1. Home
  2. Goverlan Reach & MDM User Guides
  3. Goverlan Reach MacOS Client Agent

Goverlan Reach MacOS Client Agent

Goverlan Reach v10 introduces support for MacOS endpoints. Goverlan Reach is now able to provide nearly identical functionality to managing MacOS machines as Windows machines.

See the v9 to v10 Migration guide for information about upgrading to Goverlan Reach v10.

Requirements

A Goverlan Reach Client Agent must be installed on the MacOS system to manage it. The agent can be pushed through the console or manually installed via a PKG installer.

Supported MacOS Versions:

  • Mojave
  • Catalina
  • BigSur
NOTE:

M1  Based Chips are not supported at this time.

Push Based Installation

  1. Enable Remote Login on the MacOS endpoint.
  2. Enable MacOS Agent Deployment support in the Goverlan Reach Console.
  3. Enter an administrative account in the Goverlan Reach Credential Manager.
  4. Push the MacOS Reach Agent via the Goverlan Reach Console.
  5. Enable Permissions on the MacOS desktop.

Manual PKG Installer

  1. Enter an administrative account in the Goverlan Reach Credential Manager.
  2. Deploy the MacOS Reach Agent with a PKG file.
  3. Enable Permissions on the MacOS desktop.

Enable Remote Login on the MacOS endpoint

Enabling “Remote Login” on the MacOS device is required for remote agent installation and agent management. This step is not required if push based agent installations are not going to be used.

Enabling Remote Login opens up SSH access to the system over the network. This step has to be performed on the MacOS system itself.

Enabling “Remote Login” on a MacOS desktop:

  1. Open System Preferences, click Sharing, then select Remote Login.
  2. Select the Remote Login checkbox.
  3. Selecting Remote Login also enables the secure FTP (sftp) service.
  4. Specify which users can log in:
    • All users: Any of your computer’s users and anyone on your network can log in.
    • Only these users: Click the Add button then choose who can log in remotely. Users & Groups includes all the users of your Mac. Network Users and Network Groups include people on your network. The user credentials will then need to be added to the Goverlan Credential Manager.

Enabling MacOS Agent Deployment support in the Goverlan Reach Console

The Goverlan Reach Console will need to be configured to manage MacOS endpoints.

Enabling Agent Deployment for MacOS

  1. Open the Goverlan Reach Console
  2. Navigate to the Application Tab –> General Settings –> Client Agents
  3. Enable Agent Deployment for MacOS

Enable MacOS Agent Deployment

Configuring Credentials for MacOS end points

Goverlan supports managing Active Directory Domain Joined and Non AD Joined MacOS computers. It is required that the proper credentials be loaded in to the Goverlan Credential Manager in order to access the remote MacOS system. Credentials can be local or domain credentials. See Using Alternate Credentials for further details.

Deploy the MacOS Agent

Once the “Remote Login” setting is enabled in MacOS and the proper credentials are stored in the Goverlan Credential Manager, the MacOS agent can be deployed using push based methods.

Alternatively, a PKG file can be generated using the Goverlan Agent Manager. See the Goverlan Agent Manager for more information.

Granting the Goverlan Agent permissions on the MacOS workstation

MacOS requires explicit permissions be granted to the Goverlan Agent Application for remote administration.

The following permissions are required:

  •  Screen Recording
  • Full Disk Access
  • Accessibility

These permissions grant the Goverlan MacOS agent the ability to perform administrative tasks. These permissions must be granted by an account on the MacOS system that has administrative privileges and must be done manually.

To grant the required permissions to the remote system:

  1. Open the Goverlan Reach Client Configuration App on the MacOS system
  2. Click the System Access Tab
  3. For each permission, click Review Access

The MacOS system will ask for permission for each item. If permissions need to be re-enabled, click the Review System Access button to request access.

Access does not need to be requested again after the initial installation of an agent. All subsequent installations will use the same permissions.

 

MacOS System Access Permissions

NOTE:

If these permissions are not granted, several features in the Goverlan Reach Console will not function properly. Currently, Goverlan Reach does not support setting these permissions remotely.

 

Updated on April 12, 2021

Related Articles