# Software Deployment Recipes (macOS)

The Software Deployment Recipes section for macOS offers a curated selection of recipes and guides to simplify the deployment of software and applications on your macOS devices. Explore best practices for automating software installations, customizing settings, and managing updates efficiently. Whether you're deploying apps across a single Mac or managing a fleet of devices, these recipes provide valuable insights into package creation, deployment methods, and utilizing macOS management tools. Enhance productivity, streamline software distribution, and maintain control over your macOS ecosystem with these tried-and-tested deployment recipes.

# Adobe Creative Cloud (macOS)

## Description

In today's digital age, visual content plays a pivotal role in branding, marketing, and communication strategies for enterprises. Adobe Creative Cloud offers a robust suite of tools tailored for creative professionals, and its enterprise version brings forth additional functionalities to manage and streamline the creative workflow.

FileWave can help you in deploying and managing these Adobe Creative Cloud applications.

## Ingredients

- FileWave Central
- Adobe Creative Cloud for Enterprise Admin Console
- Adobe Creative Cloud Packager

## Directions

1. Accessing the Admin Console: 
    - To initiate the deployment process, administrators must log in to the Adobe Admin Console using their authorized credentials. The admin console provides a range of management options, including user provisioning, license management, and application deployment.
2. Navigate to Packages[![AdobeConsolePackages.png](https://kb.filewave.com/uploads/images/gallery/2025-03/scaled-1680-/7mKCOfr9HJeQ3WQA-adobeconsolepackages.png)](https://kb.filewave.com/uploads/images/gallery/2025-03/7mKCOfr9HJeQ3WQA-adobeconsolepackages.png)
3. Creating Deployment Packages 
    - Choose the proper platform, next to the search product bar; select Mac for macOS deployment
    - Within the admin console, administrators can create customized deployment packages for Adobe Creative Cloud applications. These packages include specific software, settings, and configurations tailored to the organization's needs.
    - Select *Packages* to customize managed installers or *Pre-generated packages* for pre-built installer ready for deployment[![CustomizedManagedDeployments.png](https://kb.filewave.com/uploads/images/gallery/2025-03/scaled-1680-/Ir6tS26Gw9dC1Ns5-customizedmanageddeployments.png)](https://kb.filewave.com/uploads/images/gallery/2025-03/Ir6tS26Gw9dC1Ns5-customizedmanageddeployments.png)
4. Selecting Applications 
    - The admin can choose which Adobe applications to include in the deployment package based on the roles and responsibilities of different users within the organization. This flexibility ensures that each user has access to the tools they require for their tasks.
5. Distributing Deployment Packages 
    - Once the deployment package is configured, administrators can distribute it to users or groups within the organization. This can be achieved by downloading the installer created, then upload into FileWave Central via the New Desktop Fileset > Apple > PKG.
6. Upload into FileWave Central using the New Desktop Fileset > Apple > PKG
7. Assign to macOS device
8. Update Model

<p class="callout info">Please Note: Adobe Creative Cloud Packager may be customized with settings for application updates directly from Adobe and custom install directory for Windows and macOS.</p>

## Related Content

- [Adobe Creative Cloud: Planning to Deploy and deliver apps and updates](https://helpx.adobe.com/enterprise/using/applications.html)
- [Adobe Creative Cloud: Packaging app via the Admin Console](https://helpx.adobe.com/enterprise/using/package-apps-admin-console.html)
- [FileWave Recipe: Adobe Creative Cloud (Windows EXE)](https://kb.filewave.com/books/software-deployment-recipes-microsoft/page/adobe-creative-cloud-windows-exe "Adobe Creative Cloud (Windows EXE)")

# Amazon Kindle Deployment (macOS App)

## Description

To create a Kindle.app Fileset, there is no need for Fileset Magic. Instead, drag-and-drop into a template Fileset will do it.

The Kindle App is also on the App Store, so you are able to use VPP.

These instructions will also work.

## Ingredients

- FW Admin
- (Other tools, features, and applications that will be needed)

## Directions

1. Download and install Kindle.app on your FW Admin computer. You can do this through the App Store, but for easier updating we recommending visiting [amazon.com](http://amazon.com) ([http://www.amazon.com/kindlemacdownload/ref=klp\_mac](http://www.amazon.com/kindlemacdownload/ref=klp_mac) ) and downloading the kindle app.dmg from there.
2. Import the attached fileset ( [Kindle-template.fileset.zip](https://kb.filewave.com/attachments/171) ) into FileWave Admin , and double-click it to open it.
3. Drag the Kindle.app from your Applications folder into the Applications Folder in of the Fileset.
4. You FileSet is ready to deploy !
5. **Important:** If a user accidentally **deletes / uninstalls** the **Kindle.app,** it will not run again unless: 
    - You deploy this app with **FileWave Kiosk.** This way if a user accidentally deletes **–** uninstalls **the Kindle.app,** he will have the option to make the app run through kicking on **Uninstall** and then again on **Install** on the **Kiosk**.
    - Otherwise the FW Admin will have send a "reinstall selected fileset" command to make the Kindle.app open again

