FileWave Central / Anywhere

FileWave Central is the native admin application and FileWave Anywhere is the web. You can do many of the same things in both tools.

Installing the FileWave Central application

Depending on deployment plans, the FileWave Admin application can be installed on two different types of systems; the systems administrator's primary workstation, and a desktop or portable being used for creation of Fileset Magic Filesets and/or primary images for the Imaging Appliance.

System Requirements for the FileWave Central application

The FileWave Admin application runs on both OS X and Windows computers supporting the following operating systems:

Installing the FW Admin application

Download and open the FileWave .pkg/.msi from the FileWave Software Downloads. Select the Admin Installer and double-click or open it. You will be required to authenticate as a local administrator on your target machine in order to complete the installation.

Once the FW Admin application is installed, you will launch it and begin the configuration.

Logging into FileWave server from the FW Admin application

When you launch the FileWave Admin application, you will be presented with a login window. You can search for FileWave Servers in your network with the Bonjour menu (OS X only). Recent server connections are saved in the Recent Servers Menu. In case your Server operates on another port than the default (20016), specify the port needed. Otherwise please leave the port on the default. Enter the IP address or domain name (FQDN) of the FileWave Server you are going to administer.

Note: The default administrator account is "fwadmin" and the default password is "filewave". You should change the primary admin password when you first set up the server (see the Security section on FileWave Server Installation).

Click on Connect to log into the server and you will be presented with the default layout.

Note: The Windows version of FileWave Admin has two additional buttons:

- Client Monitor. Allows you to view the status of any FW client without logging into the FW Central application.
- Fileset Magic. Allows you to open Fileset Magic to create custom Filesets without logging into FW Central.

Configuring FileWave Server License

All of the settings that are used to establish the core configuration of FileWave server are performed within the Preferences panes located under the FileWave Admin menu item. However, before you can begin configuring your settings, you must activate your FileWave server with the license you purchased. This is a one-time task, unless you purchase a different number of licenses in the future.

Activating the FileWave server

FileWave Server requires an activation code if you are going to manage more than the Evaluation version (1 administrator user, 5 laptop/desktops, 5 mobile clients). Upon purchase of the FileWave solution, you are provided a custom activation code created specifically for the number of licensed devices you specified in your order. The activation code will also let you create additional FileWave administrators above and beyond the single "super-administrator" account provided by default (fwadmin). The license code will also specify the number of administrators who can be logged in simultaneously. If you are going to use Engage, make sure you have included that in your license.

To activate your FileWave server, select Activation Code… from the Server menu.


Select the Enter or Update Code button, and paste the activation code you received from FileWave with your purchase. Only one code can be stored at a time. If you upgrade your server by adding more client or mobile licenses, then you can overwrite the existing activation code with a new one.

Security - change the primary password
Once you have the FileWave Server up and running, you should change the password from the default ("filewave") to something a little more secure. The default master administrator account is fwadmin. You change the administrator's password by selecting the Manage Administrators… command from the Assistants menu, then select the fwadmin account and replace the default password (filewave)

Prevent user data collection via license

If your institution or locality requires that you not track user data within the FileWave Inventory database, you must request a special "non-tracking" license. When this license is entered, the user data will not be collected by the FileWave Client for reporting to the Server. If, at some point, you desire to activate user data tracking, you may request a standard license. In order to activate the user tracking capabilities, you will enter the new license and reboot your server. By default, the full capabilities of FileWave inventory are enabled. This includes the ability to track application usage, install dates, launch times, current user and login dates. If an organization feels they don't need this information or that this information would be too sensitive to retain, they should contact support with a request to "Please change my FileWave inventory license to not retain user and app usage information."

The next series of tasks are to get the key FileWave Admin preferences configured.

Configuring FileWave Server Basic Preferences

This section covers the basic FileWave preferences of General, Organization Info, Kiosk, Inventory, Mail, Editor and Proxies. The more complex preferences - Mobile, LDAP, VPP&DEP, Engage, and Imaging are covered in their own sections.

General preferences

FileWave General settings break down into four sections:

Local settings

These are settings for each computer the FileWave Admin application is installed on. These are items that effect the interaction of the FW Admin with the FW Server.

Server settings

The only setting here is your ability to limit the bandwidth for Fileset transfers from the Server to Boosters or Clients.

image.png

Local Settings

Organizational Info preferences

This setting pane provides the basic information concerning the managing organization. The data provided here will be shown as part of the overall device information.

Kiosk preferences

The self-service Kiosk preferences allow you to create and edit the various categories of Kiosk items offered to end users. You can also change the icon for an existing Kiosk item.


Use the [] or [-] buttons to add or delete a Kiosk item. When you have selected an existing Kiosk item, clicking on the [] button allows you to create sub-categories. Double-clicking on the title of a category allows you to change the name of the category. The Change Icon button lets you select a new graphic to display as the icon for a category. Icons should be in .png, .tiff, or .jpg format. They should also be no larger than 512x512 pixels in size. This is to keep the file size reasonable.
If you want to clear out your category set and return the FileWave defaults, click on the Revert to Defaults button and you will return to the eight (8) entries you started with. The Kiosk can be further customized with background images and titling. See the FileWave Support site for more information and directions.

Inventory preferences

The current version of FileWave has the asset management process, Inventory, included in the main FileWave Server install. Earlier versions of FileWave supported an Inventory server that could run on a different computer. The settings for Inventory on the current version can be left at the defaults; but information on the provided settings is below:

Inventory Server

The FileWave Inventory server and MDM server are now running on the same server. The server address should be a valid FQDN (fully qualified domain name). The default TCP port is 20445. If you change the Shared Key in Inventory, it will break any RESTful API scripts or interfaces you are using, until they are updated to use the new key.

iOS Inventory

Smart Groups

The button Refresh all Smart Groups forces a system-wide refresh of all the data requested by existing Smart Groups. (Smart Groups are discussed in detail in Chapter 8.)

Mail preferences

The mail preferences in the FileWave Server are used to support both scheduled reports and VPP email invitations. Both of these capabilities are covered in later portions of this manual. Setting up the mail preferences involves you having a common email account that will act as the sender or source of all outgoing mail from the FileWave Server. This account will show as the source of emails sent for scheduled reports and VPP MDM invitations.
You can select the sending (SMTP) server, port number (default is 587 with TLS), and whether to use encrypted email (TLS - transport layer security). You must enter a valid email account that can send mail from the designated email host. The Send test mail button allows you to verify that your settings work. It will have the FileWave Server generate a test message that will be sent from the host server, using the account you specify, and will come to the inbox of a designated user account.

Note that if you use Gmail or other email that requires 2FA then you may need to setup an app password to allow sending of email without 2FA for a server. Here is the Google documentation on this: FileWave Server Mail test receives Bad Request with Google Accounts

Editor preferences

FileWave's Filesets can contain plain text files, such as batch (.bat), configuration (.conf), and property list (.plist). The Editor tab allows you to customize which extensions can be edited within the Fileset Contents Window's text editor. This capability allows you to make simple changes to a file, even a script, inside a Fileset.
You can add the extension of a specific type of file so that it can be edited within the FileWave editor.  The below image shows adding .json to the list. (As of 15.4, .json will be included in the default list).

image.png

File types are usually limited to those that contain Unix or Windows line endings. You should test any file type that you plan on supporting before making that extension known to all of your FileWave administrators. More information on this capability and its use is in the Filesets / Payloads Chapter of this guide.

Proxies preferences

If you are using proxy servers in your environment, this preference pane will allow you to enter the credentials needed to let your FileWave Server authenticate with the proxy service. If your users' devices must go through a proxy server to access the FileWave server from outside your network, then you will need to add credentials here to allow your FileWave server to respond through that same proxy. You may also create unique override credentials for your FileWave Admin to use or bypass the proxy service, as needed.

A Test button has been provided in the bottom right of each section to give feedback for your entered settings.

FileWave Central Inventory Toolbar

The Inventory toolbar consists of six simple tools plus the Delete item:

FileWave Anywhere Overview

The FileWave Anywhere interface is an Inventory tool designed to help with quick FileWave inventory references for specific clients in your server. Within the Web console you will be able to view all devices currently enrolled, their Filesets, installed applications, users who have logged in, what groups they are apart of, and in the case of MDM enrolled Apple devices the command history.

To access this Web Console for the FileWave server you can use the following:

This web console utilizes port 443 and the FileWave server must be accessible to connect. So if your FileWave server is not accessible outside your internal network then you cannot expect to connect with the Web Console outside your network.

If you currently have a service running on the FileWave server that is already using port 443 the initial installation and an upgrade will fail. To resolve this, you will need to shutdown that other 443 service. 

The error message in the macOS install log and Windows/CentOS terminal appears as follows:

  • 'FileWave requires port 443, but has noticed this port is already in use. To prevent a broken installation, FileWave has not installed/upgraded and your system has NOT been altered. Please contact Support for more information.'

The inventory information visible in the Web Console will be determined by the permissions of the admin account that logs in. For more information on setting permissions for FileWave administrators please visit the manual page linked here.

The information you have access to from inventory under the Details section for each client is the following:

Below are some examples of the data you have access to in the Web Console and corresponding screenshots:

You will initially see the Clients dashboard that lists out every device currently being managed in your FileWave server:

From there you will be able to select a client and view inventory and Fileset status information including being able to reinstall selected Filesets:

Client Information tabs:

Client Details:

FWAdmin CLI (Command Line Interface)

Using FileWave Admin CLI (Command Line Interface) for OS X and Windows


Admin CLI allowances include:

Default Location

macOS

/Applications/FileWave/FileWave\ Admin.app/Contents/MacOS/FileWave\ Admin

Windows (FW v15.4.2 or lower)

"C:\Program Files (x86)\FileWave\FileWaveAdmin.exe"

Windows (FW v15.5.0 or higher)

"C:\Program Files\FileWave\admin\FileWaveAdmin.exe"

Just running the above commands with no arguments will launch the UI version of the Admin

Command Options

Running the command with --help will provide the full list of possible options:

macOS

/Applications/FileWave/FileWave\ Admin.app/Contents/MacOS/FileWave\ Admin --help

Windows (FW v15.4.2 or lower)

C:\Program Files (x86)\FileWave\FileWaveAdmin.exe --help

Windows (FW v15.5.0 or higher)

"C:\Program Files\FileWave\admin\FileWaveAdmin.exe" --help

Here is a list of some of the options available:

FileWave Command Line Tool

Options:
  -h, --help                            Displays this help.
  -v, --version                         Displays version information.
  -u <user>                             The filewave admin username.
  -p <password>                         The filewave admin password.
  -H <host>                             The filewave server hostname.
  -P <port>                             The filewave server port number
                                        (defaults to 20016).
  -k                                    Allows connections to filewave server
                                        without checking certificate.
  --listClients                         Lists all the client client/clone/group
                                        information.
  --listFilesets                        Lists all the fileset information.
  --createFileset <name>                Creates a new empty fileset with the
                                        specified name.
  --importFolder <path>                 Imports a folder as a fileset (not as a
                                        package).
  --importPackage <path>                Imports a package (pkg, flat, mpkg or
                                        msi) as a fileset.
  --importFileset <path>                Imports a previously exported FileWave
                                        fileset or template.
  --exportFileset <path>                Exports the given fileset name/id to
                                        the specified path
  --setRevisionAsDefault                the imporing revision will be set as
                                        default.
  --addRequirementsScript <path>        Adds requirements script (only valid
                                        for --importFolder).
  --addPreflightScript <path>           Adds preflight script (only valid for
                                        --importFolder).
  --addActivationScript <path>          Adds activation script (only valid for
                                        --importFolder).
  --addPostflightScript <path>          Adds postflight script (only valid for
                                        --importFolder).
  --addVerificationScript <path>        Adds verification script (only valid
                                        for --importFolder).
  --addPreuninstallationScript <path>   Adds preuninstallation script (only
                                        valid for --importFolder).
  --addPostuninstallationScript <path>  Adds postuninstallation script (only
                                        valid for --importFolder).
  --importImage <path>                  Imports an image as a fileset.
  --deleteFileset <id>                  Deletes a fileset by ID/Name.
  --listAssociations                    Lists all the associations held in the
                                        system.
  --createAssociation                   Create an association between a
                                        client/clone/group ID/Name and a fileset
                                        ID/Name.  Use the --clientgroup and
                                        --fileset options.
  --deleteAssociation <id>              Deletes an association between a
                                        client/clone/group ID/Name and a fileset
                                        ID/Name.  Use the --clientgroup and
                                        --fileset options.
  --kiosk                               Make this a kiosk association.
  --software_update                     Make this a software update
                                        association.
  --licenseDistribution <model>         The license distribution model (only
                                        for associations to VPP filesets). Can
                                        be "user" or "device".
  --updateModel                         Updates the FileWave model (as long as
                                        no other admins have locked objects).
  --setProperty                         Sets a fileset property value, use the
                                        --fileset, --key and --value parameters
                                        to determine for which fileset this is
                                        done (Used solely by AutoPkg FileWave Importer)
  --delProperty                         Removes a fileset property value, use
                                        the --fileset and --key parameters (Used solely by AutoPkg FileWave Importer)
  --setCriticalFlag                     Sets the critical flag value for a
                                        fileset ; use the --fileset and --value
                                        (0/1) parameters
  --name <name>                         The name value which will be applied to
                                        any newly created object.
  --comment <comment>                   The comment value which will be applied
                                        to any newly created object.
  --filesetgroup <id>                   The ID/Name of the target fileset
                                        container, if not specified all objects
                                        are created in their respective root
                                        container.  If the Name of the container
                                        does not exist then its assumed to be a
                                        Fileset Container and will be created
                                        automatically.
  --fileset <id>                        The ID/Name value of a fileset object.
  --revision <name>                     The name of a revision object.
  --clientgroup <id>                    The ID/Name value of a client, clone or
                                        group object.
  --root <root>                         When importing, if you specify the root
                                        then all the data that was imported will
                                        be moved into this root folder.  The
                                        root folder will be created if required.
  --key <key>                           The key used in the --setProperty call.
  --value <value>                       The value which will be used in the
                                        --setProperty call.
  --listExitCodes                       Lists all exit codes and their
                                        description.
** You are seeing this because the -h option was used ** 

Best Practices

You should use a separate FileWave Administrator account in order to protect other administrator passwords from accidentally being exposed in scripts. Along the same lines, if you run a command with an admin who is already logged in. It till auto-kick them off from wherever there are at, and from whatever they are doing.

