MAC AGENT DEPLOYMENT GUIDE
(VIA JAMF PRO)
July 2023
2
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
Table of Contents
Overview ......................................................................................................................................................................... 3
Purpose of the Document ............................................................................................................................................... 3
Deploying the Mac Agent via JAMF Pro .................................................................................................................. 3
1.1 Prerequisites ................................................................................................................................................... 3
1.2 Creating an Agent Installation Package .......................................................................................................... 4
1.3 Creating an Agent Uninstallation Script .......................................................................................................... 8
1.4 Creating an Agent Deployment Policy .......................................................................................................... 14
1.5 Obtaining the Code Requirements ............................................................................................................... 21
1.6 Creating a Configuration Profile ................................................................................................................... 23
Contact Exterro ............................................................................................................................................................. 29
3
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
Overview
Exterro was founded with the simple vision that applying the concepts of process optimization and data science to
how companies manage digital information and respond to litigation would drive more successful outcomes at a
lower cost. We remain committed to this vision today. We deliver a fully integrated Legal GRC platform that enables
our clients to address their privacy, regulatory, compliance, digital forensics, and litigation risks more effectively and
at lower costs. We provide software solutions that help some of the world’s largest organizations, law enforcement
and government agencies work smarter, more efficiently, and support the Rule of Law.
Purpose of the Document
The purpose of the document is to provide users with the step-by-step instructions required to deploy the Mac Agent
via JAMF Pro application.
Deploying the Mac Agent via JAMF Pro
1.1 Prerequisites
The targeted machines should be enrolled in JAMF with the ability to manage Policies and Configuration
Profiles.
A Mac with a manually installed Agent
is required to obtain baseline information.
4
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
1.2 Creating an Agent Installation Package
A separate Package is required for each version of the Mac Agent. Subsequent sections must correspond to the
version of the Agent used in the installation package.
To create an Agent Installation Package:
1. Log into JAMF Pro application.
2. Click on Settings from the top-right corner.
5
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
The Settings page is displayed.
3. Select the Computer management tab and click on Packages.
6
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
4. Click New.
7
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
5. Provide the package’s Display Name.
6. Select the package’s Category.
7. Browse and select the required Agent PKG file for the Filename field.
Note: The remaining fields are optional and can be configured based on the user’s requirements.
8. Click Save.
8
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
1.3 Creating an Agent Uninstallation Script
The script mentioned in this section should be compatible with all versions of the Mac Agent.
To create an Agent Uninstallation Script:
1. Log into JAMF Pro application.
2. Click on Settings from the top-right corner.
9
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
The Settings page is displayed.
3. Select the Computer management tab and click on Scripts.
10
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
4. Click on New.
The New Script page is displayed.
11
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
5. Provide the script’s Display Name.
6. Select the package’s Category.
7. Select the Script tab.
8. Select the Shell/Bash option for the Mode field.
12
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
9. Copy and paste the below provided script in the text area:
#!/bin/bash
DATE=`date +%Y-%m-%d`
TIME=`date +%H:%M:%S`
LOG_PREFIX="[$DATE $TIME]"
LOG_FILE=~/Library/Logs/AccessDataAgentUninstall.log
log_info() {
echo "${LOG_PREFIX} [INFO]" $1 >> $LOG_FILE
}
log_error() {
echo "${LOG_PREFIX} [ERROR]" $1 >> $LOG_FILE
}
if (( $EUID != 0 )); then
log_error "Script was not run as root. Exiting."
exit
fi
PRODUCT=AccessDataAgent
InstalledAgents=($(pkgutil --packages | grep $PRODUCT))
for i in "${InstalledAgents[@]}"
do
VERSION=$(pkgutil --pkg-info $i | grep version | cut -d ' ' -f 2 )
log_info "Removing $PRODUCT $VERSION"
find "/usr/local/bin/" -name "$PRODUCT-$VERSION" | xargs rm
if [ $? -eq 0 ]
then
log_info "Successfully deleted shortcut links"
else
log_error "Could not delete shortcut links"
fi
pkgutil --forget "org.$PRODUCT.$VERSION" > /dev/null 2>&1
if [ $? -eq 0 ]
then
log_info "Successfully deleted application informations"
else
log_error "Could not delete application information"
13
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
fi
launchctl stop /Library/LaunchDaemons/com.adg.managedagent.plist > /dev/null 2>&1
if [ $? -eq 0 ]
then
log_info "Successfully stopped the Agent service"
else
log_error "Could not stop the Agent service"
fi
launchctl unload /Library/LaunchDaemons/com.adg.managedagent.plist > /dev/null 2>&1
if [ $? -eq 0 ]
then
log_info "Successfully unloaded the Agent service"
else
log_error "Could not unload the Agent service"
fi
rm -rf "/Library/${PRODUCT}/${VERSION}" > /dev/null 2>&1
if [ $? -eq 0 ]
then
log_info "Successfully deleted source files"
else
log_error "Could not delete source files"
fi
done
exit 0
Note: The remaining fields are optional and can be configured based on the user’s requirements.
10. Click Save.
14
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
1.4 Creating an Agent Deployment Policy
A Policy will be used to uninstall any existing Agent on a target machine and then install the specified Agent version.
To create an Agent Deployment Policy:
1. Log into the JAMF Pro application.
2. Click on Computers.
15
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
3. Click on Policies from the left pane.
4. Click on New.
16
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
The New Policy page is displayed.
5. Provide a policy’s Display Name.
6. Check the Enabled option.
7. Select the policy’s Category.
8. Select the required Trigger events during when the policy should be deployed.
Note: You are recommended to select the Recurring Check-in trigger event.