# App-Auto-Patch for 3rd party patching (macOS)

## What

App-Auto-Patch for macOS is a streamlined solution from an [Open Source project](https://github.com/App-Auto-Patch/App-Auto-Patch) designed to enable user-driven patching in your environment. It leverages two FileWave Filesets: one for profile configuration and another for deploying the actual application. The “Profile – App-Auto-Patch Settings” Fileset is used to customize key settings—such as support contact details—which then dictate how the Auto-Patch application behaves on the target devices. The application Fileset contains the App-Auto-Patch utility, which can automatically install patches on macOS devices while providing you with options to exclude specific apps to prevent workflow disruptions.

![image.png](https://kb.filewave.com/uploads/images/gallery/2025-04/scaled-1680-/IN4rxSuWo1VSDZij-image.png)

## When/Why

This method is ideal when you need an efficient, user-driven approach to manage patch deployments on macOS devices. You might use it when:

- <span class="s1">**Proactive Maintenance:**</span> You want to ensure that systems are always up to date with the latest patches without continuous manual intervention.
- **Customized Support:** Your organization requires that support details—such as email, phone, and website—be displayed in the application’s help messages to provide end users with immediate assistance.
- **Controlled Rollouts:** You need the flexibility to exclude certain applications from being patched automatically to avoid potential disruptions to users’ workflows.
- **Seamless Updates:** By simply updating the Profile Fileset’s settings in FileWave, you can push out configuration changes across all managed devices quickly.

![image.png](https://kb.filewave.com/uploads/images/gallery/2025-04/scaled-1680-/zDbjaMXTG9ckDgO1-image.png)

## How

### Customize the Profile Fileset:

- Download: [App-Auto-Patch-Filesets v3.2.2.zip](https://kb.filewave.com/attachments/463)
- Import the 3 Filesets in to your Filewave server and put them in a Fileset group together:  
    [![image.png](https://kb.filewave.com/uploads/images/gallery/2025-04/scaled-1680-/pJBXXVAnqwzYOXEo-image.png)](https://kb.filewave.com/uploads/images/gallery/2025-04/pJBXXVAnqwzYOXEo-image.png)
- Open the “**Profile – App-Auto-Patch Settings**” Fileset.
- Modify the following settings to match your organization’s support details: 
    - **SupportTeamEmail:** For help message support (e.g., <span class="s3">support@company.com</span>).
    - **SupportTeamName:** For displaying the support team’s name (e.g., <span class="s3">Company Support Team</span>).
    - **SupportTeamPhone:** For the contact phone number (e.g., <span class="s3">555-867-5309</span>).
    - **SupportTeamWebsite:** For a support website URL (e.g., <span class="s3">support.company.com</span>).
- For a complete list of configuration options, refer to the official [Configure App-Auto-Patch Settings documentation](https://github.com/App-Auto-Patch/App-Auto-Patch/wiki/Configure-Settings).

### Deploy Using FileWave:

- <span class="s2"> </span>**Association:** Associate this Fileset Group with your target macOS devices. Start with 1 device to make sure you are happy with the settings.
- **Testing:** Deploy initially to a single device to evaluate the patching experience and ensure all settings propagate as intended.
- **Uninstall Capability:** The Fileset also contains an uninstall script. Should you need to remove the application, simply delete the association of the profile and application Filesets, and the system will automatically remove App-Auto-Patch from the macOS device.

![image.png](https://kb.filewave.com/uploads/images/gallery/2025-04/scaled-1680-/9waZNskYnOFJ8KTf-image.png)

### Pushing Updates:

Modify the Profile Fileset at any time to update preferences. The changes will be pushed out automatically to all connected devices upon redeployment. Adjust settings to exclude or include certain applications from patching based on your organizational needs and user workflows. The included settings in this KB article have it set to patch weekly on Tuesdays, but pick what will work for you.

Leveraging the DDM reporting of [Background Tasks](https://kb.filewave.com/books/ddm-apple/page/background-tasks-ddm-status-macos "Background Tasks (DDM status - macOS)") in FileWave you can also check to make sure that the helper is present. Depending on the configuration and your testing you might see more than one Identifier listed for the helper, but you should see at least 1 reported so that you know the LaunchDaemon is present.