Model update WILL update the model, no conformation

Know what the Exit Codes mean

$ FileWave\ Admin --listExitCodes
    0: No Error
  100: Unknown Error
  101: The given fileset does not exist
  102: The given client does not exist
  103: The given group does not exist
  104: The given target is not a group
  105: Database internal error
  106: Error while uploading fileset
  107: Error while updating the model
  108: Login Error
  109: Error while importing a fileset
  110: Package Type not supported for import
  111: Command line parse failed
  112: Can't create association with an imaging fileset

Examples

Import Fileset:
$ FileWave\ Admin -u api -p <password> --importFolder /Applications/TextEdit.app --name "My New Application”
Import Package:
$ FileWave\ Admin -u api -p <password> --importPackage ~/Downloads/MyExamplePackage.pkg
Import Revision:

To add the above PKG to an existing Fileset with ID 537136 and define a revision name of Revision2.

$ FileWave\ Admin -u api -p <password> --importPackage ~/Downloads/MyExamplePackage.pkg --fileset 537136 --revision Revision2

Since FileWave 13, it is not possible to add into a current Fileset.

Undocumented

FileWave Admin includes more than one language option.  If unspecified, the Admin Application should open in a language to match the users chosen language if supported.  Current supported languages are:

FileWave Admin will default to English otherwise.

Any of the supported languages may be launched, by use of the language command line option, overriding the current set language:

Windows Korean example

& 'C:\Program Files\FileWave\admin\FileWaveAdmin.exe' --lang ko_KR

macOS German example

/Applications/FileWave/FileWave\ Admin.app/Contents/MacOS/FileWave\ Admin --lang de_DE

macOSFWAdminGerman.pngWinFWAdminKorean.png


Working with FileWave Clients

Once the various devices have the FileWave Client installed, and they are enrolled with your FileWave Server, there are several options for configuring and working with these clients. This section will cover some of the common configurations and additional settings.

Clients View information

Within the Clients pane, you are presented with key information to help you track of the status of your devices:

When devices are enrolled in FileWave, you can start performing administrative and management tasks on them.

At the top of the Clients view pane, you can see a Search: area that lets you quickly see one or four different views of all your devices (Everything, Clients, Mobile, and Groups) There is also a quick view of the total number of clients, Clones, Groups, and mobile devices. Finally, there is a global search field that allows you to type in a name or portion of a name, ID, database model number, or any other possible identifier to locate a specific device or Group. Any search you start can be cleared by clicking on the Clear all filters button just above the viewing window.


The next section discusses the types of tasks that you have access to from the Clients pane.

Client toolbar options


The toolbar that is active when the Client pane is selected gives you many options for performing various tasks on your devices. You can add new clients, create client Groups, create Smart Groups, associate devices with Filesets, monitor your clients, and perform several administrative tasks. First, we need to look at the global toolbar items; then we will explore the direct action tools for specific clients or client Groups.

Update Model

When you perform actions on your client devices, you should update the "Model." The Model is the current state of the FileWave database after changes have been committed by an administrator. When the Model is updated, all pending actions are written to the database and a new Manifest is generated for every device detailing any changes that have taken place.

New Client

This tool allows you to register with the database new clients for computers that have had the FileWave client installed and have checked-in initially, from mobile device that have enrolled with the FileWave MDM server, or by creating placeholders for devices or computers manually or using either text files or DEP.

See

Enrolling Computer Clients in to FileWave

Enrolling Mobile Devices into FileWave

Working with Apple’s Device Enrollment Program (DEP)

New Group

The New Group tool allows you to create a named Group that will include individual Clients or Clones.

New Smart Group

This tool allows you to create a named Group of devices based upon inventory criteria.

New Association

The focal point of FileWave is being able to create and distribute Filesets to devices. This tool provides one approach for you to associate a Fileset or Fileset Group with a Client or Group.

Client Monitor

The Client Monitor lets you view the current status of your Client after selecting that Client from the list. It provides you with quick look at the current FileWave model running on that Client, as well as allowing you to send a command to the Client to verify its status with the FileWave Server, and allows you to view the Client's FileWave log file.

Customize Columns

You can edit the Client pane view by adding/subtracting data columns. You can remove all but three of the data fields (Name, ID, and Lock status).

Take Control

By "taking control" in FileWave Admin, your administrator locks out all other FW administrators from making any changes to the FileWave model. This level of control is global, in that any other administrators, no matter where they are, cannot push any Filesets or changes to client devices or Groups. This ability is very useful when you are making large, detailed changes to clients or Filesets and do not need those changes being preemptively sent to your managed devices before you are finished. When you have finished being in "control" remember to release the lock so other FW Admins can resume managing their assigned clients.

Tools

The Client tools are tasks that you can perform on a selected Client or Group. The specific tasks available vary between the different types of client devices or Groups. The next section will go into detail on each of the tools as they relate to the various types of clients and client Groups.

Delete

The Delete tool will remove the selected Client(s) or Group(s) from the database. If you delete a Group, then all nested items within that Group will also be deleted.

Client Tools

Here are the tools you have to directly impact a specific client. Depending on the client device, you will see differing settings.


When you right-click on a Client, or select a Client then select the Tools task bar item, you will see the listed tools that are available to interact with that type of Client. The same happens if you select a device Group or Smart Group, with a lesser number of options. Let's take a look at the various options available in the Tools:

Show Associated Filesets

When a Client or Group has had Filesets assigned, or associated, with them, you can view those with this tool. The view will come from the Associations pane in FileWave Admin.

Client Info…

The Client Info window shows the current condition of a Client through Device Details and Filesets Status. You can see the status of associated Filesets, open the Client Monitor, send a remote wipe command, view the current log file, and push a Verify command, which causes the Client to verify that it's current state matches what the current manifest says it should be. Depending on the device, you will get differing amounts of information.

As of FileWave 11, the list of Filesets is displayed as a tree, where dependencies appear as children of the Filesets that require them. When a dependency is required by more than one Fileset, the same dependency will appear more than once in the list, as a child of each of the Filesets that require it.

There is a selection box on the top-left corner that allows filtering Filesets. By default, it is set to "Show All. Other values are "Only successful" and "Only failed," that cause only Filesets without errors/with errors to be shown. "Filesets without errors" means any Fileset in any normal state, when nothing failed. Filesets that are associated but haven't been installed yet are considered "without errors

If the client version is 11.0 or later, it also supports reporting the results of the scripts that were executed. In this case, selecting a Fileset causes a list to appear on the right side, where the results of the last round of scripts is reported. Whenever a script fails, processing stops, and the exit code of the script can be seen in the Status column.

Client Monitor

The Client Monitor lets you view the current status of your Client after selecting that Client from the list. It provides you with quick look at the current FileWave model running on that Client, as well as allowing you to send a command to the Client to verify its status with the FileWave Server, and allows you to view the Client's FileWave log files. Note that Client Monitor leverages NATS to be able to interact with systems on any network as long as they are able to connect to the FileWave Server. More detailed information is here.

image.png

The Client Monitor also lets you change several of the preferences used by the FileWave client.

image.png


Many of these Preference settings can be configured during installation of the client; however, some of them exist only in the Client Monitor and in a Superprefs Fileset. The extras include settings such as the Debug level and the amount of free space that will trigger a disk full message.

Personal Data refers to device tracking . Tracking is covered in detail later in this Chapter.

TeamViewer refers to the remote screen sharing capability of FileWave. If you select Enable TeamViewer remote control, you will have access to observe / control that computer. If you select Prompt client for remote control access, you will present the end user on the computer with a dialog requesting permission to remotely control the device. If this dialog is not responded to with permission granted, it will time out in about 30 seconds and default to permission denied. There is a set of easy videos to learn how TeamViewer works in the Foundry here: https://go.filewave.com/foundry-teamviewer 

Edit Custom Fields(s) Values


This option will allow you to change the values of Custom Fields that have been associated to this device or group of devices. For example if you manually change the value of a Custom Field that is syncing with LDAP with this option, then your change will remain until LDAP scans again at which point your change will be over written with whatever data is synced from LDAP.

Edit Custom Field(s) Associations

Here is where association between Customs Fields and devices are made. If you select one or multiple devices you can set which Custom Field(s) you would like those devices to have. If you select a group (smart or standard) then you will select which custom Fields you would like to set for the devices under this group. If new devices enter this group after you have the Custom Field associated, you would need reassign that Custom Field to the group or those new devices specifically. Custom Fields do not auto-associate to new additions in a group.

Lock / Unlock

When a client device is locked, it can no longer receive model updates from the FileWave server. You might use this setting if a device is being used for some operation that would be interrupted during a Fileset activation.

See

Locking Devices

Create Association(s)…

The primary function of FileWave Admin is to associate Clients and Groups with Filesets. This task will send you to the Associations pane and allow you to select Fileset(s) for association with the selected device. Detailed instructions on using Filesets and associations are in Chapter 5.

Create Clone…

Clones give you great flexibility with FileWave management. You create Clones of a device to add them to different Groups instead of dragging the device itself into a Group. This allows you to let a Client belong to several Groups based on organizational needs, geographies, or even just for application usage. A Client can belong to several Groups, and any associations made to any of those Groups will be reflected at the client.


Since a Clone is essentially an alias of the original Client, you can leave the actual Client sitting in the "root" Group of the Client directory, and do all of your Group assignments by way of Clones. This way, if you delete a Clone from a Group, you have not impacted the original Client record. You may also create a Clone of a Group if you are going to add several sub-Groups into a larger Group. The Create Clone… task presents you with a list of your Groups into which you can place a Clone.

Clone to Same Groups As…

This task lets you choose another Client device as the template to create Clones of the selected Client. If the template device has Clones in several Groups, then your Client will end up with Clones in those Groups.

Move To…

This task lets you move your Client into a designated Group. This does not create a Clone; but places the original Client record into that Group.

Delete

If you no longer need a specific Client or Group in the FileWave database, you can delete it with this command. If you delete a Group, then all Clones and original Clients situated inside that Group are also deleted. Original Clients outside the Group will not be deleted, even if their Clones were inside the Group. Make sure you update the Model when you delete Clients or Groups.

Rename

To rename your Client or Group, use this command. You can also click twice on your client (slower than a double-click) to edit the name.

Comment

This task allows you to add a comment to your Client or Group record.

Set Permissions…

This task lets you specify which FileWave Admin accounts can access a specified Client or Group. You use this assignment capability to manage large deployments with many sub-administrators. For example, you could have an administrator designated to manage and maintain only the Windows computers and another to manage only the iPad cart in a classroom. Some administrators could be assigned only read permissions in order to create reports.

Duplicate Client

This task lets you take a Client as a template and create a new Client that can be renamed to match an, as yet, un-enrolled device. When the new device enrolls, it will assume the identity of that duplicated Client, as well as automatically being part of every Clone used by that duplicated client. For example, Lab-WinPC07 belongs to two Groups - Beta Group and IT Shop; the client gets duplicated and its new name is Lab-WinPC07.1 When the duplicate is renamed, all of it's Clones get renamed also, and when you enroll the new device with the name Lab-WinPC08, the new client automatically belongs to all the correct Groups.

Add Client…

This task is for adding a Client into the selected Group. Selecting this task opens the New Client window.

Add Group…

This task adds a Group to the selected Group. Selecting this task opens the Create New Group window.

Edit Smart Group…

This task allows you change the settings and criteria for a Smart Group.

Request Check-in

This task sends a command to the mobile device to check in with the MDM server. Sending the Check-in command will send along every item in the command history that has not been received.

Lock Device

This task sends the command to the mobile device to return it to the lock screen (as if the power button had been pressed). It sets a message on the screen to say that this device is "lost," along with an optional message and phone number to call if found. This is not the same as the Lock command for non-mobile devices.

Clear Passcode

This task turns off any passcode set on the mobile device.

Refresh Inventory (Verify)

This task sends a request to the client to report back to the FileWave Server an inventory report. This is more inclusive than the Check-in command in that the client gets a push command to supply the following information:

Plus perform any self-healing needed and install/remove any Filesets that have been modified.

Wipe Device…

This task sends a command to mobile devices to erase all content and settings. For mobile devices, the command is located in the right-click popup. For computers, it's located in the Client Info… window.
You must enter the FileWave "super administrator" (fwadmin) credentials in order to proceed with the device wipe.

Set Organization Info (iOS only)

This command appends the Organization Info that is configured in FileWave Admin/Preferences to the selected device. This information is sent to the device at enrollment; but if the information changes, it needs to be manually updated using this menu item.

Clear Restrictions Passcode (supervised iOS 8+)

This command will flush the restrictions passcode set on a supervised iOS device.

Archive Client

This command allows an administrator to remove a Client from active use in the FileWave database. All inventory data on the device is frozen and the device is no longer counted as a client for license purposes.  A Model Update is required to complete this action.
In order to re-add the client to the active FileWave database, you must fully remove it from FileWave, update the Model, then re-add it through the New Client window.

Archiving MDM enrolled clients will send a command to the device to remove enrolment, for any MDM enrolment type, if configured to do so in the Mobile Preferences.

