Mac OS X Server v10.5 or later: 8080: TCP: Alternate port for Apache web service — http-alt: Also JBOSS HTTP in Mac OS X Server 10.4 or earlier: 8085–8087: TCP: Wiki service — — Mac OS X Server v10.5 or later: 8088: TCP: Software Update service — radan-http: Mac OS X Server v10.4 or later: 8089: TCP: Web email rules — — Mac OS X. Jump Force Mac OS X – Ultimate Edition – This combat game for Mac has been long-awaited by all the Manga fans. From here you can get the new Jump Force Mac OS X on your Macbook/iMac, 100% FREE and with just a few clicks.If you are tired of Dragon Ball Xenoverse series or you think that the Street Fighter games are old, this game is everything you need.
-->Applies to: Configuration Manager (current branch)
This article describes how to deploy and maintain the Configuration Manager client on Mac computers. To learn about what you have to configure before deploying clients to Mac computers, see Prepare to deploy client software to Macs.
When you install a new client for Mac computers, you might have to also install Configuration Manager updates to reflect the new client information in the Configuration Manager console.
In these procedures, you have two options for installing client certificates. Read more about client certificates for Macs in Prepare to deploy client software to Macs.
- Use Configuration Manager enrollment by using the CMEnroll tool. The enrollment process doesn't support automatic certificate renewal. Re-enroll the Mac computer before the installed certificate expires.
- Use a certificate request and installation method that is independent from Configuration Manager.
Important
To deploy the client to devices running macOS Sierra, correctly configure the Subject name of the management point certificate. For example, use the FQDN of the management point server.
Configure client settings
Use the default client settings to configure enrollment for Mac computers. You can't use custom client settings. To request and install the certificate, the Configuration Manager client for Mac requires the default client settings.
- In the Configuration Manager console, go to the Administration workspace. Select the Client Settings node, and then select Default Client Settings.
- On the Home tab of the ribbon, in the Properties group, choose Properties.
- Select the Enrollment section, and then configure the following settings:
- Allow users to enroll mobile devices and Mac computers: Yes
- Enrollment profile: Choose Set Profile.
- In the Mobile Device Enrollment Profile dialog box, choose Create.
- In the Create Enrollment Profile dialog box, enter a name for this enrollment profile. Then configure the Management site code. Select the Configuration Manager primary site that contains the management points for these Mac computers.NoteIf you can't select the site, make sure that you configure at least one management point in the site to support mobile devices.
- Choose Add.
- In the Add Certification Authority for Mobile Devices window, select the certification authority server that issues certificates to Mac computers.
- In the Create Enrollment Profile dialog box, select the Mac computer certificate template that you previously created.
- Select OK to close the Enrollment Profile dialog box, and then the Default Client Settings dialog box.TipIf you want to change the client policy interval, use Client policy polling interval in the Client Policy client setting group.
The next time the devices download client policy, Configuration Manager applies these settings for all users. To initiate policy retrieval for a single client, see Initiate policy retrieval for a Configuration Manager client.
In addition to the enrollment client settings, make sure that you have configured the following client device settings:
- Hardware inventory: Enable and configure this feature if you want to collect hardware inventory from Mac and Windows client computers. For more information, see How to extend hardware inventory.
- Compliance settings: Enable and configure this feature if you want to evaluate and remediate settings on Mac and Windows client computers. For more information, see Plan for and configure compliance settings.
For more information, see How to configure client settings.
Download the client for macOS
- Download the macOS client file package, Microsoft Endpoint Configuration Manager - macOS Client (64-bit). Save ConfigmgrMacClient.msi to a computer that runs Windows. This file isn't on the Configuration Manager installation media.
- Run the installer on the Windows computer. Extract the Mac client package, Macclient.dmg, to a folder on the local disk. The default path is
C:Program FilesMicrosoftSystem Center Configuration Manager for Mac client
. - Copy the Macclient.dmg file to a folder on the Mac computer.
- On the Mac computer, run Macclient.dmg to extract the files to a folder on the local disk.
- In the folder, make sure that it contains the following files:
- Ccmsetup: Installs the Configuration Manager client on your Mac computers using CMClient.pkg
- CMDiagnostics: Collects diagnostic information related to the Configuration Manager client on your Mac computers
- CMUninstall: Uninstalls the client from your Mac computers
- CMAppUtil: Converts Apple application packages into a format that you can deploy as a Configuration Manager application
- CMEnroll: Requests and installs the client certificate for a Mac computer so that you can then install the Configuration Manager client
Enroll the Mac client
Enroll individual clients with the Mac computer enrollment wizard.