[![FileWave Admin 2025-04-08 12.12.08.png](https://kb.filewave.com/uploads/images/gallery/2025-04/scaled-1680-/v9YlDykIpM6Iknxs-filewave-admin-2025-04-08-12-12-08.png)](https://kb.filewave.com/uploads/images/gallery/2025-04/v9YlDykIpM6Iknxs-filewave-admin-2025-04-08-12-12-08.png)

## Related Content

- [App-Auto-Patch GitHub Repository](https://github.com/App-Auto-Patch/App-Auto-Patch/)
- [Configure App-Auto-Patch Settings](https://github.com/App-Auto-Patch/App-Auto-Patch/wiki/Configure-Settings)
- [Installomator - The one installer script to rule them all (macOS PKG)](https://kb.filewave.com/books/software-deployment-recipes-macos/page/installomator-the-one-installer-script-to-rule-them-all-macos-pkg "Installomator - The one installer script to rule them all (macOS PKG)")
- [swiftDialog Deployment (macOS PKG)](https://kb.filewave.com/books/software-deployment-recipes-macos/page/swiftdialog-deployment-macos-pkg "swiftDialog  Deployment (macOS PKG)")

## Digging Deeper

App-Auto-Patch offers a user-driven patching approach that minimizes the need for manual updates while still giving administrators full control. The profile configuration makes it simple to customize end-user support details—ensuring that when users require help, they see consistent and accurate contact information. Moreover, the ability to exclude certain applications from patching not only protects critical workflows but also allows for staged rollouts, reducing the risk of disruptions in a production environment. This model leverages FileWave’s powerful device management capabilities to ensure all deployed macOS devices receive timely updates with the reassurance of a built-in rollback mechanism through the uninstall script. This integrated approach enhances overall system security and stability while providing an agile method for managing software updates in diverse organizational settings.

# Audacity and Lame Deployment (macOS)

## Description

Audacity is a great free, open source, cross-platform audio software for Mac OS, Windows, and Linux.

## Ingredients

- FW Central
- Latest version from Audacity ([https://www.audacityteam.org/download/](https://www.audacityteam.org/download/))
- Latest version of Lame for Audacity ([https://lame.buanzo.org/](https://lame.buanzo.org/))

## Directions

##### Audacity Application

The application is a simple drag-n-drop deployment

1. Download the latest
2. open the download and move the application to your applications folder
3. Drag it form your application folder to your FileWave admin Fileset View

##### Lame 

The Lame libraries are an add-on best sent as a secondary fileset.

1. Download the latest version of lame for Audacity
2. uncompress the download and install
3. Download the attached template fileset - [Audacity Plugin - LAME-Template.fileset.zip](https://kb.filewave.com/attachments/172)
4. Uncompress and import into FileWave Admin
5. Replace the placeholder file with the ones from your system

<table id="bkmrk-%C2%A0-lame-fileset-befor"><thead><tr><th> </th></tr></thead><tbody><tr><td>[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/XlgZLWxB1UQ9bMkm-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/XlgZLWxB1UQ9bMkm-image.png)

</td></tr><tr><td>Lame fileset before</td></tr></tbody></table>

<table id="bkmrk-%C2%A0-lame-fileset-after"><thead><tr><th> </th></tr></thead><tbody><tr><td>[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/IJZGPK2tGtMME8wB-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/IJZGPK2tGtMME8wB-image.png)

</td></tr><tr><td>Lame fileset after</td></tr></tbody></table>

# Box Sync Deployment (macOS)

## Description

<p class="callout warning">Box has announced end of life for Box Sync effective December 2026, and Box states that Box Sync is not supported on Apple Silicon devices. Treat this recipe as historical guidance for environments that still need Box Sync, and prefer Box Drive for current deployments. See [Box Sync and Apple Silicon devices are not supported](https://support.box.com/hc/en-us/articles/16778168894995-Box-Sync-and-Apple-Silicon-devices-are-not-supported) and [Box Drive](https://www.box.com/drive).</p>

Box Sync is a desktop sync application that keeps all your files safe and secure in the cloud, while having them available on your computer and accessible from anywhere, on any device with Box mobile apps. No matter how you work, Box Sync helps you keep your files organized, safe, and always in sync with your business.

## Ingredients

- FW Central
- (Other tools, features, and applications that will be needed)