Removal of the MDM Enrolment Profile should cause managed Profiles to be remove.  Managed Apps and as such App Data may also be removed.

Groups & Smart Groups

Putting Clients into Groups gives you tremendous flexibility in overall control and management of your deployment. With Groups, you can configure sets of Clients by type, function, location, and any other association that you can think of. Smart Groups go even further by letting you create criteria that will automatically assemble sets of clients. The real power of Groups in FileWave comes from being able to associate Filesets with Groups at the same time, instead of having to match individual Clients with specific Filesets.

You can also have nested Groups.

Creating a Group

You can use any criteria you desire to create a Group. Select the New Group tool from the toolbar and fill in the name of the Group and, if desired, a comment on the Group, such as its purpose.
Once the Group is created, you can assign Clients to it either with the pop-up menu (right-click on the Group, select Add Client…) or you can add a Clone of a Client to the Group by holding down the Alt-key (Windows) or the Option-key (macOS), selecting the Client, and dragging the Clone onto the Group icon. You can also use the Create Clone… command to build a Clone of a Client, then add the Clone to the Group. Finally, you can create Groups to be sub-Groups, then add those Groups to the "upper" Group. When you associate Filesets with the uppermost Group in a set, all of the clients assigned to that Group, or to Groups inside that Group, will all get those associations.

Setting permissions for a Group

Once you have created one or more Groups, you might want to distribute overall management and maintenance of those Groups. The "Super Admin" account (fwadmin) will always be able to edit or delete any Client or Group in FileWave Admin. What you might want to have is one or more "sub-administrators" who can take over maintenance of one or more specific Groups. This is where the permissions come in; right-click on a Group (or select the Tools item in the toolbar) and choose Set Permissions…
All of the FileWave Admin accounts will be available and you can choose which administrators have permission to work with the selected Group. Your choices are:

The permissions can also be set to Propagate to children, which then assign the same permissions to any Group or Groups nested within in that Group.

Creating Smart Groups

The Smart Group is a collection of Clones based on specific criteria. The options you can choose are extensive:


The specific criteria are defined as follows:

Search Type

Qualifiers

Criteria

Client Name

equals / contains / begins with / ends with / less than / greater than

alphanumeric text of a client name or portion of a name

Client Comment

equals / contains / begins with / ends with / less than / greater than

Any alphanumeric text comment or portion of a comment

Client OS Platform

equals

OS X (Intel / PPC, 10.3 -10.9), Windows (XP, 2000, Vista, 7, 8)

Client IP Address

equals / contains / begins with / ends with

Any logical numeric value that meets standard IP address format (xxx.xxx.xxx.xxx)

Client IP Subnet

equals / contains / begins with / ends with

Any logical numeric value that meets standard IP address format (xxx.xxx.xxx.xxx)

LDAP User

in

A user name in an associated LDAP directory server database

LDAP Computer

in

A computer name in an associated LDAP directory server database

Inventory Query

in

Any valid Inventory Query from the MySQL server (v.9.x) or from Inventory (FW v8.x)

iOS Device Type

equals

iPad / iPod / iPhone / Any


Once you have selected one or more search types and filled in the criteria, FileWave will automatically add a Clone of the qualified Clients to the Smart Group. You can use these types of Groups to track devices as they move around the institution, fall behind in updates, have their name changed, or any other combination of conditions you desire. Permissions for Smart Groups are set up with the same steps used to set permissions for regular Groups.

Using LDAP / Directory Services Groups

FileWave can create Smart Groups based on your LDAP server directories. If you have added LDAP server(s) to your preferences, then your Clients pane will be populated with an LDAP Smart Groups set. These Groups will be automatically populated with computers that are bound to the directory. You can associate Filesets and set permissions for any of these Groups. Devices registered by users with their LDAP credentials show up under Users in the LDAP Smart Groups listing. This links the user to the device for tracking purposes. To set up LDAP for authentication, see Chapter 2.

Client Monitor (16.0+)

What

The FileWave Client Monitor is a tool that provides administrators with real-time insights into device connectivity and status. It helps diagnose and resolve issues efficiently, ensuring seamless communication between clients and the FileWave server. FileWave 16.0 introduces a major upgrade with a streamlined interface, improved Network Address Translation (NAT) compatibility, and enhanced security features.

With these improvements, there is no longer a "Client Preferences" password used or needed to be able to use the new v.16+ Client Monitor with any FileWave managed devices that are running v.16+ of the FileWave Client.

When/Why

Use the Client Monitor to monitor and troubleshoot device connectivity, whether on local networks or remote environments. The enhancements in FileWave 16.0 improve:

Note that although the standalone Client Monitor app is included with 16.0.0+ Admin installs, it is only functional for monitoring macOS and Windows clients running less than FileWave Client 16.0.0, but it also still is used to monitor a FileWave IVS for Windows Imaging as of 16.0.x. The old Client Monitor app will eventually be removed in a future version. 

How

Before you try to use Client Monitor it's important to understand how access to it is controlled. Below is an image of the permissions in a FileWave Server. "Modify Clients/Groups" is the relevant permission. If you do not have this permission then you will only be able to monitor a client, and will not be able to make settings changes. If you do have this permission then you will be able to make settings changes. 

image.png

You can access Client Monitor from both FileWave Central as well as FileWave Anywhere. In FileWave Central you can either use the "Client Monitor" button in the toolbar or the button when looking at Client Info. 

It should be noted that the new Client Monitor in 16.0+ can not monitor an earlier macOS or Windows client. For this reason we still include the standalone version of Client Monitor that is installed with FileWave Central. You can still use that to monitor an older client. 

image.png

image.pngIn FileWave Anywhere you can select a client and then pick the "Client Monitor" button. In FileWave Anywhere you can also use the Device Actions menu when viewing a device to launch it. Both methods provide quick access to the Client Monitor. 

image.png

Now that the Client Monitor is open, you might be wondering how many computers you can monitor simultaneously. FileWave supports monitoring up to 50 devices at once, which should be more than enough for most use cases. However, if you regularly need to monitor more than 50 devices at the same time, let us know!

The Client Monitor has two main tabs—let’s take a closer look below.

Details & Logs

This tab provides real-time information about how the FileWave Client is performing on macOS or Windows devices.


One of the biggest improvements in the new Client Monitor is its use of a NATS connection, allowing you to monitor devices even if they are on a different network. This eliminates the need to manually enter an IP address and removes the limitation of only monitoring devices you can directly connect to within your local network.

 

Key features in this tab:

 

  • Last Successful Connection - Useful to determine when your monitored client last communicated with the server. Additionally, the green dot seen on the top left next to the client name indicates that the device is currently online and in contact. If the dot is red, it means the device is offline, and the dialog will reflect its disconnected status

  • Server Model Number vs. Client Model Number - Important for ensuring your client is receiving updated manifests.

  • Status - This updates live as the FileWave Client works through items that are assigned to it.

  • Logs - Displays various log files that can now be retrieved from macOS and Windows clients. The available logs differ by platform; for example, system.log and install.log are specific to macOS. Grabbing a log is as easy as clicking the download icon.

image.png

Preferences

This tab simplifies altering/setting the client settings. 

We’ve streamlined this section to make adjustments more intuitive and effective.

 

Key settings include:

 

  • Boosters - Displays only the Booster's DNS name and assumes the default port. If using a custom port, a Superpref is still the best way to configure it.

  • Debug Level - This previously used numeric values, logging levels are now set with Normal, Debug and Trace.

  • Verify, Free Space, and Heartbeat Interval - These function the same as before. The default Heartbeat (previously known as Tickle) Interval is 120 seconds and determines how often the client checks in with the server for new commands. In high-traffic environments, increasing this value could help to reduce server load. Previously called the tickle interval, rarely should it be set lower than the default.

  • Disable Personal Data Collection - Can be referenced here and can be set at the device level, but most admins configure this at the license level.

  • Location Refresh Interval - Defaults to 15 minutes and requires prerequisite setup to collect location data.

  • Enable TeamViewer Remote Control - Allows Teamvier integration if the TeamViewer Agent has been deployed to the device.

  • Prompt Client for Remote Control Access - If checked, the end user will be prompted to approve the remote session before it starts; if unchecked, the session may be started without prompting the end user.

image.png

Conflict Resolution

Conflict Resolution

Prevent Duplicates During Enrollment

A Desktop device (Client) is identified in FileWave by Client Name and Device Fingerprint. Have a device duplicated in FileWave could cause issues in communication, incorrect inventory information as well as re-enrollment issues.

It won't be possible to enroll multiple devices with the same client name or fingerprint. FileWave will detect the conflict and not allow enrollment until it's resolved. A FileWave Admin will have to decide what to do to resolve the conflict. 

There are three options:

How you resolve these duplicate conflicts:

Devices in conflict will appear as such in New Client dialog. To resolve, select the device and click Solve Conflict on the bottom left.

New Client.png

Mew Client from Server.pngClient Conflict Resolution.png

Then, simply choose which option best suits your situation and Update Model.

"Replace the old client with the new client" is the only option that will allow the device to take over the same associations and placement in the FileWave structure.

Conflict Resolution

Automated Client Conflict Resolution

What

There is a capability allowing FileWave itself to resolve conflicting new clients on your behalf.

When/Why

Client enrollment conflicts are a natural occurrence in any production environment.  Devices are re-imaged and client certificates might not match, or devices may simply have been renamed and a conflict is created.  The conflicts themselves are not an issue, but they must be resolved so that the system knows how to behave with the "new" devices coming in.  Particularly in larger environments, or during periods of intense device imaging, management of the conflicts can be overwhelming.  To account for this, there is auto-conflict resolution.

Automatic conflict resolution is a time-saver to be sure, but it also circumvents the security elements of client-based certificates, so appropriate caution should be considered before enabling this feature.  For the most secure environment, it may be more appropriate to use the mass-resolution tool instead.

How

To enable this feature, go to the New Clients/Desktop Clients dialog.  (You will notice the auto-conflict resolution option is ONLY available if auto-enrollment is enabled).  To enable auto-resolution, just check the checkbox for "Automatically resolve conflicts":

New Client from Server.png

And, then choose the type of resolution you prefer: 

Replace old clients with new.png

Make sure to click "Save" to confirm these preferences.

Conflict Resolution

Automatic Enrollment Permissions

What

There is a administrator permission that either allows or denies the ability to make changes to auto-enrollment and automatic conflict resolution.

When/Why

We'll want to add this particular permission to any administrator we expect to manage the automatic enrollment of devices.  That is, if devices will be allowed to auto-enroll, and whether auto-conflict resolution will (or can be) be enabled.

How

The permission is very simple to enable for any administrator in the Manage Administrators Assistant:

permissions-enrollment.png

Typically a new permission would be off by default for pre-existing users, but in this case all pre-existing administartors who had the ability to Modify Clients and Groups will automatically have this new permission enabled.

Conflict Resolution

Manual Client Conflict Resolution (Multiple Devices)

What

In large production environments, there may be times during mass enrollments where resolving onboarding conflicts is time-consuming when approached at an individual device level.  There is a capability to mass-resolve client conflicts to make this process simpler.

When/Why

Especially during re-imaging periods, client conflicts can arise from natural actions.  For instance, wiping a device and setting it up with a fresh OS with the same name will always result in a conflict because the device certificate will not match the new device with the same name.  We'll use the mass-resolution capabilities of FileWave to more easily resolve these conflicts in one fell swoop.

Device enrollment conflicts (based on name, fingerprint, certificate, etc) are a protection mechanism against database duplication and for security reasons.  Use appropriate caution when mass-resolving conflicts to ensure that you are resolving the conflict in the proper manner.  It is always best practice to test any action on individual devices before taking the solution to a larger number of devices.

How

To solve multiple conflicts at one time, simply choose multiple records in the new clients window, and choose solve conflicts, as shown below:

manual-client-reso1.png

You may find it easiest to sort by the status column as I have above to group similar conflicts for simpler resolution.

In the resulting window, you can choose to look at detailed information about why there are conflicts by clicking the Show Details button:

manual-client-reso2.png

In the detail view, you can inspect any particular device:

manual-client-reso3.png

Finally, in the resolution window, you can choose how you want to resolve the selected devices, and click on OK.  In this case, we are choosing to replace the existing records with the new clients.

manual-client-reso4.png

Understanding FileWave Clients, Groups, and Smart Groups

Client operations

The FileWave Client needs to be installed on computers that you want to manage with FileWave. The FileWave Client should to be given a unique name so that the FileWave Server can identify the FileWave Client. During startup, the FileWave Client reads its configuration file to initialize its settings. The most important setting (aside from Client Name) is the FileWave Server address. The Client uses this IP or DNS address to attempt to connect to the FileWave Server.

If the FileWave Server can't be accessed for some reason, the FileWave Client waits for a specified amount of time (Tickle Interval - default is 120sec, and can be altered as needed) before it tries to connect again. If the FileWave Server is available and the FileWave Client authenticated successfully, then the FileWave Client checks the model version on the FileWave Server. If the model version of the Server is greater than the last value found by the FileWave Client (stored in it's Catalog file), then the FileWave Client will request to download a manifest for the current model.

The manifest is a list of Filesets that are associated with this Client. The database model version is incremented each time an administrator updates the model. Following a model update, the Client reads the new manifest and executes any actions required. This includes downloading and activation of Filesets (adhering to any time attributes), deletion of Filesets, deactivating Filesets (but leaving the contents in place on the computer for possible future reactivation), and update commands for existing Filesets . When downloading Filesets, the Client attempts to download from the first Booster listed in its preferences, or the Server if no Boosters are set.

One other piece of the workflow that may be needed is Apple's Configurator tool. If you are deploying iOS devices and want to supervise those systems, you have to either use Apple's Device Enrollment Program (DEP) or Apple Configurator, which requires 'tethering' the devices using a Lightning cable.