To automate enrollment for many clients, use the CMEnroll tool.
Enroll the client with the Mac computer enrollment wizard
- After you install the client, the Computer Enrollment wizard opens. To manually start the wizard, select Enroll from the Configuration Manager preference page.
- On the second page of the wizard, provide the following information:
- User name: The user name can be in the following formats:
domainname
. For example:contosomnorth
user@domain
. For example:[email protected]
ImportantWhen you use an email address to populate the User name field, Configuration Manager automatically populates the Server name field. It uses the default name of the enrollment proxy point server and the domain name of the email address. If these names don't match the name of the enrollment proxy point server, fix the Server name during enrollment.The user name and corresponding password must match an Active Directory user account that has Read and Enroll permissions on the Mac client certificate template.
- Server name: The name of the enrollment proxy point server.
Client and certificate automation with CMEnroll
Use this procedure for automation of client installation and requesting and enrollment of client certificates with the CMEnroll tool. To run the tool, you must have an Active Directory user account.
- On the Mac computer, navigate to the folder where you extracted the contents of the Macclient.dmg file.
- Enter the following command:
sudo ./ccmsetup
- Wait until you see the Completed installation message. Although the installer displays a message that you must restart now, don't restart, and continue to the next step.
- From the Tools folder on the Mac computer, type the following command:
sudo ./CMEnroll -s <enrollment_proxy_server_name> -ignorecertchainvalidation -u '<user_name>'
After the client installs, the Mac Computer Enrollment wizard opens to help you enroll the Mac computer. For more information, see Enroll the client by using the Mac computer enrollment wizard.Example: If the enrollment proxy point server is named server02.contoso.com, and you grant contosomnorth permissions for the Mac client certificate template, type the following command:sudo ./CMEnroll -s server02.contoso.com -ignorecertchainvalidation -u 'contosomnorth'
NoteIf the user name includes any of the following characters, enrollment fails:<>'+=,
. Use an out-of-band certificate with a user name that doesn't include these characters.For a more seamless user experience, script the installation steps. Then users only have to supply their user name and password. - Type the password for the Active Directory user account. When you enter this command, it prompts for two passwords. The first password is for the super user account to run the command. The second prompt is for the Active Directory user account. The prompts look identical, so make sure that you specify them in the correct sequence.
- Wait until you see the Successfully enrolled message.
- To limit the enrolled certificate to Configuration Manager, on the Mac computer, open a terminal window and make the following changes:
- Enter the command
sudo /Applications/Utilities/Keychain Access.app/Contents/MacOS/Keychain Access
- In the Keychain Access window, in the Keychains section, choose System. Then in the Category section, choose Keys.
- Expand the keys to view the client certificates. Find the certificate with a private key that you installed, and open the key.
- On the Access Control tab, choose Confirm before allowing access.
- Browse to /Library/Application Support/Microsoft/CCM, select CCMClient, and then choose Add.
- Choose Save Changes and close the Keychain Access dialog box.
- Restart the Mac computer.
To verify that the client installation is successful, open the Configuration Manager item in System Preferences on the Mac computer. Also update and view the All Systems collection in the Configuration Manager console. Confirm that the Mac computer appears in this collection as a managed client.
Tip
To help troubleshoot the Mac client, use the CMDiagnostics tool included with the Mac client package. Use it to collect the following diagnostic information:
- A list of running processes
- The macOS X operating system version
- macOS X crash reports relating to the Configuration Manager client including CCM*.crash and System Preference.crash.
- The Bill of Materials (BOM) file and property list (.plist) file created by the Configuration Manager client installation.
- The contents of the folder /Library/Application Support/Microsoft/CCM/Logs.
The information collected by CmDiagnostics is added to a zip file that is saved to the desktop of the computer and is named
cmdiag-<hostname>-<datetime>.zip
Manage certificates external to Configuration Manager
You can use a certificate request and installation method independent from Configuration Manager. Use the same general process, but include the following additional steps:
- When you install the Configuration Manager client, use the MP and SubjectName command-line options. Enter the following command:
sudo ./ccmsetup -MP <management point internet FQDN> -SubjectName <certificate subject name>
. The certificate subject name is case-sensitive, so type it exactly as it appears in the certificate details.Example: The management point's internet FQDN is server03.contoso.com. The Mac client certificate has the FQDN of mac12.contoso.com as a common name in the certificate subject. Use the following command:sudo ./ccmsetup -MP server03.contoso.com -SubjectName mac12.contoso.com
- If you have more than one certificate that contains the same subject value, specify the certificate serial number to use for the Configuration Manager client. Use the following command:
sudo defaults write com.microsoft.ccmclient SerialNumber -data '<serial number>'
.For example:sudo defaults write com.microsoft.ccmclient SerialNumber -data '17D4391A00000003DB'
Renew the Mac client certificate
This procedure removes the SMSID. The Configuration Manager client for Mac requires a new ID to use a new or renewed certificate.