## Directions

1. Create a new empty Fileset (From the Fileset View : New Desktop Fileset &gt; Empty : Type a Name &gt; OK)
2. With it selected: Click the Scripts item in the button bar
3. Create a new activation script and name it.
4. Paste the script below and edit  
    The Fileset is composed of a script that downloads the latest version of Box Sync from the Box CDN and executes the Install .app to install Box Sync. It uses a bootstrapped provided by box that allows the installation from any user account. Once the app is installed it configures itself for the customer account and prompts the customer to log into their Box Account.

```bash
#!/bin/bash
# Original Script by Bryson Tyrrell | bryson.tyrrell@gmail.com | http://twitter.com/bryson3gps
# Modified on December 16, 2015 by Gilbert Palau | Univision Desktop Engineering | gpalau@univision.net
#
# The BoxEdit components Box Local Com Server.app and Box Edit.app are launched via launch_app.sh code 
# added with permission of Elliot Jordan <elliot@lindegroup.com>
# launch_app was created on 02-10-2015 and last modified by Elliot Jordan on 02-27-2015  | v1.2
# Integrated on 12-18-2015 by Gilbert Palau | Univision Desktop Engineering | gpalau@univision.net
#
# Much thanks to Bryson, who figured out the command line to install from within the app...
# Install\ Box\ Tools.app/Contents/MacOS/Box\ Tools\ Installer -silent -local

policy="Box Edit 3.1.2"
loggertag="system-log-tag"
tmpdir="/tmp/"
downloadurl="https://e3.boxcdn.net/box-installers/boxedit/mac/currentrelease/BoxEditInstaller.dmg"
# Knock Knock... Who is there?
CURRENT_USER_LOGIN_PID=$(ps auxww | grep "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow" | grep "$CURRENT_USER" | grep -v "grep" | awk '{print $2}')
CURRENT_USER=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");')

# Download BoxEdit Package from EvilBox
				echo ""
				echo "Downloading Box Edit"
				webCheckSum=$(curl -sI $downloadurl | tr -d '\r' | awk '/Content-Length/ {print $2}')
				curl -fkS --progress-bar $downloadurl -o /$tmpdir/BoxEditInstaller.dmg
				# curl -fkS --progress-bar https://e3.boxcdn.net/box-installers/boxedit/mac/currentrelease/BoxEditInstaller.dmg -o /tmp/BoxEditInstaller.dmg
				fileCheckSum=$(cksum /$tmpdir/BoxEditInstaller.dmg | awk '{print $2}')
				if [ $webCheckSum -ne $fileCheckSum ]; then
						rm /$tmpdir/BoxEditInstaller.dmg
						echo "The file did not download properly, exiting..."
						exit 101
				fi
				echo "Mounting Box Edit DMG..."
				hdiutil attach -quiet /$tmpdir/BoxEditInstaller.dmg
				if [ $? -ne 0 ]; then
						rm /$tmpdir/BoxEditInstaller.dmg
						echo "The Box Edit DMG failed to mount properly, exiting..."
						exit 102
				fi
				cp -fR /Volumes/Box\ Tools\ Installer/Install\ Box\ Tools.app /$tmpdir/
				hdiutil eject -quiet /Volumes/Box\ Tools\ Installer/
				rm /$tmpdir/BoxEditInstaller.dmg
				echo "Running the Box Edit Installer app"
				# This is the golden goose... Thanks Bryson!
				/usr/bin/su $CURRENT_USER -c "/$tmpdir/Install\ Box\ Tools.app/Contents/MacOS/Box\ Tools\ Installer -silent -local"
				
echo "Finished"
exit 0

```

# Cisco Secure Client Installation (macOS)

## Description

Need to install the Cisco Secure Client on your macOS devices? FileWave has you covered! Below are the steps to download the FileWave template, upload your CSC package, and get ready to deploy to your macOS devices.

## Ingredients

- FW Admin
- Cisco Secure Client DMG file, example file name from your Cisco portal:
    
    
    - `cisco-secure-client-macos-<version>-predeploy-k9.dmg`
- TCC profile for kernel/system extension 
    - Older macOS versions for Kernel Extension TCC profile:
    - [Profile - Cisco Secure Client Kernel Extensions.fileset.zip](https://kb.filewave.com/attachments/499)
    - macOS 11 (and later) for System Extension TCC profile:
    - [Profile - Cisco Secure Client System Extensions macOS 11 (and after).fileset.zip](https://kb.filewave.com/attachments/500)
- Template Install Cisco Secure Client Fileset 
    - [Install Cisco Secure Client.fileset.zip](https://kb.filewave.com/attachments/501)

## Directions

1. Download and import the two files into FileWave and create a Fileset Group labeled Cisco Secure Client Install or similar
2. Open the Fileset Install CiscoSecureClient to view its contents. The Fileset includes two scripts and two placeholders for your customized dmg and xml file.
    
    [![CSCFilesetContents.png](https://kb.filewave.com/uploads/images/gallery/2026-03/BKgyDtGbFTuABz8V-cscfilesetcontents.png)](https://kb.filewave.com/uploads/images/gallery/2025-05/uOY2nOlzbTj4ZARt-filesetconents.png)
3. Proceed through the Cisco process of creating your CSC-readable DMG file. You may follow the updated steps on Cisco's KB documentation here: [Customize macOS Installation of Cisco Secure Client](https://securitydocs.cisco.com/docs/csa/olh/121444.dita). The one in the template Fileset is an example and contain an example XML profile configuration. Please refer to Related Content below to create your Cisco CSC-readable DMG file along with customized modules to install.
4. After the completion of the CSC-readable DMG, replace the one in the Fileset with yours
5. Open the install CSC script to modify the names of the updated CSC-readable DMG and the Cisco Secure Client version number PKG installer to match what you have. If there are spaces, use the correct syntax (i.e., Cisco\\ Secure\\ Client.pkg).  
      
