1. Home
  2. Goverlan Reach & MDM User Guides
  3. Goverlan Reach MacOS Client Agent

Goverlan Reach MacOS Client Agent

Goverlan Reach v10 introduces support for MacOS endpoints. Goverlan Reach is now able to provide nearly identical functionality to managing MacOS machines as Windows machines.

Requirements

A Goverlan Reach Agent Client must be installed on the MacOS system in order for it to be managed. The agent can be pushed or installed with a PKG installer.

  1. Enable Remote Login on the MacOS endpoint
  2. Enable MacOS Agent Deployment support in the Goverlan Reach Console
  3. Enter an administrative account in the Goverlan Reach Credential Manager.
  4. Deploy the MacOS Reach Agent (Push or PKG Installation)
  5. Enable Permissions on the MacOS desktop

Enable Remote Login on the MacOS endpoint

Enabling “Remote Login” on the MacOS device is required for remote agent installation and agent management. This step is not required if push based agent installations are not going to be used.

Enabling Remote Login opens up SSH access to the system over the network. This step has to be performed on the MacOS system itself.

Enabling “Remote Login” on a MacOS desktop:

  1. Open System Preferences
  2. Click Sharing
  3. Select “Remote Login”
  4. Leave all settings as default.

Enabling MacOS Agent Deployment support in the Goverlan Reach Console

The Goverlan Reach Console will need to be configured to manage MacOS endpoints.

Enabling Agent Deployment for MacOS

  1. Open the Goverlan Reach Console
  2. Navigate to the Application Tab –> General Settings –> Client Agents
  3. Enable Agent Deployment for MacOS

Configuring Credentials for MacOS end points

Goverlan supports managing Active Directory Domain Joined and Non AD Joined MacOS computers. It is required that the proper credentials be loaded in to the Goverlan Credential Manager in order to access the remote MacOS system. Credentials can be local or domain credentials. See Using Alternate Credentials for further details.

Deploy the MacOS Agent

Once the “Remote Login” setting is enabled in MacOS and the proper credentials are stored in the Goverlan Credential Manager, the MacOS agent can be deployed using push based methods. Alternatively, a PKG file can be generated using the Goverlan Agent Manager. See the Goverlan Agent Manager for more information.

Granting the Goverlan Agent permissions on the MacOS workstation

MacOS requires explicit permissions be granted to the Goverlan Agent Application for remote administration.

The following permissions are required:

  •  Screen Recording
  • Full Disk Access
  • Accessibility

These permissions grant the Goverlan MacOS agent the ability to perform administrative tasks. These permissions must be granted by an account on the MacOS system that has administrative privileges and must be done manually.

To grant the required permissions to the remote system:

  1. Open the Goverlan Reach Client Configuration App on the MacOS system
  2. Click the System Access Tab
  3. For each permission, click Review Access

The MacOS system will ask for permission for each item.

NOTE:

If these permissions are not granted, several features in the Goverlan Reach Console will not function properly. Currently, Goverlan Reach does not support setting these permissions remotely.

 

Updated on February 23, 2021

Related Articles