FileWave Client

The FileWave Client itself is a process (fwcld) that runs as a daemon on a Client. The visible effect of a client is usually the Kiosk, FileWave's self-service tool. On macOS and Windows computers, the FileWave Client is installed using a .pkg (macOS) or .msi (Win). On an Android device, the Client is downloaded and installed as a .apk directly from FileWave during the enrollment process. All FileWave Clients include the self-service Kiosk, which will be visible when content is assigned to the device for user-controlled install, and can be made permanently visible through a configuration setting.

FileWave Groups

FileWave Clients can be gathered into fixed Groups for convenience. The Groups can be named and populated as needed. The advantage of fixed Groups is the ability to associate content with Groups versus having to pick out individual clients. A FileWave Client can be assigned directly to a Group, or you can create a Clone of that Client to assign it to the Group.

Smart Groups

In FileWave, you can create dynamic Groups based upon selective inventory queries, such as "All devices with these fonts" or "Devices that are not running the latest security update." A Smart Group allows you to isolate specific devices and perform actions on them as part of your management workflow. The devices that show in Smart Groups are Clones, as distinguished by the italicized Client name as well as the upward hooking arrow on the lower-left side of the Client type symbol.



More ideas for Smart Groups are provided in the Inventory Chapter, such as using a Smart Group to track down and remove rogue software from devices.

Clones

Instead of assigning FileWave Clients to a single Group, you might want to have a Client assigned to several Groups - such as "Building 7" and "Admin Dept" at the same time. Creating Clones can make this possible. A Clone is essentially an alias of the Client. A device can have several Clones. All assigned to different Groups. Clones can have content (Filesets) associated with them, just as Clients can. The advantage of using Clones is that you can assign Clones of a client to many Groups; but you can assign a Client device itself to only one Group. 

Last Connect vs. Last Connected

What

OK, we'll cut right to the chase, the naming of these fields is silly and confusing.  We'll try to untangle that a bit in this document.

When/Why

The two versions of the Last Connected fields can be quite confusing, and they mean two different things.  Generally we will use the fields whenever we are trying to understand the last time a device talked to the FileWave server.

How

The confusion here comes from the fact that the data seems inconsistent.  It is not actually inconsistent, but it is certainly confusing.  We'll use the following image to help explain:

Last Connected.png

In the above diagram, the "Last Connect" you see highlighted by the red arrows is the last time the device spoke to the server at all.  Devices reach out to the server differently depending on the operating system.  The red arrowed fields are NOT included in inventory and are only meant to show "pings" from a client device.  Basically, this value means that we "heard something" from the device.  On macOS and Windows, the client will "tickle" every two minutes and update this value.  No other platforms modify this field, so for iOS, Android, and Chrome, the only "Last Connected" time is the field that is in inventory.

For ALL platforms though, the field highlighted by the green arrow is the inventory field that is updated whenever the device sends inventory information to the server.  That is, this date indicates the last time the device sent information about hardware, software, and custom fields.  For macOS and Windows, this value will ALWAYS be different from the last tickle time.  And the data in this field is important, because it tells you how old the "data" is about this client.

This field is very useful for troubleshooting (looking for devices that maybe aren't reporting inventory), and also for EXCLUDING data from reports.  For instance, if I want to look for devices that don't have virus definitions updated in the last 3 days, I also want to add a criteria to look for the inventory data to be updated in that same time frame.  This avoids having devices in my report that couldn't possibly have updated definitions, and would just clutter the report unnecessarily.

Inventory Queries (Reports)

Inventory Queries (Reports)

Creating and Editing a query

This will discuss how to create and edit a query. 

When you create a new query, you start by giving it a name and choosing a starting criteria - in this case, we want to have all of our clients report back if they have an application containing the name "chrome". Next, we decide what fields will be displayed when the query executes.

As you drag and drop component fields into the display window, FileWave immediately begins filling in the blanks with data from your Clients. You can re-order those fields by dragging them back and forth until you are satisfied with the results. You should choose a Main Component, which is the index field for the query. For example, in this query, if the main component was the application, then you would get a report that showed every instance of "chrome" that existed in the database. The results would display every instance of the Chrome application, even if it was stored away from the Applications folder and not being used.

By choosing the correct component, and the right criteria, you can create queries that will tell you exactly what you want to know. In the main Inventory window, you can select your query so that it will display just by clicking on it.

Components

Key to being able to create a useful query is understanding the components you have access to. Here is a sampling of those items:


 


One of the most important new component types is the custom field. There are four different sets: Boolean; DateTime; Integer; and, String. You can create custom fields to go beyond the basic information provided by the Clients to look for unique combinations that include searching for files created prior to a certain date, or add marker files to clients that include a filename or text that meets custom criteria. You do this by passing arguments to the fwcld command.

The general format used to set any custom.ini value (including new keys) follows this format:

$ fwcld -custom_write -key <key_name> [-value <value_to_save] [-silent]

Examples
Setting "custom_bool_13" to a false:

$ fwcld -custom_write -key custom_bool_13 -value 0
$ fwcld -custom_write -key custom_bool_13 -value false

Setting "custom_bool_13" to true:

$ fwcld -custom_write -key custom_bool_13 -value 1
$ fwcld -custom_write -key custom_bool_13 -value true
$ fwcld -custom_write -key custom_bool_13 -value something

Setting "custom_date_02" to a date:

$ fwcld -custom_write -key custom_date_02 -value 2014-02-20T15:22:43

To remove any key value, just leave off the -value parameter - so to reset the "custom_date_02" value back to it's default.

$ fwcld -custom_write -key custom_date_02 

Notes

  1. When a provided key name matches integer, date or boolean custom field names - the program will validate the provided input. If this validation fails, an error message is printed and the program will exit without setting the custom.ini value.
  2. When any failure to set a custom.ini value occurs, the program will exit with code 1, if setting the value succeeds the exit code is 0.

Add FileWave Custom Inventory fields remotely using a Fileset

Expressions

When you add an expression, the logic generally revolves around "is this thing true or not?" What you actually get to work with is a list of possibilities, such as "this is exactly what I am asking for", "this contains the thing I am asking for somewhere in the field I am looking", "this begins/ends with the thing I am looking for", or the all time favorite "is null" - which means the field I am looking at has no value set at all. Of course, you also have the opposite of all these with not - is not, does not, etc.

In this example, we are looking for any instance of an application where the name contains the text "minecraft" -

Field values

The whole purpose behind the query is to get useful information out of inventory. You do this by adding fields to display the results of answers to your query. In Inventory, you access the same components you use as criteria for the search as the display fields. In our example, we are looking for "minecraft" but if we left it at that, all we would get back from the FileWave database is "yup, I found it. Now what?"

Here's the result without us asking for a more detailed result. This is the database telling us that it found "minecraft" with no clue as to where it is on any of the clients. So now, we are going to clean up the view and add the component "device name" so that our query will tell us what device this is on.


You can see how a simple query can be constructed, and that it can prove quite useful to just look for some simple answers. Next, we are going to look at some more powerful examples of queries that you can put to use.

Example - Tracking application usage

A powerful tool in the Inventory / License Management is the ability to track application usage. You can create queries that display the amount of time any managed device is using any installed application. An easy example here would be to look at who is using a specific browser and how often.
The query is built based on locating an application - in this case, Google's Chrome web browser. However, instead of just locating the application as we did in the first example, we are going to find out how often that item gets used. FileWave provides application usage components for this purpose. Here's the query with its display fields:

You can see that adding the proper fields, as well as choosing the proper index or Main Component for the display, you get a good bit of information from this query.

Example - Identifying VPP applications that support device assignment

With the functionality in Apple's VPP of directly assigning applications to FileWave client devices, you have the challenge of finding out which of your many applications support that feature. Here is a query you can set up to determine which of your deployed Filesets support device assignment.

The Fields include the product name and, most importantly, the Device assignable flag. The results don't show every VPP application and its status, only the ones that are already active.

Inventory Queries (Reports)

Demystifying Inventory Queries

Description

Inventory queries are fundamental, both for reporting and Fileset deployment.  For basic details for queries, please take a look at Creating and Editing a query

However, if the query isn't correct, then you could end up with incorrect reports or worse still incorrect Fileset deployments or removals.

Information

So as well as the above section of the guide, additionally there are some example queries built into the Admin console: What are Sample Queries?

Sometimes though, you need something that is a little more complex or you can't quite get the right results.  Some considerations when making queries:

Following are some examples to demonstrate this.

  1. Devices that do not have an application installed
  2. Unexpected Entries
  3. None and Not

1) Devices that do not have an application installed

Do you need the query?

This seems like an odd question, but why is this required?  If Filesets are associated they should be installed, if not already, at the next check-in from the device.  If the software has failed, then this is already available through the Report window.  Perhaps they aren't in the right groups to be associated though or maybe the device hasn't checked in for a long time.  Creating a Smart Group based upon an application that is not installed though, will not change the installation status if there is already an association and the App has failed to install.

Does the criteria match the desired expectation?

In this case, we want the devices that do not have an application installed.  Using Firefox on macOS as an Example.

Drag in 'Application' > 'Name' to the criteria and set the following:

Note we have 'Is' selected.  Selecting 'Is Not', 'Does Not Contain', etc will not yield the desired results.  Selecting 'Is Not' for instance, will list all devices that have any application on those devices that are not called Firefox.app.  In essence, this will be all devices, those with and those without Firefox.  Instead, we tick the Not box.

By using the Not box, it gives the reverse of the query.  List all the devices that have Firefox and then give the opposite result (based on the Main Component, which will be covered next).

Since this is a MacOS query, then additionally the OS Type can be added:

FirefoxMissingQueryCriteria.png

What Main Component should be used?

The main component is the key ingredient that the criteria will be based upon.  Imagine two fields: FileWave Client Name and Application > Name

With the main component set to Application, the query will be:

A query set up this way will therefore show all devices, as any App that is not Firefox.app will be a successful hit on this search

FirefoxQueryMainComponentApplication.png

With the main component set to macOS/Windows Device, then the query will be:

This will be a different set of results, as now any device that has Firefox installed will no longer show.  This is the desired result.

FirefoxQueryMainComponentmacOS.png

What Fields do you really need present?

The above has given the desired result, but there are multiple entries per device.  From a Smart Group association point of view, strictly speaking, this should not matter.  There is only one of each device in reality, but it makes it hard to read and does not work well as an Inventory Query for reporting.  As such, removing any relationship that will create a 1:many relationship would be ideal, such that there is only one result per device.

FirefoxQueryClientNameOnly.png

2) Unexpected Entries

Sometimes some entries seem unexpected.  This is usually related to one of the query items in the last example not being set as expected.  From the last example, changing the Main Component to Application will still have an undesired result, as this will be searching the criteria against Application entries in the database even though that Field is not shown.  There will still only be one entry visible per device, but the search is now listing all Applications that are not Firefox, so every device.

FirefoxQueryClientNameOnlyByApplication.png

It is possible though, that with an incorrect Main Component and certain fields added, the output can appear confusing.  Start with a fresh Inventory query and by setting the following, many entries can be seen with no FileWave Client Name:

With the Main Component set as Operating System, there will be many entries with no FileWave Client Name.

AllOSInfoQuery.png

This will be because entries have been made into the database from machines running these OS versions that are no longer appropriate for any of the active devices.  Changing the Main Component can provide a true representation of the current installed OS versions.

AllOSInfoQueryMainComponentmacOS.png

Saving the above with the Main Component set as Operating System these entries can be seen to have no client.  Right-click on an entry.  As well as Copy, is there the option to Reveal Client:

InventoryQueryRevealClient.png

InventoryQueryCopyName.png

If there is no Client to Reveal, then there is no representable entry in the database.  If you have a FileWave Client Name that shows but does not have the option to Reveal Client, it may be an old static record that will require manual removal.  In this instance, you could contact support and they would be able to assist in tidying this up.

Inventory Only and Archived Clients
When attempting to Reveal Clients, if the client is either Inventory Only or Archived, the relevant option to view these would need to be set through the contextual Menu Item

3) None and Not

Not can in many instances be more useful.  A question was posed:

"We would like an Inventory query to show devices that have multiple specific Filesets installed. The issue I am seeing is that if you try to enter multiple Fileset IDs to an inventory query it will show no results because I am guessing it is trying to look for every Fileset to have multiple IDs. So basically I want to find a device that has Fileset 1, 2, and 3, installed and they must have all 3 to go into the query."

Taking from the information above, the negative logic will be seen to be the approach.  Trying to search for each of these using positive logic will again not yield the correct results.  Instead, Not can be used with desired results when mixed with None.

InventoryQueryNoneNot.png

Take some time to think about how this works.  Understanding this will make Inventory Query building in general more successful and ensure you don't have unexpected results.

Inventory Queries (Reports)

What are Sample Queries?

We are frequently asked about the intention of the Sample Queries that you find in the Inventory Queries view in the FileWave Admin.

Problem

For new users of FileWave, the intent of Sample Queries is sometimes a bit of a mystery.  We'll clear that up here!

Envioronment

Sample Queries are provided by default in the Inventory Query view of your FileWave Admin as you can see below:

Sample Queries.png

Resolution

Sample Queries are actually provided for two primary reasons:

  1. To provide you with pre-built common queries so you can get started quickly.  These would be queries that are useful just as they are, such as All iOS or All Mobile.
  2. To provide you with complex queries that you can use as examples to build your own queries.  Sometimes it is just hard to get started on a complex query, like a query you might have to do for an Office Suite.  These complex samples give you a starting point to building your own complex inventory queries.

Additional Information

For best results, duplicate sample queries before you modify them so that you don't change the original.  The Refresh Samples button in the Inventory Query view will put back any sample query that you may have deleted, but it will NOT over-write a modified query.