    The script will attach the DMG to the volume of the machine, locate the PKG installer, and extract it to the root directory (you are welcome to change to a different directory, if desired). If you have a customized install\_choices.xml file be sure it has been updated and replaced in the Fileset Contents. Then the script will sleep for 30 seconds to allow installation of the client and detach the DMG from the machine.
    
    [![CSCInstallScript.png](https://kb.filewave.com/uploads/images/gallery/2026-03/wJuOqQYVsrHtWpns-cscinstallscript.png)](https://kb.filewave.com/uploads/images/gallery/2025-05/2woDbot6LbZdga7J-ciscosecureclientinstallscript.png)
6. There are two profiles: one for System Extensions for macOS 11 (and later) along with Web Content Filter and Managed Login Items and another containg only the older macOS versions for Kernel Extensions. Be sure you are deploying to the correct macOS version in your enivornment.  
      
    Modify the check\_profile script and its launch argument to ensure it matches either both profile bundle IDs or just the macOS 11 (and later). The Template Fileset contains only the macOS 11 (and later) Profile bundle ID.
    
    <table style="border-collapse:collapse;width:110.18%;height:393px;"><colgroup><col style="width:33.2903%;"></col><col style="width:33.2903%;"></col><col style="width:33.2903%;"></col></colgroup><tbody><tr><td>[![CSCProfileBundleID.png](https://kb.filewave.com/uploads/images/gallery/2026-03/8KEHdz5Jd9Y8ii9h-cscprofilebundleid.png)](https://kb.filewave.com/uploads/images/gallery/2025-05/MqXaAI0Xp4FCBvU7-csctccprofile.png)</td><td>[![check_profileedit.png](https://kb.filewave.com/uploads/images/gallery/2025-05/scaled-1680-/80PA0YUUqnXTnj4u-check-profileedit.png)](https://kb.filewave.com/uploads/images/gallery/2025-05/80PA0YUUqnXTnj4u-check-profileedit.png)</td><td>[![bundleID.png](https://kb.filewave.com/uploads/images/gallery/2025-05/scaled-1680-/nz99LgHgmP1S9Fny-bundleid.png)](https://kb.filewave.com/uploads/images/gallery/2025-05/nz99LgHgmP1S9Fny-bundleid.png)</td></tr></tbody></table>
7. Save the contents and assign the Fileset group with your Fileset and profile(s) to a few test devices. The Fileset Group will deploy profile(s) and the Fileset; once the profile has been installed successfully, the Fileset with your Cisco Secure Client will be installed.  
      
    [![CSCFilesetGroup.png](https://kb.filewave.com/uploads/images/gallery/2026-03/47TfRFXv2MnESMmj-cscfilesetgroup.png)](https://kb.filewave.com/uploads/images/gallery/2025-05/odoMkfNRbTrJeRNR-filesetgroup.png)

## Notes

Be sure to test with a few devices before mass-deploying to your production devices. It's always a good habit to test on a few devices to confirm the proper installation and configuration of the Cisco Secure Client.

## Related Content

- [Cisco Secure Client Mass Deployment (macOS) Guide](https://securitydocs.cisco.com/docs/csa/olh/121475.dita)
- [Customize macOS Installation of Cisco Secure Client](https://securitydocs.cisco.com/docs/csa/olh/121444.dita)
- [Creating MDM approved System/Kernel Extensions Guide](https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/Cisco-Secure-Client-5/admin/guide/b-cisco-secure-client-admin-guide-5-1/macos11-on-ac.html)

# Comic Life Deployment (macOS Fileset Magic)

## Description

A simple way to install Comic Life on macOS and record that it was registered. Ensure that you are properly licensed for the application.

