Skip to main content
Barracuda MSP Partner Toolkit

Manually configuring MacOS / OSX for Managed Workplace

Manually configuring MacOS / OSX for Managed Workplace

Before you begin

  • These instructions assume an intermediate familiarity with MacOs, terminal emulators, and bash/shell commands
  • In Managed Workplace, navigate to Site Management -> Sites -> SiteThisDeviceBelongsTo -> Credentials
  • Ensure that there are credentials in place for SNMP, SSH, and optionally VNC.
  • Ensure you know what the passwords are for the configured SSH and VNC credential sets that are configured there.
  • Take note of the SNMP community string(s) you have configured.
  • Log in to the Mac you wish to configure with an Administrator-level account. Make sure you know the password for the account you are logged in with, as you will be prompted for it.

Configure the SNMP Service

  • If the file /etc/snmp/snmpd.conf exists, back it up before proceeding.
  • Open a terminal window
  • Run the following commands from the terminal, replacing
    UndefinedNameError: reference to undefined name 'communitystring' (click for details)
    Callstack:
        at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/ul[2]/li[3]/span, line 1, column 1
    
    with the community string you have configured for the site:

sudo launchctl unload -w /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist
sudo printf "rocommunity

UndefinedNameError: reference to undefined name 'communitystring' (click for details)
Callstack:
    at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[3]/span, line 1, column 1
\nsysobjectid 1.3.6.1.4.1.8072.3.2.16\n" > /etc/snmp/snmpd.conf
sudo launchctl load -w /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist


Create the service account

  • Choose Apple menu -> "System Preferences", then click "Users & Groups".
  • Click the lock icon to unlock it, then enter an the username and password of an existing Administrator
  • Click "Add" below the list of users.
  • Click the "New Account" pop-up menu, then choose Administrator
  • Enter a "Full Name" for the new user. (this can be anything)
  • Change the "Account Name" to be the SSH username you have configured in Managed Workplace
  • Set the password to the SSH password you have configured in Managed Workplace
  • Select "Allow user to administer this computer"
  • Click "Create User"

Configure and hide the service account

  • Open a terminal window
  • Enter the following command:

sudo visudo

  • Ensure that the following line is listed in the sudoers file you just opened, with
    UndefinedNameError: reference to undefined name 'username' (click for details)
    Callstack:
        at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/ul[5]/li/span, line 1, column 1
    
    replaced by the SSH username you have configured in Managed Workplace:

UndefinedNameError: reference to undefined name 'username' (click for details)
Callstack:
    at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[7]/span, line 1, column 1
ALL=(ALL) NOPASSWD: ALL

  • For more information on the visudo command, see the offical documentation (https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man8/visudo.8.html) or read the manual page from the terminal (via the command "man visudo")
  • Save and exit visudo with the command: :wq
  • Optionally, run the following commands from the terminal to hide the service account. As usual, replace
    UndefinedNameError: reference to undefined name 'username' (click for details)
    Callstack:
        at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/ul[6]/li[3]/span, line 1, column 1
    
    with the username you have configured in Managed Workplace:

sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add mei

UndefinedNameError: reference to undefined name 'username' (click for details)
Callstack:
    at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[8]/span, line 1, column 1

sudo mv /Users/

UndefinedNameError: reference to undefined name 'username' (click for details)
Callstack:
    at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[9]/span[1], line 1, column 1
/ /var/
UndefinedNameError: reference to undefined name 'username' (click for details)
Callstack:
    at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[9]/span[2], line 1, column 1
/

sudo dscl . -create /Users/

UndefinedNameError: reference to undefined name 'username' (click for details)
Callstack:
    at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[10]/span[1], line 1, column 1
NFSHomeDirectory /var/
UndefinedNameError: reference to undefined name 'username' (click for details)
Callstack:
    at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[10]/span[2], line 1, column 1


Configure the VNC (Remote Management) service

  • Check to see if the Apple Remote Agent (ARDAgent) service is running (eg. with the Activity Monitor or the ps command)
  • If the service is running, stop it.
  • Open a terminal window
  • Run the following command, replacing
    UndefinedNameError: reference to undefined name 'username' (click for details)
    Callstack:
        at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/ul[7]/li[4]/span[1], line 1, column 1
    
    with a valid username (either the current user or the SSH username Managed Workplace is using), and
    UndefinedNameError: reference to undefined name 'password' (click for details)
    Callstack:
        at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/ul[7]/li[4]/span[2], line 1, column 1
    
    with the VNC password configured in Managed Workplace.

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -privs -all -users

UndefinedNameError: reference to undefined name 'username' (click for details)
Callstack:
    at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[12]/span[1], line 1, column 1
-clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw "
UndefinedNameError: reference to undefined name 'password' (click for details)
Callstack:
    at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[12]/span[2], line 1, column 1
" -restart -agent -privs -all


Enable SSH

  • Open a terminal window
  • Run the following command to see if the com.apple.access_ssh group already exists or not:

sudo dseditgroup com.apple.access_ssh

  • If it does not already exist, run the following command as well:

sudo dseditgroup -o create -q com.apple.access_ssh

  • Run the following command to add the service account to the SSH group, replacing
    UndefinedNameError: reference to undefined name 'username' (click for details)
    Callstack:
        at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/ul[10]/li/span, line 1, column 1
    
    with the SSH username you have configured in Managed Workplace:

sudo dseditgroup -o edit -a

UndefinedNameError: reference to undefined name 'username' (click for details)
Callstack:
    at (Knowledge_Base/Managed_Workplace_(RMM)/Manually_configuring_MacOS_//_OSX_for_Managed_Workplace), /content/body/div/p[16]/span, line 1, column 1
-t user com.apple.access_ssh

  • Run the following command to enable remote login:

sudo systemsetup -setremotelogin on

  • Was this article helpful?