Inventory Queries (Reports)

How do I export the results of an Inventory query?

Problem

The results of your inventory query will appear in the admin console, but you need to be able to share those results with others that do not have access to the admin console.

Environment

FileWave Admin Console

Resolution

There are 3 ways to export the results of your inventory query:

  1. Select "File -> Export current View" from the menu bar. This will give you a tab delimited file that you can use to share with others. 
  2. Create a scheduled report via "Assistants> Scheduled Reports...". This will allow you to automate the export of the tab delimited file. The file can be delivered via email to a user defined email address.
  3. Leverage the RESTful API to extract the inventory query results. Please see our API documentation for more information.
Inventory Queries (Reports)

Generating scheduled reports

Being able to look at the various queries while logged in to the FileWave Admin is one thing. Being able to have the results of a query automatically sent to your or someone else's email inbox at the same time every week is much better. FileWave supports creating scheduled reports from queries and the process is very simple.

How to create Scheduled Reports

  1. First, you select Assistants → Scheduled Reports… from the FileWave Admin menubar.

Multiple Email Addresses

If you would like to send to multiple email addresses, you will need to separate the addresses by a semicolon.

If you are not the Superuser you will NOT see the Owner section at all; as you can see in the screenshots below, only the Superuser can assign a user to reports.

Scheduled Reports Results

The reports that get sent will be tab-delimited text files that you can easily convert or import into any editor you like to use.

Query Results


License Results

Inventory Queries (Reports)

FileWave Server Mail test receives Bad Request with Google Accounts

What

Setting up the Mail settings within FileWave preferences to send reports is great. However, the first time configuring this feature with Google accounts may run into errors like Bad Request as seen below.

BadRequest.png

When/Why

When first-time setting up FileWave mail preferences, you need to set up 2FA with your Google account to add FileWave as a custom application for third-party management. This allows permission for FileWave to send emails to your Google account.

FileWave Admin Preferences 2022-11-02 at 9.43.50 AM-20221102-134352.jpg

How

Be sure to enable 2FA on your Google account to have access to Signing in to Google. You may follow the Google documentation here: Manage third-party apps & services with access to your Google account. Once you have enabled it, there will be an option for App passwords. Here you may create a custom name for the app, and it will generate a password that you will copy and paste into FileWave email preferences.

Attempt again by sending a test email to verify FileWave and Google account permissions.

GoogleAppPassword0.png

GoogleAppPassword1.png

GoogleAppPassword2.png

GoogleAppPassword3.png

GooglePassword4.png

Inventory Queries (Reports)

Sending Scheduled Reports to More Than One Address

You may find that when setting up a scheduled report on an inventory query or a license report that you may need to send it to more than one recipient..

Problem

Frequently, if not always, you may need to send scheduled report results to more than one email recipient.  Of course, you can always use a generic email address that goes to more than one recipient, but that is not always feasible.

Environment

This issue impacts all scheduled reports.

Resolution

The syntax to add multiple recipient email addresses is simple...just use semi-colons to separate the addresses, as follows:

user1@mail.comuser2@mail.comuser3@mail.comuser4@mail.com

Additional Information

Remember that Scheduled Reports are sent on their defined schedule, but can also be sent immediately by use of the Send Now button in the Scheduled Report Assistant as you see below.  Using Send Now is a great way to test your scheduled report to multiple recipients immediately! 

email-report.png

Inventory Queries (Reports)

Filtering in Inventory Queries

What

Historically inventory queries in FileWave did not allow you to filter for specific values.  In v14(+) you can now filter for text objects in very much the same way you can filter in the Clients view.

When/Why

We are going to want to filter whenever we need to get to data quickly.  For instance, when a customer in the field calls with an issue and we ask them to give us the Asset Tag info for quick identification.

How

Filtering in any inventory query view is as simple as entering search text in the upper right filter field when the query is open.  Note that filters in FileWave admin are "sticky" and will remain even when you leave the view and come back to it.  See example below:

Inventory Queries (Reports)

Exporting & Importing Inventory Queries

Description

As of FileWave version 15.4, it is now possible to export and import Inventory Query definitions.  This makes sharing them easier than ever.

Also export and share any included Custom Fields utilised in an exported query.

Importing & Exporting Custom Fields

Each Custom Field has a unique name: 'Internal Name'.  When uploading a Custom Field, if another Custom Field already exists with the same Internal Name, the newly imported Custom Field Internal Name will be altered to prevent conflict.

Imported Inventory Queries referencing Custom Field Internal Names, will be referencing the Internal Name.  Where a conflict has occurred, the Query must be updated to reference the new, altered Internal Name of the newly imported Custom Field.

Information

Prior to 15.4, sharing Inventory Queries relied upon a FileWave API command to grab the definition from one FileWave Server and then subsequently import that definition into another FileWave instance also using API.  However, exporting and importing is now available via the right click contextual menu within the FileWave Central Admin Console.

Directions

From the FileWave Central > Inventory Queries view...

Export Query

image.png

Import Query

image.png

Inventory Queries (Reports)

Inventory of IP Addresses

Description

Out of the many Inventory Items collected, IP addresses are  included in those automatically provided.  However, what does that mean.  For device communication, many IPs exist for communication and there is more than one address obtained from some devices.

Information

There are two distinct IP Inventory entries:

All Devices IP

This IP is how the server sees the incoming traffic.  As such, it isn't as much device inventory, but inventory of live traffic to the server.

Network IP

The value reported as the Network IP Address, however, is inventory.  Each network adapter will be included in the report back to the FileWave Server during the inventory phase; thus multiple entries per device.

Apple mobile devices will have a blank value, since this IP is provided by the FileWave Client

Considerations

All Devices IP

Since the IP for All Devices is actually the IP of incoming traffic, in reality it is the last leg of the communication between devices and the FileWave server.

What does this mean for this inventory field.  In many setups, not much and is really useful.  By reporting the last leg of traffic, it immediately provides some information about the device.  For example, if this was a company NAT address, the device is clearly talking back to the server from an alternate location.  Yet, there are some other examples where this may not be the best.

Hosted

Where servers are cloud hosted, the last leg of traffic is from the Load Balancer to the FileWave Server.  Since all traffic will be through the Load Balancer, then the reported IP will be the local IP of that Load Balancer.

Booster Routing

This has a similar consequence with Hosted.  Since FileWave Client communication is through the Booster, the last leg of traffic (as viewed by the FileWave Server) will be the Booster (the last Booster if cascaded).  On face value, this would appear initially as useful as first described.  Immediately, it is clear that a client is either reporting directly to the server or through a Booster.  In the latter case, which Booster if multiple exist.  However, there is an additional complication.

Due to requests, the software was altered to provide the local client IP of devices routing through Boosters, with the intention of improving the experience of the Client Monitor.

When a device using Booster Routing first checks in, the IP actually reported will initially be that of the Booster.  From this communication, after a period of time, the value will be updated to reflect the Client IP instead.  However, it may be likely that the communication will be re-established at a later date, causing the Booster IP to be reported again.  As such, there will be a duration of time where the Booster address will be seen, before the Client local IP is shown instead.

Custom Fields

Scripted Custom Fields can return any value that is programatically obtainable.  If a different value was desired, it may be possible for a Client Script or Client Command Line Custom Field to report an alternate chosen value.

Scripted Custom Fields are only available for computer devices: macOS & Windows.

Smart Groups

Smart Groups

Smart Groups, Inventory and Application Version Numbers

Description

By default, FileWave treats software version numbers as strings.  This is because it is legitimate for software versions to contain characters as well as numbers.  The below script is designed to assist with Smart Group analysis and Inventory Reporting.

Information

The following script will attempt comparisons between a supplied software version and the version as shown from the bundle Info.plist file.  If the version contains characters though, the script will exit.

Output should be one of:

The script accepts three Launch Arguments:

  1. App path
  2. Version to compare
  3. Key/Value item to collect from Info.plist

Item 3, if not supplied, defaults to: CFBundleShortVersionString

Directions

Create a Custom Field.

Launch Arguments:

  1. /Applications/Chess.app
  2. 3.15
  3. CFBundleShortVersionString

image.png

Paste the following into the script window:

#!/bin/bash


# Compare version numbers of apps for Inventory Reporting and Smart Groups
# V1.0 -May 2019, sean.holden@filewave.com

# $1 - Application path, e.g: /Applications/Chess.app
# $2 - Version to compare against
# $3 - Version string, e.g.: CFBundleVersion, CFBundleShortVersionString
# Return Newer, Outdated, Current, NA or if non-numerical characters are used Uncomparable.

app_path="$1"

if [ ! -x "$app_path" ]
then
	echo NA
	exit 0
fi

dotted_check_version=$2

if [[ "$3" == "" ]]
then
	# Default if not supplied: CFBundleShortVersionString"
	version_string="CFBundleShortVersionString"
else
	version_string="$3"
fi

dotted_installed_version=$(defaults read "${app_path}/Contents/Info.plist" "$version_string" )

if [[ "$dotted_installed_version" =~ [A-Za-z] ]]
then
	echo "Uncomparable"
	exit 0
fi

function convertVersion {


	OLDIFS=$IFS
	IFS='.' read -r -a array_add <<< "$1"
	IFS=$OLDIFS
}

function compareVersion {


	array_counter=0

	while [ $# -gt 0 ]
	do
		compare_to_me=${check_version[$array_counter]}

		if [[ $compare_to_me == "" ]]
		then
			compare_to_me=0
		fi

		if [ $1 -lt $compare_to_me ]
		then
			echo "Outdated"
			break
		fi

		if [ $1 -gt $compare_to_me ]
		then
			echo "Newer"
			break
		fi

		array_counter=$((array_counter + 1))
		shift

		if [ $# -eq 0 ]
		then
			echo "Current"
		fi
	done
}

convertVersion "$dotted_installed_version"
declare -a installed_version=("${array_add[@]}")
convertVersion "$dotted_check_version"
declare -a check_version=("${array_add[@]}")

while [ ${#check_version[@]} -gt ${#installed_version[@]} ]
do
	installed_version+=('0')
done


compareVersion ${installed_version[@]}

exit 0

Save and then create a Smart Group as required.


Smart Groups

Using Queries to create Smart Groups

Outside of creating queries for informational purposes, FileWave can help you create powerful, dynamic Smart Groups. The concept behind a Smart Group is to gather clients together who meet certain criteria. That would be, for example, all of the devices residing on a certain IP subnet. By adding Inventory queries to the criteria, then adding Filesets to the Group, you can create a Smart Group that will gather a Client device due to its meeting specified criteria, perform Fileset actions on that device, and as a result, the client no longer meets the criteria and drops out of the Group.

Example - Locating Filesets that contain SIP violations

Apple has released a security policy with OS X 10.11 called System Integrity Protection. In a nutshell, it says that no process will be able to have write access to any area of the OS that is protected. FileWave administrators may have scripts that violate this policy, and need to find out which are affected other than just seeing their Fileset(s) fail. There are two new fields in Inventory that identify whether or not a Mac has SIP active or not, and another field that identifies files that contain code that would violate the SIP rules. Here are the two query items:

If you use either one of these to create a Smart Group, you will be able to rapidly identify your Macs that have SIP active, or your Filesets that have incompatible code in them. As you repair the Filesets, they will drop from that Smart Group. If someone turns off the SIP settings (not an easy task), the affected Mac will drop off that Smart Group.

Example - Removing contraband software

For example, you need to scan your clients for contraband software. If the client meets the criteria of having the software you are looking for, then you will have a Fileset execute that will remove that software. Since the Group is dynamic, as soon as the device responds that it no longer has the software and it has that Fileset installed, it will no longer qualify for that Group, and will drop out. Here is the workflow for setting this up:


Once you have executed the Update Model command, the Fileset will execute and delete the software.

Smart Groups

Create a Smart Group from an Inventory Query (Report)

What

Smart group creation in FIleWave has always been a duplicated effort if you wanted a smart group that was identical to an inventory query (report) that already existed.  This duplication of effort was inefficient.

When/Why

With version 14+ of FileWave, you can now directly create a new smart group from an existing inventory query. (and the crowds cheered!)

How

Creating the smart group is easy:

The newly created smart group will have no direct associations (deployments) assigned to it, but if you place it underneath a group that does have associations, the smart group will inherit them.

See example below:

Smart Groups

Duplicating Smart Groups

What

Prior to version 14 of FileWave, creation of similar smart groups could be quite tedious.  With version 14+, you can now duplicate a pre-existing smart group.

When/Why

We are going to want to use this function whenever we have a very similar smart group to create.  This is VERY useful, especially when combined with custom fields.

Consider the following:

We have a smart group for "IT" based on a custom field called "Department":

image.png

Prior to v14, if we wanted to duplicate this smart group, we had to build the entire smart group from scratch, including the inventory query the smart group was built upon.  Now, we can duplicate it, and just change the name and the criteria in the inventory query to create a new smart group for "HR".  (see example video below)

How

Duplicating the Smart Group is easy:

The new smart group is ONLY a copy of the original criteria.  The new smart group will have nothing copied as far as associations or deployments to the original smart group are concerned.

See example below:

Smart Groups

Smart Group Preview

What

When creating a smart group based on an inventory query, the number of results in the query preview can potentially be different from what will actually be in the smart group once you save it.  This can happen for a number of reasons: For example if a device has been deleted from inventory, but a model update has not yet happened, it would show in preview because the inventory exists--but not show in the smart group, because it has already been deleted.  This can create some confusion.

When/Why

To address this in version 14(+) of FileWave, we have added an additional tab in the smart group editor, called "Clients" next to the "Fields" preview tab.  This new tab previews only  the clients that will be part of the smart group.  The columns shown in this view are independent from those selected in the "Fields" tab and only include those relevant to identify a client. 