<p class="callout info">Last tested with **ComicLife 3.5.8**</p>

<table id="bkmrk-ingredients-fw-centr" style="border-collapse:collapse;width:100%;"><colgroup><col style="width:50%;"></col><col style="width:50%;"></col></colgroup><tbody><tr><td>## Ingredients

- FW Central / Fileset Magic
- ComicLife app ([http://plasq.com/apps/comiclife/](http://plasq.com/apps/comiclife/))

## Directions

1. Do Initial Fileset Magic capture
2. Install ComicLife 
    - unzip latest version
    - place into application folder
    - drag/import from the application folder
3. Launch ComicLife 
    - Accept License
    - Select "Register"
    - Enter Org name
    - Enter Serial Number
4. Close ComicLife
5. Open it again 
    - This time it will ask about automatic updates and "staying in touch", I like to turn them off
6. Close ComicLife again
7. Do second Fileset Magic scan (capturing changes) 
    - Make sure to move items to all users

</td><td>[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/UIrCxElAMnYo5EUJ-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/UIrCxElAMnYo5EUJ-image.png)

![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/XRRvV5d5RsDL8MgR-image.png)

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/dAe0a3ib7koVBAvF-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/dAe0a3ib7koVBAvF-image.png)

</td></tr></tbody></table>

# CrowdStrike Falcon Protection (macOS)

## Description

Needing to deploy to CrowdStrike Falcon antivirus to your macOS fleet? FileWave has you covered.

CrowdStrike's flagship product is called Falcon, which is a cloud-native platform that combines next-generation antivirus, endpoint detection and response (EDR), threat intelligence, and proactive threat hunting. Falcon aims to provide real-time visibility into endpoint activity, rapid threat detection, and automated response to security incidents.

## Ingredients

- FileWave Admin Central
- CrowdStrike Falcon Profiles 
    - One for macOS Sonoma and later
    - One for macOS Sequoia and later
- CrowdStrike PKG installer
- CrowdStrike License code

## Directions

### Deploying the CrowdStrike Falcon to your devices

CrowdStrike deployment on macOS requires three filesets: two TCC profiles and the PKG installer. The required TCC profiles depend on the macOS version in your environment. Screenshot examples are included in this article as a reference if you choose to create the profiles manually.

The PKG installer should also include two scripts that apply your CrowdStrike Falcon license and verify that the appropriate TCC profile is installed before the CrowdStrike application is deployed.

## Download TCC profile

<p class="callout warning">**Note:** Please log in to your CrowdStrike portal and download the latest TCC profiles. The screenshots below are provided for reference if you choose to create the TCC profiles manually.</p>

Falcon Configuration Profile for Sonoma and earlier:

<details id="bkmrk-intel-based-tcc-prof"><summary>Sonoma and later TCC Profile</summary>

<table style="border-collapse:collapse;width:100%;"><colgroup><col style="width:50%;"></col><col style="width:50%;"></col></colgroup><tbody><tr><td>**Security &amp; Privacy Payload:**

- Bundle ID: 
    - com.crowdstrike.falcon.Agent
    - com.crowdstrike.falcon.App
- Code requirement: 
    - identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1\[field.1.2.840.113635.100.6.2.6\] /\* exists \*/ and certificate leaf\[field.1.2.840.113635.100.6.1.13\] /\* exists \*/ and certificate leaf\[subject.OU\] = X9E956P446
- Access to service: 
    - Full Disk Access

</td><td>[![Falcon Configuration Profile for Sonoma and earlier0.png](https://kb.filewave.com/uploads/images/gallery/2026-01/scaled-1680-/VeAguvwWKb3N5EDD-falcon-configuration-profile-for-sonoma-and-earlier0.png)](https://kb.filewave.com/uploads/images/gallery/2026-01/VeAguvwWKb3N5EDD-falcon-configuration-profile-for-sonoma-and-earlier0.png)</td></tr><tr><td>- Agent configuration

</td><td>[![Agent.png](https://kb.filewave.com/uploads/images/gallery/2026-01/scaled-1680-/xira0rGVgXkX4fu3-agent.png)](https://kb.filewave.com/uploads/images/gallery/2026-01/xira0rGVgXkX4fu3-agent.png)</td></tr><tr><td>- App configuration

</td><td>[![App.png](https://kb.filewave.com/uploads/images/gallery/2026-01/scaled-1680-/CsEm4mpYjMi28rCq-app.png)](https://kb.filewave.com/uploads/images/gallery/2026-01/CsEm4mpYjMi28rCq-app.png)</td></tr><tr><td>**System Extension Policy Payload:**

- Check box 'Can approve additional system extensions'
- Allowed Team Identifiers: 
    - X9E956P446
- Allowed System Extensions 
    - com.crowdstrike.falcon.Agent
- Allowed System Extension Types: 
    - Network
    - Endpoint security

</td><td>[![Falcon Configuration Profile for Sonoma and earlier1.png](https://kb.filewave.com/uploads/images/gallery/2026-01/scaled-1680-/svMgQ95jWKmAiTGm-falcon-configuration-profile-for-sonoma-and-earlier1.png)](https://kb.filewave.com/uploads/images/gallery/2026-01/svMgQ95jWKmAiTGm-falcon-configuration-profile-for-sonoma-and-earlier1.png)</td></tr><tr><td>**Web Content Filter Payload:**

