3 Replies Latest reply on Apr 18, 2017 11:43 AM by Peter Massa

    macOS Agent Health 2016.3 and 2016 update

    Peter Massa Expert

      The below download contains the definition for LDMS 2016.3 and 2016 flat for macOS Agent Health.

      Last updated: 12/01/2016

      DSC – macOS – Standard – Agent Health.ldms

       

      Step 1: Import

      To start import this rule:

      You should see the following two new rules have been added to Patch and Compliance – Custom Definitions

       

      Step 2: Create default agent configurations

      1. Create agent dmg file
        1. In the console create an agent configuration for macOS – or you may use your existing configuration.
        2. Go to your \\core\ldlogon\mac\ directory
        3. Copy the .dmg file that matches that agent configuration name to a https or http share (e.g. https://core/packages/agent.dmg)
      2. Get the hash of the agent.dmg file by running this command
        1. from a macOS system: openssl sha1 /path/agent.dmg
        2. or from PowerShell: Get-FileHash C:\path\agent.dmg -Algorithm SHA1

       

      Step 3: Update bootstrap definition with sha1 value for agent.dmg and download path

      Next open the properties of the “DSC – macOS – Standard – Agent Health Boot Strap” then edit the Ensure bootstrap exists rule.

      You should see the below section if you select “Custom Script” on the left hand column:

      You will now copy the hash value that you got in step 2 into the AgentHash=”valuegoeshere” location.

      Next click on “Patch Information” in the left column and update the download location to where you hosted your agent.dmg file(e.g. https://core/packages/agent.dmg)  then click download, followed by calculate hashes.

      Save the rule and the definition.

       

      Step 4: Choose which components you wish to have scanned by the Agent Health Definitions

      Open the “DSC – macOS – Standard – Agent Health” definition and simply right click on each component and disable or enable it.

       

      Step 5: Target which scopes should scan for agent issues.

      *Note you can enable scanning and leave auto fix off, this will allow you to see a report of which systems have agent issues, before you attempt to repair them.  This allows for a more gradual deployment of Agent Health and a clear understanding of what systems will be corrected.

       

      Step 6: Enable autofix

      When you are ready to begin remediating macOS Agent issues, you can enable autofix for the specific scopes as well as setting the retry settings.  “indefinitely” is recommended.

       

      Step 7: Review repair feed

      The final part of macOS Agent Health is to monitor your environments process.  By opening the “DSC – macOS – Standard – Agent Health” definition and selecting the “History” tab you can see a feed of which systems have had their agents repaired, and which specific component was repaired.

      As always please test first before deploying to your entire environment.  If you have any issues please comment on this document or at: macOS Agent Health 2016.3 and 2016 update