Important
After you replace the client SMSID, when you delete the old resource in the Configuration Manager console, you also delete any stored client history. For example, hardware inventory history for that client.
- Create and populate a device collection for the Mac computers that must renew the computer certificates.
- In the Assets and Compliance workspace, start the Create Configuration Item Wizard.
- On the General page of the wizard, specify the following information:
- Name: Remove SMSID for Mac Cube boi infinite mac os.
- Type: Mac OS X
- On the Supported Platforms page, select all macOS X versions.
- On the Settings page, select New. In the Create Setting window, specify the following information:
- Name: Remove SMSID for Mac
- Setting type: Script
- Data type: String
- In the Create Setting window, for Discovery script, select Add script. This action specifies a script to discover Mac computers configured with an SMSID.
- In the Edit Discovery Script window, enter the following shell script:
- Choose OK to close the Edit Discovery Script window.
- In the Create Setting window, for Remediation script (optional), choose Add script. This action specifies a script to remove the SMSID when it's found on Mac computers.
- In the Create Remediation Script window, enter the following shell script:
- Choose OK to close the Create Remediation Script window.
- On the Compliance Rules page, choose New. Then in the Create Rule window, specify the following information: Mind: first mac os.
- Name: Remove SMSID for Mac
- Selected setting: Choose Browse and then select the discovery script that you previously specified.
- In the following values field: The domain/default pair of (com.microsoft.ccmclient, SMSID) does not exist.
- Enable the option to Run the specified remediation script when this setting is noncompliant.
- Complete the wizard.
- Create a configuration baseline that contains this configuration item. Deploy the baseline to the target collection.For more information, see How to create configuration baselines.
- After you install a new certificate on Mac computers that have the SMSID removed, run the following command to configure the client to use the new certificate:
See also
Summary
JumpCloud lets you run commands across any number of systems (Windows, Mac OS X or Linux) or tags in parallel. Once you have a good understanding as an Administrator of Using the Commands Tab, you may determine further ways that you can orchestrate your IT activities using JumpCloud.
This article will help to provide you requirements, examples as well as configuration information for installing third-party applications to your JumpCloud managed systems using the Commands Tab.
Prerequisites
Before getting started with installing any applications on Windows or Mac OS X using the Commands tab, there are several considerations that will need to be evaluated. You will need to refer to your software vendor’s documentation or support resources to ensure that the package will be supported with JumpCloud per the prerequisites listed:
Command-line Installation Support
While this requirement may seem like an unspoken one, in order to successfully install the application to a JumpCloud-managed system it will need to support execution from the command-line. This is important being that not all packages support non-UI installations.
Windows
In many cases EXE as well as MSI installation packages (Refer to Windows Installer wikipedia article for more information) will be supported. MSI packages in particular are provided for system administrators who would need to deploy the software to several terminals over a network connection. There shouldn’t be any major differences when comparing an MSI and EXE from a functionality standpoint, however there may be additional options available for MSI packages such as performing “silent” installs or having additional pre-configuration options. Because of this, MSI packages may in some cases be more compatible with the JumpCloud Commands tab. Please refer to your software vendor’s documentation and support for further information on the best options and supported methods.
Mac OS X
As with Windows, application vendors will distribute different application package types when working with a Mac OS X application. This may include DMG files, PKG files, compressed archives (.zip, .tgz, etc.) or even flat application files. A DMG file is a disk image, which will require the image to be mounted to the system in order to view it’s contents. Because of this, you may find that application deployment will be more preferred using either PKG files, compressed archives or application files but your vendor documentation and support can provide you direct advisement.
As with Windows, application vendors will distribute different application package types when working with a Mac OS X application. This may include DMG files, PKG files, compressed archives (.zip, .tgz, etc.) or even flat application files. A DMG file is a disk image, which will require the image to be mounted to the system in order to view it’s contents. Because of this, you may find that application deployment will be more preferred using either PKG files, compressed archives or application files but your vendor documentation and support can provide you direct advisement.