How

Examples illustrate this best:

An Inventory Query is used in a Smart Group, criteria is "Device ID is not null". On the "Fields" tab enrolled clients, pre-enrolled clients, deleted clients and boosters are displayed (placeholders are  filtered):

image.png

image.png

image.png

But see on the new "Clients" tab, only the enrolled client is displayed and this matches what will be in the Smart Group:

image.png

image.png

Known Issue: if there are 2 records with the same filewave_id, both of them will be displayed on new Clients tab today although only 1 client will be in created Smart Group.  This will be addressed in a later update.

Filesets

Filesets

Move To... for Filesets

What

FileWave has long had the ability to move client device records either by drag and drop, or by the "Move To..." command.  Version 14 brings this same "Move To..." capability to filesets as well.

When/Why

Drag and drop is all well and good, but with thousands of filesets potentially, it could take a long time to drag and drop filesets around the fileset window.  Plus, drag and drop also has the distinct possibility of accidentally dropping in the wrong place.  For those reasons, we recommend you try the new "Move To..." option if moving filesets around.

How

Moving a fileset is in fact even easier now, just:

Example follows:

Settings

Settings

Configuring and using the Dashboard

In FileWave Central, the Dashboard is the first view an administrator gets of their FileWave environment. The Dashboard is designed to give the FileWave administrators a quick view of their server and be able to focus in on a missing setting, or a possible service interruption. There are seven major sections on the Dashboard.

Primary Services

This section shows the major services - DEP, VPP, Email, etc with last update and, if there is an error, a direct link to the settings that can address that error.
CentralDashboard1.png

Sync Status

This section shows the latest 'check-in' times for certain services, such as VPP, DEP, LDAP, and Smart Groups. These services all have preferences requiring synchronization between a remote service, for example your LDAP server, and the FileWave server.

CentralDashboard2.png

Server Performance Status

This section is an active chart of the status of the primary FileWave server's storage space, CPU usage, and RAM utilization.
CentralDashboard3.png

Distribution of clients

This section displays a graph showing the breakdown of FileWave clients based on operating system.

CentralDashboard4.png

Mail Queue

This section displays a running graph of the status of emails sent from the FileWave server. The focus will be on the VPP / MDM invitation emails. This will help you see situations where your local email server may be getting overwhelmed by the large number of MDM invitations going out at the same time.

CentralDashboard5.png

Enterprise IPA URL Check

This section shows the validity of your institutionally created iOS apps as well as the enterprise apps provided by FileWave (iOS App Portal / Kiosk and Engage).
CentralDashboard6.png

Server Licenses

This section shows the current status of your FileWave server license.

CentralDashboard7.png

Alert Settings

The Dashboard provides FileWave Central with the ability send notifications out to individuals at status changes on the server. You toggle between the Alert Settings and the Dashboard in order to configure the types of alerts sent out and who they are sent to.
CentralDashboard8.png
CentralDashboard9.png
The result is an email when an event is triggered being sent to the designated email account.

"Detachable" Dashboard

The Dashboard is part of the FileWave Central application; but it can also be dragged off to be viewed as a separate window on the administrator's computer, opened in a browser, or provided as a URL to other interested parties to view on their own computers or devices.

Dashboard Alert details

A table with explanations of all of the available alert items from the Dashboard is available in the Dashboard Warning levels and Descriptions KB.

Settings

Mobile Preferences - iOS / Android

The Mobile preferences are designed around Mobile Device Management for Apple's iOS/macOS and Google's Android/Chromebooks. This section discusses setting up the basic components in FileWave Central/Preferences. 

Configure MDM Server

Mobile Certificate Management (HTTPS Certificate Management)

This section shows the information used by FileWave to create a valid certificate that will be used to authenticate the FileWave MDM server with your clients and with Apple's Push Notification System.

Note: Self-signed certificates are no longer able to be generated in FileWave. A certificate signed by a CA is required for iOS, MDM enrolled Macs, and Chromebooks.

Apple Push Notification Certificate (APN) for iOS

The APN certificate is required to allow the application developers to send notifications to their applications, such as the Weather app getting current storm alerts. In order to allow the applications you deploy to your mobile devices to get these notifications, you request a secure certificate from Apple. The process for getting the certificate is detailed in the Appendix for FileWave administrators running either OS X or Windows.


Once you have received your APN Certificate from Apple, you will add it by clicking on the Upload APN Certificate/Key Pair button. This will configure your FileWave MDM server to support secure communications with Apple's Push Notification service.

Android/Chromebooks MDM Configuration

If you are deploying Android clients, then you will need to configure the Android/Chromebooks section of the Mobile preferences. You will need to get a Project Number and API key from Google. Instructions on how to accomplish that task are in the Appendix. Once you have those two items, go to the FileWave Preferences / Mobile pane and select the Android/Chromebooks tab.
Select the Configure GCM button, authenticate as the FileWave super administrator, then enter the Project Number and the Server API key you were given.

Click on Save and you should immediately see that GCM is correctly configured.

Override FileWave Server configuration

The Android client is a composite of the computer and iOS client. It must connect to both the FileWave Server and the FileWave MDM server. Enrollment is done the "iOS" way through the MDM portal; but the client must also connect to the main FileWave server for additional functionality. In most cases, this is not an issue because the FileWave Server and the FileWave MDM server are on the same system. However, it is possible for you to configure the two services to run on different systems with differing external IP addresses.

If you are hosting the MDM service on a different system, then you will need to check the Override FileWave server configuration checkbox and enter the FQDN name of your main FileWave server. Do not enter anything in this section if you are running your FileWave MDM services on the same system as your primary FileWave server.

macOS MDM configuration

For macOS devices, you will need to request a custom FileWave Client installation package (.pkg) and upload it to your FileWave server. This allows FileWave to provide the package for all MDM enrolled devices. When a MDM macOS device is added to your FileWave server, it will automatically receive the client installer package and will be configured as one of your client devices.

macOS Client Package Installation Triggers
The FileWave macOS client package will install on newly enrolled DEP and Profile MDM enrolled macOS devices. The macOS client package will also get pushed out to ALL existing enrolled MDM clients if you upload a new macOS client package into the FileWave Preferences. Be sure not to accidently upload the non-custom client pkg or upload a custom client pkg with the wrong FileWave server address, if you do then all exsisting MDM enrolled macOS devices will install the newly uploaded client and then in turn lose connection to your FileWave server.

The first step is to go to the FileWave Support site and request a custom installer: https://custom.filewave.com
Download the zip file and then expand it to have the PKG. When you have the package, you will upload it to your FileWave Server using the button in the macOS MDM preferences pane:


Authenticate as the FileWave Central superuser (fwadmin), then locate the newly downloaded package. Note: You must unpack/unzip the package before being able to upload it to your server!

Ignore status notifications

In the lower left corner of the main FileWave Central window is the status box for your key external services - Apple Push Notification (APN), Google Cloud Messaging (GCM), Apple Device Enrollment Program (DEP), Engage server (if used) and Inventory. You have the option of installing the MDM services on a different system, or not needing APN, DEP, or GCM at all - assuming you aren't using any iOS devices, macOS systems with VPP, or Android devices. If any of these services are not running, the status indicators will show that there is a problem. You can disable status notifications and FileWave Central will report only the services you are using.

Settings

LDAP Preferences

FileWave supports connecting your LDAP network directory – Active Directory, Open Directory, or eDirectory – to your FileWave Server. This capability provides access to directory information for use in Smart Groups and parameterized profiles. You can also use LDAP for enrollment authentication. Using LDAP to authenticate your devices gives you a way to know who (which LDAP user) enrolled what device.

Creating an LDAP server entry in Preferences

Use the [+] button to create a new LDAP server entry and enter the needed connection information as described below:

IF LDAPS or STARTSSL it is recommended to be using a trusted LDAP cert.

If for example an entire OU is suddenly missing that makes up 25% of your LDAP directory, then the amount of change will be so large that FileWave will not initially accept the changes if you set Change Limit from 1% to 25%, but if you had it set to 26% it would accept that removal. When considering the next option in conjunction with this it can still take X amount of syncs for removals to occur. 

Setting it to a number that is equivalent to 24 hrs is recommended for safety.

(Refresh Interval / 60(second to min) / 60(min to hrs)) * x = 24(hrs)

So if I wanted an interval of 1800 seconds (30min), I would set my interval to 48

Enable Automatic Group updates for this LDAP creates a visible set of entries (Smart Groups) in the Clients pane under an LDAP designator. These Smart Groups will be updated by FileWave at the designated refresh interval
The information provided in the Clients pane for LDAP is a one-way view of your directory server. While changes made at the LDAP server are automatically reflected in FileWave; changes made in FileWave Admin do not affect the LDAP directory information.

Choosing to enable the automatic Group updates creates a visible set of entries in the Clients pane of FileWave Admin, and keeps that information up to date; however, for an LDAP environment of over a few hundred records, the load on the LDAP server can get extremely heavy. 


The Test Connection button pings the server to see if it is online; but does not verify all connection settings. You should always use an LDAP browser tool to verify the link to your server.
You can create entries for multiple LDAP servers, and an LDAP server can be running on the same device or VM as the FileWave Server.

An LDAP server can be chosen as the Authentication server which, in this case, means that the directory for that server will be used for profiles that support parameterized settings. Selecting the use it for extraction setting adds the directory information to the FileWave database. You can view the LDAP settings in the Assistants/LDAP Browser in FileWave Admin.

At the Bottom right of the LDAP server pane, there is a Synchronize Now option. This option will allow you to synchronize all your LDAP servers, just one, or sync LDAP Custom Fields. 

Settings

VPP and DEP Preferences

FileWave supports both Apple's Volume Purchase Program (VPP) and Device Enrollment Program (DEP). In order to get these working within FileWave, you will need to configure certain preferences. This section just discusses the settings required in the Preferences.

Note: Instructions for joining and working with the Apple VPP and DEP programs from the Apple side are outlined in detail on these web sites:
Business Manager User Guide
School Manager User Guide
Deployment Reference Guide - iPhone & iPad
Deployment Reference Guide for Mac

Warning: All of the configuration steps in this section must be done while signed in as fwadmin.

FileWave supports multiple tokens for the VPP service. This allows you to create multiple purchase authorities for your institution's App Store content. Content is automatically synchronized every 24 hours with the Apple VPP service. You may force a full synchronization when you are deploying a large number of App Store items, or any time that a delay may interfere with operational needs by holding down the Option key and clicking on the Synchronize button.

Volume Purchase Program preferences

This pane contains the information for your VPP account with Apple. In order to proceed, you will have to have created a VPP for Education or VPP for Business account with Apple. Once you have a VPP account, you can download your VPP token for inclusion into FileWave. You may add as many tokens as you have purchasing agents.

Configure VPP token(s)

Select the Configure Accounts button (1 in the graphic on the next page). You will have to authenticate as the primary FileWave Admin (fwadmin).

Adding a VPP service token

Click on the [+] button (2) and import your downloaded VPP token (3). When you import the token into this pane, you will see a long alphanumeric hash as shown. Continue these actions until you have added all of the VPP tokens you plan to use for content distribution.

Note: Make sure you are not using a given VPP token on more than one MDM server. Problems, such as loss of control of the token or automatic VPP user retirement, can result.

Once the token has been properly imported, you will see a dialog pop up telling you that everything is in order.
If you want more than the FileWave superuser/admin account (fwadmin) to be able to manage VPP applications later on, you will need to use the /Assistants/ Manage Administrators… pane to assign other administrators to manage the VPP token(s). This is covered at the end of this chapter.

Auto-create Filesets

The first time you set up VPP, you will get Filesets automatically created for each of your existing VPP purchases. You can assign those Filesets to a designated FileWave Group for management. The default is the (Root) Group. 

VPP account protection (aka "Take ownership")

One of the new features in FileWave v10 is protection of the VPP accounts and tokens that you use with your server. The concept is very simple: an identifier (called "client context") is sent to Apple for a given VPP account. When an MDM server has to use a VPP account, it will query this identifier and compare with its own; if they match, everything is fine. If they don't match, the server should not use the token.

As long as you are the confirmed owner of the token, the Is Owner flag says Yes;. If you have changed servers, or let another process, such as Apple Configurator, use that VPP token, then you will get an alert stating that the token is owned by another server.

If you have a mismatch, your VPP token entry will turn red, and you will not be able to use that token. Your first indication of an issue may be an alert in your Dashboard:

In order to regain control of the token, you will need to select the token entry and click on the Take ownership button in the lower right corner of the VPP tokens pane. Once you have done that, you will get a confirmation dialog:


The key to this process is making sure you do not apply any of your VPP tokens to a different server, tool, or application. If you are running a test/beta FileWave server or Apple Configurator, you should create a unique VPP account and token for that purpose.

Create VPP users for newly enrolled devices

Back in the Volume Purchase Program pane, you can elect to Create VPP users for newly enrolled devices. VPP users are internally created accounts that link your enrolled device to the FileWave VPP management process. It's not an actual "user" account; but more of a placeholder for the assignment of VPP apps and books. Each VPP user account may contain a link to an actual end user's Apple ID.


If this checkbox is selected, then newly enrolled devices will automatically get a VPP user and that user account will be associated with the device. This can speed up mass deployments, as well as reduce the overhead on 1:1/BYOD deployments. Used in conjunction with settings in the VPP Assistant, your FileWave server can then automatically notify new user's to register their Apple ID with your FW MDM server. You can select a single VPP token to be the primary token related to those VPP users. Also, you can change which tokens are associated with specific VPP users as you need.

Note: If you are using VPP device assignment for application distribution (versus assignment by user - Apple ID), a "ghost" or invisible VPP user account is created. This account is not visible within the VPP User Management pane.