- Name: Falcon
- Identifier: com.crowdstrike.falcon.App
- Filter Network Traffic
- Socket Filter Bundle Identifier: 
    - com.crowdstrike.falcon.Agent
- Socket Filter Designated Requirement:
    
    
    - identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1\[field.1.2.840.113635.100.6.2.6\] and certificate leaf\[field.1.2.840.113635.100.6.1.13\] and certificate leaf\[subject.OU\] = "X9E956P446"

</td><td>[![Falcon Configuration Profile for Sonoma and earlier2.png](https://kb.filewave.com/uploads/images/gallery/2026-01/scaled-1680-/plA53wMwJbY0UA1x-falcon-configuration-profile-for-sonoma-and-earlier2.png)](https://kb.filewave.com/uploads/images/gallery/2026-01/plA53wMwJbY0UA1x-falcon-configuration-profile-for-sonoma-and-earlier2.png)</td></tr></tbody></table>

</details>Falcon Configuration Profile for Sequoia and later:

<details id="bkmrk-apple-silicon-based--1"><summary>Sequoia and later TCC Profile</summary>

<table style="border-collapse:collapse;width:100%;"><colgroup><col style="width:50%;"></col><col style="width:50%;"></col></colgroup><tbody><tr><td>**System Extension Policy Payload:**

- Team Identifiers: 
    - X9E956P446
- Non Removable From UI System Extensions: 
    - com.crowdstrike.falcon.Agent

</td><td>[![Falcon Configuration Profile Update for Sequoia and later0.png](https://kb.filewave.com/uploads/images/gallery/2026-01/scaled-1680-/6PJA0gxFXERWCDAl-falcon-configuration-profile-update-for-sequoia-and-later0.png)](https://kb.filewave.com/uploads/images/gallery/2026-01/6PJA0gxFXERWCDAl-falcon-configuration-profile-update-for-sequoia-and-later0.png)</td></tr></tbody></table>

</details>## Download the PKG installer

The PKG installer fileset includes three components. The template below can be used to upload your specific version of the CrowdStrike PKG installer. Ensure the installation folder and PKG file name are labeled correctly to support a successful deployment.

- [PKG - Crowdstrike macOS Installation.fileset.zip](https://kb.filewave.com/attachments/491)

<p class="callout warning">**Note:** Please log in to your CrowdStrike portal and download the latest PKG installer to ensure a successful import and deployment. The PKG installer must be used along with the two required scripts: the Requirement script and the Activation script.</p>

[![UpdatedCrowdstrikemacOSinstallation.png](https://kb.filewave.com/uploads/images/gallery/2026-01/scaled-1680-/MsMkjJvzxFrLZa9z-updatedcrowdstrikemacosinstallation.png)](https://kb.filewave.com/uploads/images/gallery/2026-01/MsMkjJvzxFrLZa9z-updatedcrowdstrikemacosinstallation.png)

## CrowdStrike License

Customizing the Fileset with your CrowdStrike license is required. The Fileset has a License.sh script to edit and enter in your license code.

<table id="bkmrk-editing-the-license." style="border-collapse:collapse;width:100%;"><colgroup><col style="width:50%;"></col><col style="width:50%;"></col></colgroup><tbody><tr><td>#### Editing the License.sh script  


1. Highlight your CrowdStrike PKG installer Fileset
2. Select Scripts to open the Script window.
3. Highlight License.sh
4. Click Edit

</td><td>[![CrowdStrikeScripts1.png](https://kb.filewave.com/uploads/images/gallery/2023-08/scaled-1680-/pf41UhyqVBanl9qu-crowdstrikescripts1.png)](https://kb.filewave.com/uploads/images/gallery/2023-08/pf41UhyqVBanl9qu-crowdstrikescripts1.png)</td></tr><tr><td>#### Entering in your license code  


1. Highlight the ####### string and enter in your CrowdStrike License code
2. Click OK to save
3. Click OK to save again to save your license code for the CrowdStrike Fileset

</td><td>[![CrowdStrikeScripts2.png](https://kb.filewave.com/uploads/images/gallery/2023-08/scaled-1680-/mX5Td89pE3hDJXMo-crowdstrikescripts2.png)](https://kb.filewave.com/uploads/images/gallery/2023-08/mX5Td89pE3hDJXMo-crowdstrikescripts2.png)

<details><summary>License code script</summary>

```
#!/bin/zsh

echo "License is being set"
/Applications/Falcon.app/Contents/Resources/falconctl license ##########
echo "License is set"

exit 0
```

</details></td></tr></tbody></table>

## Check for Falcon Profiles

The payload identifiers are preconfigured in the provided template fileset. The steps below explain how to add your own Payload Bundle Identifier if needed.