Unattended or Silent Installation
The Commands tab works in such a way that commands are sent to the system for execution and a pass/fail results along with any command result details are displayed within JumpCloud. Because the Commands tab does not present the administrator with an interactive session when performing execution, it is required that all application installations have “silent” or “unattended” installation options. The functionality and terminology can differ from software vendor to software vendor so this may require discretion on your part. By definition a “silent” install should be one that does not display any indication of progress, while an unattended installation is once which does not require user interaction. Explicitly, JumpCloud requires an “unattended” installation which does not require user interaction, but note that some vendors will in fact refer to this as “silent”.
As an example, our very own (Windows) Command Line Installation KB article is a great example that outlines command-line install to a Windows system where a unattended/silent option is available. There are three flags available for our EXE to aid in unattended installations in the form of
/SILENT,
/VERYSILENT
and/SUPPRESSMSGBOXES
:JumpCloudInstaller.exe -k CONNECT_KEY /VERYSILENT /NORESTART
Setup & Execution
Using Upload File with the Commands Tab
You can upload one or more files to be pushed to the server prior to executing the command, including an installation package. The file push occurs immediately before the command is executed, so you can update the files anytime, and know that the next time your command runs, it will have the latest update. You can include any data you like, such as a tarball, that your script can untar and utilize for any purpose.
Note that the Upload File functionality within JumpCloud only supports files of 1MB or smaller size. If your installation package is larger than this, you may want to refer to the next section for downloading a file from a web-hosted source or placing in a centralized network destination external to JumpCloud.
- From the JumpCloud Administrative Console, click on the Commands tab on the left-hand navigation
- Click the + button at the top-left to create a new command
- At the top of the Execute Command window choose either Linux, Windows orMac depending on your target system(s)
- Before populating your installation command into the main pane, click Upload File under the Files section to attach the installation package
- Once selected, take note of the File Destination field and it’s default value. Feel free to specify a different local directory on the target machine as needed
- Populate your installation command, and take note that you will need to specify the full package path was was specified in Step 5
- Choose the target Systems and or Tags that you would like to execute to from the right-hand side
- Choose to either Save & Run Now, or click Save for later usage
Downloading Installation Packages
While planning your deployment strategy, you may find that you want to look at other alternatives than the native Upload File functionality provided. This could be due to considerations ranging from the 1MB file limitation that is discussed above, to trying to have a more streamlined method of package acquisition that allows for management external to JumpCloud.
One option that is available to you is to use Windows PowerShell or Bash Shell (Mac OS X) to download a file from a web server for subsequent install.
Windows PowerShell
The following PowerShell command will download a file from a web server to the local machine, and allow you to specify the directory it lives:
(New-Object System.Net.WebClient).DownloadFile('<FILE_DOWNLOAD_WEB_PATH>', '<LOCAL_FILE_DOWNLOAD_PATH>')
Below is an example of the command which is downloading the Windows JumpCloud Agent, and placing the file into the
C:WindowsTemp
directory. This is purely an example being that the JumpCloud agent must be installed prior to the ability to send commands to the system:(New-Object System.Net.WebClient).DownloadFile(“https://s3.amazonaws.com/jumpcloud-windows-agent/production/JumpCloudInstaller.exe”, “$env:TEMP/JumpCloudInstaller.exe”)
Mac OS X
The following Bash Shell command will download a file from a web server to the local machine, and allow you to specify the directory it lives:
The following Bash Shell command will download a file from a web server to the local machine, and allow you to specify the directory it lives:
curl -o <LOCAL_FILE_DOWNLOAD_PATH '<FILE_DOWNLOAD_WEB_PATH>'
Below is an example of the command which is downloading the Mac OS X JumpCloud Agent, and placing the file into the
/tmp/
directory. This is purely an example being that the JumpCloud agent must be installed prior to the ability to send commands to the system:curl -o /tmp/jumpcloud-agent.pkg 'https://s3.amazonaws.com/jumpcloud-windows-agent/production/jumpcloud-agent.pkg'
Executing the Command
At this point you should now have a good understanding on what is required prior to command execution for an application installation. Once you have confirmed that your package supports command-line installation, allows for unattended options and have determined how you will upload/download the installation to the target system you are ready for install.
Jump Push Match Mac Os 8
For more information on the options available with Commands, please refer to Using the Commands Tab.
Jump Push Match Mac Os X
If you require have any questions or concerns, please contact [email protected] further assistance.