Synchronization

The VPP Synchronization setting lets you determine how often the FW MDM server will match data with your assigned VPP token account. You can push an incremental synchronization by clicking on the Synchronize button; and you can force a full synchronization by holding down the Option key while pressing the Synchronize now button.

Configuring VPP email invitation template

This template will be used by your FileWave server to send an invite to users enrolling in your MDM from iOS devices and macOS computers. If you have configured your setup to use LDAP authentication for enrollment, then your users will get an email addressed to the mail account in their LDAP record. It will contain a custom URL pointing them to the Apple App Store where they will authenticate with their Apple ID to register that ID with your FileWave MDM.

Minimum delay and Preferred Distribution

Starting with FileWave v10, you have the ability to establish a delay between the time you associate a VPP application with a license and when the application is made available to install at the client. This avoids issues during large scale deployments where clients are trying to install VPP applications; but haven't gotten their license assignment yet.

Preferred Distribution allows you to choose the method of deploying a VPP application. The original method has been to assign an application to a registered Apple ID (User). The license shows up in the user's Purchases, and the license can be managed by the FileWave MDM. The new method, supported in iOS 9+ and OS X v10.11+, allows you to assign VPP applications directly to an enrolled device (provided the app developer has coded the app to support this). This method applies only to VPP applications - iBooks are still required to be assigned to individual Apple IDs.



The default setting can be overwritten for a given association of a managed license Fileset.

Using LDAP synchronization allows you to link your LDAP users with VPP users, who can then be associated with their email addresses (if those exist in the LDAP directory). This allows you to have VPP/MDM emails automatically sent to those users. This process can be left off if you are going to use device assignment of all your distributed VPP applications.

Device Enrollment Program preferences

Apple's Device Enrollment Program is designed to support OTA (over the air - Wi-Fi) supervision of devices. FileWave supports iOS devices and macOS computers using DEP. Institutionally purchased devices are registered with Apple, and Apple provides a DEP token for you to link your FileWave MDM server to the DEP service. When a device comes up online, it is recognized by the Apple DEP service, matched to the downloaded token, and automatically configured for supervised management with your FileWave MDM. The preferences you set to get this process up and running are shown below.


Using the "Download certificate" button, download a special "FileWave DEP" certificate to your administrator machine. You will be required to authenticate with the fwadmin FileWave Admin account. Use that certificate to get a DEP token from the Apple DEP site (https://deploy.apple.com or https://school.apple.com).
Select the "Configure accounts" button, and authenticate using the primary fwadmin account. You'll be presented with the option of uploading new tokens. You can have a token for each of the DEP facilitators you have.



The Synchronize button works the same as the VPP synchronize button. DEP will synchronize between Apple and your FileWave Server once a day. You can hold the alt/option key down to force a full, immediate synchronization. Use that sparingly, since it may take a long time to synchronize with lots of devices in the system.

Settings

Managing FileWave Administrators

FileWave supports tiered administration so you can create additional administrators in order to spread the workload, you are not limited to the amount of admins you can have in FileWave.

How to log into FileWave Admin

When you log into the FileWave Admin to access the FileWave Server you will be asked for the server address, and user credentials which can be a local account or an LDAP account.

FileWave supports multiple admin connections from the same or separate admin accounts. If you try to log in with the same account that is already connected somewhere else you will get prompted to either end that first connection, start a second connection, or cancel. 

If you are currently using a self-signed certificate then you may also get a prompt that the Admin cannot verify the identity of the FileWave server. The recommend way to fix this is to, hit connect and then switch to a root trusted certificate. Please visit the KB linked here for instructions on how to do this.


You will also be able to see two active connections if you look in the Administrators Online... window located under the Assistants menu 

The bolded entry is your current connection

FileWave Administrators and Inventory

In the FileWave Admin console you have the ability to set read/write/delete permissions to specific objects which include devices, filesets, and groups. These permissions will follow the user all the way into inventory so that only what the current administrator has access too can be seen in the inventory results.

Example:

You have to select Propagate to children if you are setting permissions on a group and want those permissions to be added to sub-objects.

read/write/delete permissions are received from the original object and the clones will get the same permissions. If you modify these permissions on a clone, only this specific clone will get them not the original or other clones.

Types of Administrator Accounts

FileWave has three different account types; 

Other than the Superuser, which has full rights by default, you have the ability set granular permissions for your Local and LDAP users.

Superuser

The default credentials for your Superuser account is fwadmin/filewave which FileWave highly recommends that you change so the password is something more secure! 

There are areas and features in FileWave that can only be accessed with the FileWave Superuser account. Three of these sections won't even be visible to any other Admin account, one (Software Update) is grayed out for all but the Superuser, and the other features will trigger a dialog window requesting the Superuser credentials to be entered.

Only Visible from the Superuser logged in:

All Admins will be prompted for Superuser credentials:

Local Account

Local Accounts can be created very simply and then given whatever permissions you wish them to have. Keep in mind even if a Local Administrator Account is given full rights they will still be prompted for Superuser credentials in the areas listed in the Superuser section above.

To create a Local Account for the FileWave Admin follow the steps below:


If you selected Set password you will get the following window to type in the user's password:

If you selected Generate and email password you will need to hit the Apply button at the bottom of the FileWave Administrators window and you will then get an email with the following information:

Permissions15.3.1.png

LDAP Group Account 

If you have a LDAP server configured within your FileWave Preferences, administrators can authenticate using credentials stored in the LDAP server, based on Group membership. If a user is a member of multiple Groups, the final permissions will be the UNION of the permissions of these Groups. Only Active Directory is able to detect recursive membership. FileWave will not be able to detect nested Groups in an Open Directory or eDirectory. 

To setup LDAP please see: LDAP Preferences

To create a LDAP Group Account for the FileWave Admin follow the steps below:

Permissions

Account permissions will determine what the Administrator can and cannot do in the FileWave Admin. 

Selecting your Local Account or LDAP Group account and then going into the Permissions tab will give you all the permissions you can select for that user or group of users from LDAP.

LDAP Group Account Permissions

If you have a user in multiple LDAP Group Accounts the user will take the collective permissions from each group. You can check on what permissions a LDAP user will get by selecting the LDAP user application tokens... and searching for that user:

As you can see in the screenshots above the user Kamala Khan is in both the FW Admins and the iOS Admins LDAP Group which has fewer permissions than the FW Admins group does. So this user will use the permissions gathered from both of these groups which will give her full access as you can see in the screenshot below:

What are all the permissions you can choose from?

Server / Model

General

Clients and Groups

Filesets and Groups

Associations

DEP

Dashboard

Discovery Administration

Custom Fields

Full Disk Encryption 

Classroom

Important Note: If you are upgrading from below FileWave 12.9 this Classroom option will be unchecked by default. So you will no longer able to view Classroom in FileWave until this is checked for selected administrators.

Application tokens

FileWave security for inventory has been built on top of a shared secret, which is a long token generated randomly and shared between the server (inventory server) and clients (admin, FileWave server, client machines, scripts, etc)

Any script or 3rd party component that needs access to FileWave Inventory will need to have this token that has been assigned to a user. These tokens can be revoked, re-generated, and a user can have multiple tokens assigned to it.

Every Local account starts with a Default Token which can be used along with any news ones that are created. 

The Default Token for your Superuser will be the same token that was originally in the Inventory tab in FileWave Preferences in versions 12.8.1 and below. If you upgraded from 12.8.1 or below then all communication with this token will stay intact unless you Regenerate the default token.

Local Account New Application Token Setup:

LDAP user application tokens

Just like Local Accounts it is possible to define application tokens for LDAP users as well. This will not be done at the group level but for the specific LDAP Users.

To setup the application tokens for LDAP users follow the steps bellow:

LDAP User TEST
The test will make sure the user belongs to the LDAP server configured for authentication in the FileWave Preferences and will also make sure the user belongs to at least 1 LDAP group defined in the main FileWave Administrators window.

Note: The part of the test to check for the LDAP group in FileWave is cached for 1 hour. The cache is reset every time you save the user dialog, or change the LDAP server in preferences or if you do a LDAP "synchronize".


If you search for a user that is not in your directory service or it doesn't belong to an LDAP Group Account in FileWave it will fail.

Manage VPP Tokens

To allow specific FileWave Administrators to access and see VPP purchases they will need to be given access using this Manage VPP Tokens option in the Manage Administrators... section.

By default only the Superuser (fwadmin) has access to new VPP tokens imported in FileWave any other Administrators created needs to be given access. 

Settings

Embracing the Dark Side: Dark Mode for FileWave Central (15.3+)

What

Once upon a time, in a brightly lit world of screens, a shadowy figure emerged, promising salvation to our eyes: Dark Mode. As legends of its comfort and sleekness spread across the realms of software applications, we at FileWave decided it was time to embrace the dark side. Here's the tale of how Dark Mode came to FileWave Central, turning night into a friendlier place for all administrators.

Dark Mode, the knight in shining armor (or should we say, 'shimmering darkness'?), transforms the blinding lights of your screen into a soothing, shadowy oasis. It’s not just a fashion statement; it’s a guardian of your eyesight, a curator of concentration, and a promoter of power saving. By inverting the bright white backgrounds into deep, dark hues, Dark Mode makes nighttime work less of a nightmare.

When/Why

As the clock struck midnight on yet another session of late-night device management, it dawned on us: our users deserved the option to go dark. Following a cascade of requests and after noticing the shift towards dark themes across the tech landscape, we knew the time was right. Our decision was fueled by the desire to not only keep up with modern UI trends but to also offer our hardworking administrators a visually comfortable and customizable working environment, proving our commitment to not just meeting but exceeding user expectations.

How

To embrace the dark side or bask in the light, journey to **Preferences -> General** in FileWave Central. There, under the Theme setting, select your allegiance: Automatic, Light Mode, or Dark Mode. Choose wisely, for each setting casts FileWave Central in a different aura, from the bright, welcoming light of day to the mysterious, serene shadows of night.

image.png

Settings

FileWave Central - Additional Settings Menu Items

In the FileWave Admin application, there are several other settings and menu items that come into play as you manage and configure your devices. They appear in two menu sets (Server & Assistants) as shown:



Some of these items have already been covered, and others will be discussed in depth later in this manual. Here are basic descriptions of the function of these menu items.

Activation Code…

This is the access to the code you received when you purchased your FileWave license. 

Update Model…

FileWave, at its core, is a SQL database. As such, it is constantly managing large amounts of data as you, and possibly other administrators, add new clients, create Filesets for new content distribution, and manage your devices. When you are performing many of these operations, the information is being written into RAM on the server. A Model is an instance in time for the FileWave database. When you choose the Update Model, you are telling the server to write the changes you have made into the database, and create a manifest for the Clients. This manifest is sent to each Client when it checks in, telling it what changes have been made. If there is a change that effects the Client, it will then request any new or updated Filesets and will then make the appropriate changes on the device. Whenever you make changes to device(s), edit Filesets, or do anything that may affect the relationship between a device and the server, you should update the model.

Revert to Last Model…

If you have made a change to the Model, then realize that you may have damaged a setting, or distributed a broken application, you can revert to the previous model within the FileWave database. In many cases, this can be done without any irreversible changes to the client devices.

Get Logfile…

This menu item allows you to grab a copy of the latest FileWave server process log. It will tell you how your server is behaving, and what is going on. It is very useful for troubleshooting problems.

Open Logfile Folder

This menu item opens the folder on the FileWave Admin system that contains all of the logfiles that have been requested by that administrator. These are copies of the FileWave server logs retrieved when you selected the Get Logfile… menu item.

Client Monitor

The Client Monitor is a tool used to observe the status of a specific device. It displays the current state of the device, the current Model number on the device, and you can see if the device is reacting to changes being made by clicking on the Verify button. Detailed information on Client Monitor is in the Chapter Clients.

Fileset Magic

Custom content can be created using the Fileset Magic tool. It allows you to take a snapshot of the current status of a device, install and configure new content, take a second snapshot, and build a distribution Fileset from those changes. More on Fileset magic in the Chapter on Filesets.

Find Software Updates…

This menu item opens a management pane to look for all iOS / macOS / Windows software updates that are available. The updates can be viewed by just the ones that your devices have been requesting, or by every update published for that platform. The use of this capability is covered in the Chapter on Filesets.

Imaging…

This item opens the Imaging pane that allows you to associate disk images with OS X and Windows devices for re-imaging. This is covered in detail in Network Imaging / IVS.

Enroll iOS Device…

This item opens the pane with the various settings for enrolling iOS devices, and AppleTV, either manually or automatically. 

Search App Store…

This menu item opens a search pane to look for content on the Apple App Store. Details on using this item are in the Chapter on Filesets.

VPP Code Management… / VPP User Management…

These two menu items relate to Apple's Volume Purchase Program within FileWave. They allow you to manage the distribution of institutionally purchased content. 

DEP Association Management…

This menu item relates the Apple Device Enrollment Program within FileWave. You use this pane to configure DEP profiles, and associate them to institutionally purchased devices. .

Activation Lock Management…

This menu item displays the status of your supervised iOS devices with activation lock active. The bypass codes are stored on the FileWave server for your use when taking these devices out of service. 

Manage Administrators…

This menu item opens the management pane for creating, editing, and managing the FileWave administrator account and sub-admin accounts.

Show Locked Items

This menu opens the window with a display of any and all aspects of the FileWave Admin UI that has been "taken control of" using the Take Control button, or that is in use by another FileWave administrator. For example, when an administrator needs to work on editing the sub-administrators, changing some settings in Clients, or editing a Fileset, they can Take Control of those specific items (and when they are finished, they can Release Control).

In the meantime, any administrator trying to work on those areas, can use the Show Locked Items menu to view areas they cannot control.

If an administrator has left items locked too long, or walked away from their system with items still locked, you can force quit that administrator (see Administrators Online… below). You should also make sure your sub-administrators set a reasonable auto-logout time in the General preferences of their FileWave Admin application.