9. Select the Once per computer option from the Execution Frequency dropdown.
10. Check the Automatically re-run policy on failure option.
17
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
11. Select the Packages tab from the middle pane and click on Configure.
12. Click Add against the required package.
18
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
13. Select the Install option from the Action dropdown.
14. Select the Scripts tab from the middle pane and click on Configure.
19
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
15. Click Add against the required Agent Uninstallation Script.
16. Select the Before option from the Priority dropdown.
17. No Parameters should be added.
20
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
18. Select the Scope tab and click on Add.
19. Click on Add against the required target.
20. Click Save.
If the Recurring Check-in event was selected for Trigger, the new Policy will be run on targets the next time a user
checks in to the JAMF application.
21
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
1.5 Obtaining the Code Requirements
Code Requirements are needed when creating a Profile to grant the necessary permissions to deployed Agents. The
following should be done on a Mac where the desired Agent release has already been installed.
To obtain the Code Requirements:
1. Open Terminal.
2. Execute the following command:
codesign -dr - /bin/sh
3. Copy the value displayed against the designated field. This is the Code Requirement for sh.
4. Execute the following command:
codesign -dr - /bin/zsh
5. Copy the value displayed against the designated field. This is the Code Requirement for zsh.
6. Execute the following command:
codesign -dr - /System/Applications/Utilities/Terminal.app
22
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
7. Copy the value displayed against the designated field. This is the Code Requirement for Terminal.
8. Execute the following command:
codesign -dr - /System/Applications/Utilities/Console.app
9. Copy the value displayed against the designated field. This is the Code Requirement for Console.
10. Determine the installation folder for the installed Agent
Example: /Library/AccessDataAgent/<version>/
11. Execute the following command:
codesign -dr – [AgentInstallationFolder]/ADG.Agent.IndexingService
12. Copy the value displayed against the designated field. This is the Code Requirement for
ADG.Agent.IndexingService.
13. Execute the following command:
codesign -dr – [AgentInstallationFolder]/ADG.ManagedAgentSvc
14. Copy the value displayed against the designated field. This is the Code Requirement for ADG.ManagedAgentSvc.
23
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
1.6 Creating a Configuration Profile
A Configuration Profile will be used to grant the Full Disk permissions necessary for the Agent to function correctly.
Any permission overrides deployed by JAMF are not visible to users in System Preferences > Security & Privacy > Full
Disk Access on the target machine(s). However, the pushed profile can be seen in system Preferences > Profiles.
To create a Configuration Profile:
1. Log in to JAMF Pro application.
2. Click on Computers.
24
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
3. Click on Configuration Profiles from the left pane and click on New.
The New macOS Configuration Profile page is displayed.
25
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
4. Provide the profile’s Name.
5. Provide the Description of the profile.
6. Select the profile’s Category.
7. Select the Computer Level option from the Level drop-down.
8. Select the required option for Distribution Method.
Note: You are recommended to select Install Automatically.
9. Scroll down and select the Privacy Preferences Policy Control tab from the middle pane.
10. Click Configure.
26
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
11. Create six App Access sections by clicking on the button.
12. Provide following values for the corresponding fields in each App Access sections:
Identifier
Identifier Type
/bin/sh
Path
/bin/zsh
Path
com.apple.Terminal
Bundle ID
com.apple.Console
Bundle ID
[AgentInstallationFolder]/ADG.Agent.IndexingService
Path
[AgentInstallationFolder]/ADG.ManagedAgentSvc
Path
ADG
Path
Note: The values for the Code Requirement field can be obtained by following the steps provided in the Obtaining
the Code Requirements section.
27
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
13. For each App Access section, follow the below steps:
a. click Add and select the following values for the corresponding drop-down fields:
App or Service - SystemPolicySysAllFiles
Access – Allow
b. Click Save.
14. Click on the Scope tab and click on Add.
28
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
15. Add the scope that includes the required target(s).
16. Click Save.
If the Install Automatically option was selected for Distribution Method, the new profile will start showing up on
the targets the next time users check in to JAMF. (Refer System Preferences > Profiles).
29
MAC AGENT – DEPLOYMENT GUIDE
(VIA JAMF PRO)
© Exterro, Inc. All rights reserved. www.exterro.com
Contact Exterro
If you have any questions, please refer to this document, or any other related materials provided to you by Exterro.
For usage questions, please check with your organization’s internal application administrator. Alternatively, you may
contact your Exterro Training Manager or other Exterro account contact directly.
For technical difficulties, support is available through s[email protected].
Contact:
Exterro, Inc.
2175 NW Raleigh St., Suite 400
Portland, OR 97210.
Telephone: 503-501-5100
Toll Free: 1-877-EXTERRO (1-877-398-3776)
Fax: 1-866-408-7310
General E-mail:[email protected]
Website: www.exterro.com
Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form or by any means,
electronic or mechanical, for any purpose, without the express written permission of Exterro, Inc. The trademarks, service marks, logos or other intellectual
property rights of Exterro, Inc and others used in this documentation ("Trademarks") are the property of Exterro, Inc and their respective owners. The
furnishing of this document does not give you license to these patents, trademarks, copyrights or other intellectual property except as expressly provided in
any written agreement from Exterro, Inc.
The United States export control laws and regulations, including the Export Administration Regulations of the U.S. Department of Commerce, and other
applicable laws and regulations apply to this documentation which prohibits the export or re-export of content, products, services, and technology to certain
countries and persons. You agree to comply with all export laws, regulations and restrictions of the United States and any foreign agency or authority and
assume sole responsibility for any such unauthorized exportation.
You may not use this documentation if you are a competitor of Exterro, Inc, except with Exterro Inc’s prior written consent. In addition, you may not use the
documentation for purposes of evaluating its functionality, or for any other competitive purposes.
If you have any questions, please contact Customer Support by email at [email protected]
.