Approach to Mac management with quick deployment options, easy app delivery and end-to-end security. As an Apple mobility partner, AirWatch is committed to supporting macOS and Apple programs for businesses and schools. KEY BENEFITS. Enable Mac management for the enterprise with unified endpoint management in a single solution. Eliminate.
- Generally a distinct example is down load and installing new app in your Android Product. Soon after ending at all, you are capable to implement AirWatch Agent For Laptop Home windows 10/seven/eight or Mac Many thanks for Read. Airwatch For Macbook. Tl wn321g v4 driver for mac. Without using Bootstrap, the AirWatch Agent must be installed.
- Get industry-leading iOS MDM and same-day support for new operating system releases with AirWatch. Try it free for 30 days. Cookie Settings.
#!/bin/sh |
[[ $EUID 0 ]] || { echo'Must be run as root.';exit; } |
PKGNAME=AgentUninstaller |
LOG=/tmp/$PKGNAME.log |
touch $LOG |
chmod a+rw $LOG |
DAEMON_PLIST='/Library/LaunchDaemons/com.airwatch.airwatchd.plist' |
AGENT_PLIST='/Library/LaunchAgents/com.airwatch.mac.agent.plist' |
AWCM_PLIST='/Library/LaunchDaemons/com.airwatch.awcmd.plist' |
SCHEDULER_PLIST='/Library/LaunchDaemons/com.airwatch.AWSoftwareUpdateScheduler.plist' |
REMOTE_PLIST='/Library/LaunchDaemons/com.airwatch.AWRemoteManagementDaemon.plist' |
REMOTETUNNEL_PLIST='/Library/LaunchDaemons/com.airwatch.AWRemoteTunnelAgent.plist' |
WriteLog () |
{ |
# /bin/echo `date`' '$1 >> $LOG |
/bin/echo `date`''$1 |
} |
val=$(/usr/libexec/PlistBuddy -c 'Print ProgramArguments:0''${AGENT_PLIST}') |
if [[ $val*'VMware AirWatch Agent'* ]];then |
WriteLog 'VMware Agent needs to be Unloaded' |
LOCAL_USER=`ps -ajx | grep '/Applications/VMware AirWatch Agent.app/Contents/MacOS/VMware AirWatch Agent'| grep -v grep | awk '{ print $1 }'` |
else |
WriteLog 'AirWatch Agent needs to be Unloaded' |
LOCAL_USER=`ps -ajx | grep '/Applications/AirWatch Agent.app/Contents/MacOS/AirWatch Agent'| grep -v grep | awk '{ print $1 }'` |
fi |
WriteLog 'Local user is $LOCAL_USER' |
WriteLog 'Modifying launchd plists' |
/usr/libexec/PlistBuddy -c 'Delete :KeepAlive'$DAEMON_PLIST |
/usr/libexec/PlistBuddy -c 'Delete :KeepAlive'$AGENT_PLIST |
/usr/libexec/PlistBuddy -c 'Delete :KeepAlive'$AWCM_PLIST |
/usr/libexec/PlistBuddy -c 'Delete :KeepAlive'$SCHEDULER_PLIST |
/usr/libexec/PlistBuddy -c 'Delete :KeepAlive'$REMOTE_PLIST |
/usr/libexec/PlistBuddy -c 'Delete :KeepAlive'$REMOTETUNNEL_PLIST |
WriteLog 'Unloading the plists' |
/bin/launchctl unload $DAEMON_PLIST |
/bin/launchctl unload $AWCM_PLIST |
/bin/launchctl unload $SCHEDULER_PLIST |
/bin/launchctl unload $REMOTE_PLIST |
/bin/launchctl unload $REMOTETUNNEL_PLIST |
su - ${LOCAL_USER}'/bin/launchctl unload $AGENT_PLIST' |
WriteLog 'Removing plists' |
/bin/rm $DAEMON_PLIST |
/bin/rm $AGENT_PLIST |
/bin/rm $AWCM_PLIST |
/bin/rm $SCHEDULER_PLIST |
/bin/rm $REMOTE_PLIST |
/bin/rm $REMOTETUNNEL_PLIST |
WriteLog 'Removing AirWatch folder except recovery key file' |
cd'/Library/Application Support/AirWatch' |
rm -f airwatchd awcmd AWSoftwareUpdateScheduler AWRemoteManagementDaemon AWRemoteTunnelAgent |
rm -rf '/Library/Application Support/AirWatch/FrameWorks' |
rm -rf '/Library/Application Support/AirWatch/Installation' |
shopt -s extglob |
if [ -d'/Library/Application Support/AirWatch/Data' ];then |
cd'/Library/Application Support/AirWatch/Data' |
rm -rf !(FDE.plist|settings|encKeys) |
fi |
WriteLog 'Removing agent and helper binaries' |
rm -rf '/Users/$LOCAL_USER/Applications/AirWatch Agent.app/' |
rm -rf '/Applications/AirWatch Agent.app/' |
rm -rf '/Applications/VMware AirWatch Agent.app/' |
pidAWAgent=`pgrep -x 'AirWatch Agent'` |
pidVMAgent=`pgrep -x 'VMware AirWatch Agent'` |
WriteLog 'AirWatch Agent PID is $pidAWAgent' |
WriteLog 'VMWare Agent PID is $pidVMAgent' |
kill -9 $pidAWAgent |
kill -9 $pidVMAgent |
if [ -d'/Users' ];then |
cd'/Users' |
forUSERNAMEin`ls`;do |
rm -rf '/Users/$USERNAME/Library/Preferences/com.airwatch.mac.agent.plist'||true |
rm -rf '/Users/$USERNAME/Library/Preferences/com.airwatch.mac.enroller.plist'||true |
rm -rf '/Users/$USERNAME/Library/Preferences/com.aiwatch.mac.enroller.plist'||true |
done |
fi |
commented Dec 11, 2019
