have configured in Managed Workplace:
Callstack: at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/ul[6]/li[3]/span, line 1, column 1
sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add mei
(click for details)
Callstack:
at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[8]/span, line 1, column 1
sudo mv /Users/
(click for details)
/ /var/ Callstack:
at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[9]/span[1], line 1, column 1
(click for details)
/
Callstack:
at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[9]/span[2], line 1, column 1
sudo dscl . -create /Users/
(click for details)
NFSHomeDirectory /var/ Callstack:
at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[10]/span[1], line 1, column 1
(click for details)
Callstack:
at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[10]/span[2], line 1, column 1
Configure the VNC (Remote Management) service
- Check to see if the Apple Remote Agent (ARDAgent) service is running (eg. with the Activity Monitor or the ps command)
- If the service is running, stop it.
- Open a terminal window
- Run the following command, replacing (click for details)with a valid username (either the current user or the SSH username Managed Workplace is using), and
Callstack: at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/ul[7]/li[4]/span[1], line 1, column 1
(click for details)with the VNC password configured in Managed Workplace.Callstack: at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/ul[7]/li[4]/span[2], line 1, column 1
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -privs -all -users
(click for details)
-clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw " Callstack:
at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[12]/span[1], line 1, column 1
(click for details)
" -restart -agent -privs -all
Callstack:
at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[12]/span[2], line 1, column 1
Enable SSH
- Open a terminal window
- Run the following command to see if the com.apple.access_ssh group already exists or not:
sudo dseditgroup com.apple.access_ssh
- If it does not already exist, run the following command as well:
sudo dseditgroup -o create -q com.apple.access_ssh
- Run the following command to add the service account to the SSH group, replacing (click for details)with the SSH username you have configured in Managed Workplace:
Callstack: at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/ul[10]/li/span, line 1, column 1
sudo dseditgroup -o edit -a
(click for details)
-t user com.apple.access_ssh
Callstack:
at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[16]/span, line 1, column 1
- Run the following command to enable remote login:
sudo systemsetup -setremotelogin on