Audit History…

This menu item displays a log of all actions taken by FileWave administrators, broken out by day.

Administrators Online…

This assistant menu lets you view the status of all of the FileWave administrators. If an administrator has been logged in too long, or has locked something you need access to, and they are not at available, you can force logoff that user.

LDAP Browser…

This menu selection displays a tree of your LDAP configuration that matchs what you entered in the LDAP preferences.

File Search…

This item displays a search window that allows you to locate any item in a Fileset using a text string search.
Once you have located your item, you can click on Reveal in Fileset to display the contents of the Fileset with that specific item.

Unmanaged Devices…

This menu item displays a pane with the "non-client" devices you are keeping track of. You can enter items such as printers, scanners, cameras, etc. to the set by clicking on [+] in the window.

Scheduled Reports…

This menu item allows you to create and generate Inventory reports that are automatically sent to designated email accounts. 

Settings

Configuring Inventory preferences

With version 6 and higher, FileWave integrated Inventory into the main FileWave server. With version 8, FileWave introduced Smart Groups with Inventory queries:

image.png

iOS Inventory

These settings only apply to the iOS/iPadOS/tvOS enrolled devices. These devices show up in the normal Clients section of FileWave Admin as well as in the iOS Inventory section. 

Smart Groups

The button Refresh all Smart Groups forces a refresh of all the data requested by existing Smart Groups. Smart Groups normally update every 10 minutes, but this can be adjusted here as well. Do not make this much more frequent or you may make your server overly busy. If you have a very large environment you may want to increase this value to perhaps 20 minutes. 

LDAP Custom Fields

If checked this option will clear the value of a LDAP Custom Field if there is no match between client and LDAP user or computer.

Settings

FileWave Anywhere persistent user preferences (14.8+)

What

As a user of FileWave Anywhere, I frequently have to resize columns when I’m using it.

When/Why

In v14.8.0 we have introduced the ability to store preferences about column width so that when you login columns will retain their size as appropriate.

How

User preferences in main views will be stored on the user account:

User preferences in main views will be stored in the active session:

Profiles section error handling improvements:

License Reporting

License Reporting

Manual Licenses

The first method for managing software licenses is to manually create the query to search inventory. You select New License from the toolbar and give it a name. Then you set the license expression to be based on managing an application or a font. You can choose to manage items installed in all three of the operating systems FileWave supports from a "computer" point of view. (Android, due to its FileWave client, is managed as a hybrid between computer and mobile. Next, you create the inventory search; e.g. the Chrome browser.

Now, gather a count of the licenses you have. This can be done by entering purchase order information, or just using whatever accounting method you have to create a pseudo-purchase order. You can enter multiple license purchases here. It will give you an accounting history as well as let you manage multiple licenses in one location.

Then add a trigger value to warn when you are running out of licenses.

That will complete our license query. Looking at the result in the License Management pane yields:

When you double-click on the license, you will see the details of the query displayed. The window will actually display a significant amount of information about your search results, including detailed device info.

License Reporting

Font Licenses

Many institutions or departments have purchased commercial fonts for use in their design, graphics, or marketing Groups. FileWave provides you with the ability to track and manage the use of license fonts. The workflow for setting up a font license is roughly the same as that for applications. First, you create and name the license; but this time, designate the expressions based on "font."

As with application licenses, when your licenses are in compliance, you will see a green "jelly" in the main License Management window. When you have crossed the watermark trigger point, the "jelly" turns yellow. Finally, when you are out of compliance, you will see red.

License Reporting

Creating Licenses from Filesets

Since the FileWave Client can deep scan your Client systems, it can find any file that meets the criteria you wish to be aware of. This functionality also exists in the primary Inventory pane in FileWave Admin; but the License Management section allows you to tag the query with the watermark triggers.

For example, you might have purchased or just deployed a few systems running an application that is being tested for later widespread deployment. You want to keep an eye on that application to make sure unauthorized copies of it don't leak out. Since you created a Fileset for the application to deploy it, you can easily create a license to track it.

Instead of having to create any criteria for locating the applications, FileWave uses the Fileset definition. At the same time, it will key in on any copies of that specific package, should it show up on more devices than specified.

Troubleshooting

Troubleshooting

Adjusting the Idle Timeout in FileWave Anywhere (WebAdmin)

What

This article will guide you on how to change the idle timeout setting in FileWave Anywhere (WebAdmin). By default, the idle timeout is set to 25 minutes. This means that if there is no activity on the interface for 25 minutes, the user will be automatically logged out. However, depending on your needs, you may find this period too short or too long.

When/Why

You might want to change this setting if the default 25-minute timeout does not suit your work patterns or security needs. If you frequently need to step away from your work but find yourself logged out when you return, you might want to extend this timeout. Conversely, if you're concerned about leaving the interface open and unattended for too long, you might want to reduce the idle timeout.

However, it is important to bear in mind that extending the idle timeout can potentially increase security risks. For example, if you log into FileWave Anywhere on a shared or public computer and forget to log out, you could remain logged in until the timeout occurs, leaving your account vulnerable.

How

To adjust the idle timeout, you will need to modify a specific line in the settings_custom.py file on your FileWave Server. This file is located at /usr/local/filewave/django/filewave/ on macOS or Linux systems.

Please note: If you are a hosted customer, you will not have direct access to the server and will need to contact FileWave Support to have them make this change for you.

Here is the process for self-hosted customers:

  1. Open the settings_custom.py file in a text editor.
  2. Add or modify the following line:
    UI_INACTIVITY_TIMEOUT = 25 * 60 # seconds the UI can stay inactive before auto logoff
  3. Replace the 25 in this line with the number of minutes you want for your idle timeout. For instance, if you want the timeout to be 60 minutes, the line should read: UI_INACTIVITY_TIMEOUT = 60 * 60.
  4. Save and close the file.
  5. To activate the change, you need to restart the server. Do this by running the following command in the terminal: fwcontrol server restart.

After these steps, the idle timeout will be set to the number of minutes you specified.

Troubleshooting

Could not create the /Volumes/XYZ directory error when opening client info

Problem

Error when opening client info for a client machine that it "Could not create the directory". The error is caused when you select "Export Current Tab" in Client info and save the file to a directory that is now no longer on the machine. This is most common when you save the file to a external hard drive and then disconnect the drive. Since the directory path no longer exists it gives the error like the one shown below. The path will most likely differ.

Solution

The error is resolved when you select a new location for Export current view. To do this follow the below steps. 


Troubleshooting

Dashboard Warning levels and Descriptions

Problem

The table below provides an overview of the information that is returned by the Dashboard in the FileWave Admin console.

Environment

FileWave Central Console

Resolution

Item Description
Free Disk Space Free disk space on fwxserver (db location). Warning if < 50GB or < 20% Total space, Error if < 25GB or < 10% total space.
CPU Load CPU Load on fwxserver. Always OK.
Google Cloud Messaging Returns Google Cloud Messaging status. Cached 1 minute. Error if configuration is not correct.
OS X APN for Engage Returns OS X APN certificate status for Engage. Cached 1 minute. Warning if certificate expires in less than 30 days. Error if certificate is missing, expired, or Root certificate is missing.
Total Disk Space Total disk space on fwxserver (db location).
Client distribution Returns client OS distribution (OSX, Windows, iOS, Android...). Cached 1 minute.
Free RAM Free RAM on fwxserver. Always OK as some systems like OSX will free memory on demand only.
APN for MDM Returns APN certificate status for MDM. Cached 1 minute. Warning if certificate expires in less than 30 days. Error if certificate is missing, expired, or Root certificate is missing.
VPP Tokens Returns VPP tokens status. Cached 5 minutes. Warning if token expires in less than 30 days. Error if token is expired or incorrect.
FileWave Client/Mobile License Returns License Status. Cached 1 minute. If you have more than 50 licenses: warning if available count goes below 10, error when 0. If you have less than 50 licenses: warning if available count goes below 4, error when 0.
Entreprise app file (ipa) Check ipa status. Cached 1 hour. Warning if IPA file is local but does not have expected size. Error is IPA file is not on disk for local IPA, or not reachable for external IPAs.
DEP Accounts Returns DEP Accounts status. Cached 5 minutes. Warning if access token expires in less than 30 days. Error if token is expired or incorrect.
Email sent Returns Email sent status for the 7 past days. Cached 5 minutes. Warning if mails are still in the queue (not sent) Error if mails could not be sent (SMTP error). Note that we can't check if the POP/IMAP server rejected the mail. returns the following dict : 'success': , 'pending': , 'error': : , ...
Email settings Returns email settings status. Cached 5 minutes. Error if can't connect to SMTP server.
LDAP Extraction status LDAP Extraction status. Warning if one or more servers have not been contacted yet, Error if there was an error during extraction.
Total RAM Total RAM on fwxserver.
iOS APN for Engage Returns iOS APN certificate status for Engage. Cached 1 minute. Warning if certificate expires in less than 30 days. Error if certificate is missing, expired, or Root certificate is missing.
Smart Group Count Number of evaluated SmartGroups. Warning if last report occurred more than 1h ago, error if 2h ago.


Troubleshooting

Opening FileWave Central (Admin) in a Specific Language (macOS)

What

FileWave Admin will automatically use the language, if supported, set on the workstation at installation (default English).  It is however possible to run FileWave Admin in a different language, as shown below, through an Apple Shortcut Menu Bar item.

When/Why

FileWave Central (Admin) doesn’t currently have the option to change Language preference in the application itself.  Only some languages are supported with this method.

How

The following command may be used to both open and specify a chosen language at runtime.  

/Applications/FileWave/FileWave\ Admin.app/Contents/MacOS/FileWave\ Admin --lang en_US &

Language

Locale Code

Notes

English (US)

en_US

Use for American English.

German

de_DE

Standard locale for German in Germany.

French

fr_FR

Standard locale for French in France.

Korean

ko_KR

Korean for South Korea.

Japanese

ja_JP

Japanese for Japan.

Chinese (Simplified)

zh_CN

For Mainland China.

Chinese (Traditional)

zh_TW

For Taiwan.

Dutch

nl_NL

New in FileWave 16.1+ — Dutch for Netherlands.

Turkish

tr_TR

New in FileWave 16.1+ — Turkish for Turkey.

Swedish

sv_SE

New in FileWave 16.1+ — Swedish for Sweden.

Spanish (International)

es_ES

New in FileWave 16.1+ — Spanish for Spain (Castilian).

 

Troubleshooting

Opening FileWave Central (Admin) in a Specific Language (Windows)

What

When you install FileWave Admin, it will automatically use the language you have set on your workstation (if not available, it will default to English). If you want to change FileWave to run in another language, you have to launch Central/Admin with an argument that specifies the desired language.

When/Why

FileWave Central (Admin) doesn’t currently have the option to change Language preference in the application itself. 

How

If you want to open the FileWave Central/Admin Application in a different Language, you would use the following command to launch. In this article, we’re going to automate the process so it opens with your preferred language every time using a Desktop Shortcut.

Windows (FW 15.4.2 and lower)
"C:\Program Files (x86)\FileWave\FileWaveAdmin.exe" --lang en_US
Windows (FW v15.5.0 or higher)
"C:\Program Files\FileWave\admin\FileWaveAdmin.exe" --lang en_US

Available Language Options:

Language

Locale Code

Notes

English (US)

en_US

Use for American English.

German

de_DE

Standard locale for German in Germany.

French

fr_FR

Standard locale for French in France.

Korean

ko_KR

Korean for South Korea.

Japanese

ja_JP

Japanese for Japan.

Chinese (Simplified)

zh_CN

For Mainland China.

Chinese (Traditional)

zh_TW

For Taiwan.

Dutch

nl_NL

New in FileWave 16.1+ — Dutch for Netherlands.

Turkish

tr_TR

New in FileWave 16.1+ — Turkish for Turkey.

Swedish

sv_SE

New in FileWave 16.1+ — Swedish for Sweden.

Spanish (International)

es_ES

New in FileWave 16.1+ — Spanish for Spain (Castilian).

Troubleshooting

What is the difference between Revert and Restore?

Problem

Let's figure out the difference between revert and restore and when we need to use them.

Something has happened and you want to take a step back.

Maybe you have noticed under the Server menu → "Revert to Last Model"

revert.png

and in the command line there is a: 

sudo fwcontrol server restore [version]

Remember: when you open the FileWave Central admin we are making changes to a future model.

Resolution

Revert:

Is like a typical revert you would see in a document editor and takes things back to the last saved state.

Let's say I opened my FileWave Admin and the model was currently 10 (Any changes I would be making in the FW Admin would become model 11 once I applied it by updating the model).

So I make a fileset called "My Fileset A" delete a fileset called "Old Fileset B", and change an association for "Fileset C" from being to a "Group 1" to "Group 2"

At this point – if I did select "Revert to Last Model" from the server menu – It would undo everything I did by going back to the currently deployed model 10.

IF however, I updated the model to 11 and realized I made a mistake, a revert isn't going to help me out there. As it would be reverting to 11

Restore: 

Restore is not a Revert but has the ability to jump back to previous models. Taking the same story from above;

Let's say I opened my FileWave Admin and the model was currently 10 (Any changes I would be making in the FW Admin would become model 11 once I applied it by updating the model).

So I make a fileset called "My Fileset A" delete a fileset called "Old Fileset B", and change an association for "Fileset C" from being to a "Group 1" to "Group 2"

If however, I updated the model to 11 and realized I made a mistake. I can restore model 10 by doing

sudo fwcontrol server restore 10

The server only keeps the last 20 models.

After the command finished:

Restoring a previous model will not unerase a removed fileset. You need your backups for that.

Additional Information

Often if you make a big enough mistake, it is better to just contact support and have them help you get back to where you need to be.