As I’ve discussed before, I work in a high-compliance organization, meaning, when OS updates are released, we need to be able to test them, roll the updates out to customers, and then ensure their successful installation. Up until recently, we had been using LANrev for Mac management and patching, which had the interesting ability to run the softwareupdate
utility on a client machine, grab that update package(s), and then upload them to the server. With this method, we would deploy the OS update package like any other to the devices that required the update, after being vetted and approved internally. And overall it worked well. Since the update was treated as a standard package, the typical install status and reporting in LANrev worked the same way. We could audit failures, successes, etc., and repush the update as needed. This however became less and less stable over time, specifically starting with 10.12, where the updates would never install successfully on clients. Once we moved to AirWatch, I was happy to find that they also had an OS update mechanism in place. Their agent was able to download and install updates also using the softwareupdate
utility (more on that later), and also interact with the VMware AirWatch Agent GUI in order to show prompts to customers and alert them that they needed to reboot, among other things.
In order to utilize the AirWatch Agent for Software Updates, you need to create a “Software Update” profile in AirWatch for macOS. This looks like so:
This profile specifies things like:
- Update Source – This can be pointed at Apple’s catalogs, or an internal SUS
- How to install updates and what updates to install – This has options like “Install Updates Automatically,” or “Download updates in the background,” or “Check for updates only.” It also specifies whether macOS beta updates should be allowed, or app updates should be installed by the Agent.
- Schedule – This allows you to schedule how often to check for software updates.
- Restart – This allows specifying whether or not the agent should restart after updates are installed (for those that require a reboot), and should the customer be given a grace period before the reboot is forced.
Once you have those settings in place, you can push that profile to the client, and two things should happen: Picasa for mac viewer.
- A Software Update profile should get installed with any customizations to things like the Software Update Server
- A launch daemon and plist file should end up on the device which are used by the AirWatch agent
So why talk about any of this in the first place? AirWatch does make this quite easy to setup, so is a blog post really necessary? Probably not… But, we recently noticed that devices were not being updated even though the Software Update profile was on the system. This unfortunately meant that if new updates were made available, the devices may see them in the App Store like normal, but we couldn’t ensure their installation, and thus our device’s compliance. The other issue is that since AirWatch does some under the hood magic when setting this profile up with regards to the agent actually enforcing the updates, there was no indication from our console that anything had gone wrong. AirWatch saw that the profile was reported as being installed on the device, so why would it think anything was wrong?
Once I realized we had a bit of an issue with the launch daemon not being present on the systems, the first thing I did was open a ticket with AirWatch to report it!
I started thinking of other ways we could automate software updates, and now that we have a Chef infrastructure setup, I figured that should be pretty easy. We would just need to setup a launch daemon that calls the softwareupdate
utility, and then the next time the customer rebooted their machines, the latest updates would all get installed.
No, don’t do this. This does not offer us very good compliance, as we know customers often go days, weeks, maybe months, maybe only once something stops working, before rebooting their machines. AirWatch has also done all of the hard work for us in having their agent be able to alert a customer, set deferral times, and enforce the reboot if needed, and I wanted to make sure those efforts didn’t go wasted!
I started looking at what was happening on a device that had the Software Update profile installed, and found that on devices that were being successfully updated, a launch daemon was present that was not on other systems. The launch daemon was called com.airwatch.AWSoftwareUpdateScheduler.plist
and looked something like this:
If you downloaded Office from the Mac App Store, and have automatic updates turned on, your apps will update automatically. But you can also manually download the updates: Open the Mac App Store from your Dock or Finder. Click Updates on the left side menu, then click Update All, or the Update button next to the apps that you want to update. If you've activated Office for Mac 2016 but are still seeing a message that says 'You need to activate Office for Mac within X days,' please try these steps to resolve your issue: Run the License Removal Tool. In Spotlight Search (the magnifying glass) on your Mac, search for and open Keychain Access. Office ru for mac 7. When the Welcome to Office: Mac 2011 screen appears, select the option, Enter your purchased product key. Enter the product key from the retail package of Office for Mac 2011, and then click Activate. Save your Product ID information, click Continue, and then click Done. If prompted, install any updates. AutoRecover, a feature that is available in some Office applications, attempts to recover files automatically in the event of an application or system crash. It does this by periodically saving a copy of the file in the background. By default, AutoRecover saves a recovery file every 10 minutes.
This declares two important things, 1) the binary to run (AWSoftwareUpdateScheduler
), and 2) the interval at which to run that binary, which corresponded to the software update check interval we set in our Software Update profile.
In calling this binary manually and monitoring the logs that it spits out, it became clear that at its core, it was in fact just calling the Apple softwareupdate
utility. But, it also opened a socket to the AirWatch agent binary in order to be able to show the prompts to the user regarding the reboots, and could essentially wait idle for an extended time and then reboot the machine, again after notifying the user. The interesting thing was when calling this binary on a device that had the Software Update profile installed, had a macOS Update available, but did not have the launch daemon present, it would run the softwareupdate
utility, the update would get installed/staged, but that would be it. There would be no GUI prompt or anything. Running it again, same thing, it would just re-stage the update, but no GUI prompts.
This led me to begin looking for other pieces or files that might be on properly configured devices, but not on problem devices. This is when I discovered the Scheduler.plist
, which contains all of the settings that you specify when setting up the Software Update profile in the AirWatch console. This file lives under /Library/Application Support/AirWatch/Data/
The Scheduler.plist
file looks something like this:
Most of these keys are self explanatory and correspond directly to a setting in the Software Update profile we setup earlier.
Airwatch Agent For Macbook Pro
With that new knowledge, I copied that file to a problem device, re-ran the AWSoftwareUpdateScheduler
tool and lo and behold, when the update was installed/staged, the GUI prompt appeared! This means it should be pretty easy to utilize the AirWatch agent for prompts to our users, but set the settings and ensure they were on the devices using Chef! I would just need to deploy a launch daemon, which with Chef is done using the launchd
resource, and put the Scheduler.plist file on disk, which can be done using the cookbook_file
resource.
Airwatch Mdm Agent For Mac
The other interesting thing I found while looking into this, is that the Scheduler.plist
file contains a key called gracePeriod
which was set to 7200
seconds for us. This corresponds to the Grace Period set in the Software Update profile, which (annoyingly) has a max value of 2 hours. This is actually something we had wanted to extend further, but since it wasn’t in the GUI, didn’t think it would be possible. But now that we were creating the Scheduler.plist with Chef, maybe we can make the initial reboot grace period longer, something like 8 hours? And wouldn’t ya know it, after setting the gracePeriod
key to 28800
seconds, and running the AWSoftwareUpdateScheduler
, I received a prompt like so:
This then would mean that you should be able to get far more granular with just about all of the keys in the Scheduler.plist if managing it directly (i.e. not using the AirWatch console). You could add more deferrals than the GUI allows, get more granular with time in between deferrals, etc.
I did eventually open a support case with AirWatch, since this needs to be fixed in the end as I’m sure many customers rely on it. But, this was a fun way to learn a bit more about the underlying “technology” AirWatch is using to perform and enforce macOS updates, and was once again a reminder of how awesome having a configuration management tool is. Yes, this all could have been done with relatively straight forward bash scripts and deployed via package or something, but this way it is centrally managed and we can ensure it’s compliance on the system.
Airwatch Agent For Mac Computers
As always, thanks for reading!