<p class="callout warning">**Note:** The Requirement script verifies that the CrowdStrike Falcon TCC profiles are installed successfully before the CrowdStrike installer runs. The script checks for both profiles and confirms they are installed before proceeding with the CrowdStrike deployment.</p>

<table id="bkmrk-editing-the-checkfor" style="border-collapse:collapse;width:100%;height:369.766px;"><colgroup><col style="width:50%;"></col><col style="width:50%;"></col></colgroup><tbody><tr style="height:339.969px;"><td style="height:339.969px;">#### Editing the CheckForFalconProfile.sh

1. Highlight your CrowdStrike PKG installer Fileset
2. Select Scripts to open the Scripts window
3. Highlight the CheckForFalconProfile.sh script
4. Click Edit

</td><td style="height:339.969px;">[![CheckForFalconProfile1.png](https://kb.filewave.com/uploads/images/gallery/2023-08/scaled-1680-/0gNEhaHHCGjdxqfl-checkforfalconprofile1.png)](https://kb.filewave.com/uploads/images/gallery/2023-08/0gNEhaHHCGjdxqfl-checkforfalconprofile1.png)</td></tr><tr style="height:29.7969px;"><td style="height:29.7969px;">#### Entering in your Payload Profile Identifiers

1. Highlight the string after profile\_id="#####"
2. Replace the ######, with your TCC profile Identifier.
3. If not sure, open your Profile and copy the Identifier.
4. Click OK to save
5. Click OK to save again to save your changes to the CrowdStrike Fileset

</td><td style="height:29.7969px;">[![Screenshot 2026-01-30 at 17.46.23.png](https://kb.filewave.com/uploads/images/gallery/2026-01/scaled-1680-/Xz4IRMby3JgnHeWn-screenshot-2026-01-30-at-17-46-23.png)](https://kb.filewave.com/uploads/images/gallery/2026-01/Xz4IRMby3JgnHeWn-screenshot-2026-01-30-at-17-46-23.png)  
<details><summary>Check for Falcon profile script</summary>

```
#!/bin/zsh

profile_id="9BCE1C20-633D-405D-84D8-6F6C2D3AE66C"
profile_id2="C1A6E28A-21EF-49C6-B85F-84E845731E22"

found_profile=$(profiles list all | awk -v search=$profile_id  '$0 ~ search {print $NF}')
found_profile2=$(profiles list all | awk -v search=$profile_id2  '$0 ~ search {print $NF}')

i=0
if [ -z $found_profile ]
then
        echo "Did not find $profile_id" 
        i=$((i+1))
fi

if [ -z $found_profile2 ]
then
        echo "Did not find $profile_id2"
        i=$((i+1))
fi

if [ $i = 2 ]
then
       echo "Both Profiles are missing"
       exit 1
fi
echo $missing
echo "Found installed profile: $profile_id or $profile_id2"
exit 0
```

</details>[![Screenshot 2026-01-30 at 17.47.17.png](https://kb.filewave.com/uploads/images/gallery/2026-01/scaled-1680-/RIJZnlqedmJFjU7Q-screenshot-2026-01-30-at-17-47-17.png)](https://kb.filewave.com/uploads/images/gallery/2026-01/RIJZnlqedmJFjU7Q-screenshot-2026-01-30-at-17-47-17.png)  
</td></tr></tbody></table>

## Creating a Fileset Group

Keeping your filesets organized is a recommended best practice, especially when managing multiple software deployments. You may create a new Fileset Group (for example, CrowdStrike Falcon (macOS 2023)) and move all related filesets into that group. This allows you to associate the Fileset Group with your devices instead of assigning individual filesets separately.

Once the filesets and profiles have been created, you can assign the CrowdStrike Falcon (macOS 2023) Fileset Group to a few test devices. This helps verify that the software installs correctly and that the configured license code is applied successfully.

## FileWave Custom Fields to validate installation

Monitoring the CrowdStrike Falcon Sensor through FileWave custom fields helps ensure endpoint protection remains active and compliant. By validating that the Falcon service is running and reporting the installed sensor version, administrators can quickly detect inactive or outdated agents that may leave devices exposed. This custom fields includes both macOS and Windows.

- [FileWave Custom Fields for CrowdStrike.customfields.zip](https://kb.filewave.com/attachments/495)

Example Custom Field output:

[![ExampleCrowdStrikeCF.png](https://kb.filewave.com/uploads/images/gallery/2026-02/scaled-1680-/cSRJ8oolocnroquC-examplecrowdstrikecf.png)](https://kb.filewave.com/uploads/images/gallery/2026-02/cSRJ8oolocnroquC-examplecrowdstrikecf.png)

<table id="bkmrk-sensor-state-output-" style="font-family:'IBM Plex Sans', sans-serif;font-size:14px;width:112.758%;height:126px;border-collapse:collapse;border-width:1px;"><thead><tr style="height:29.7969px;"><td style="height:29.7969px;width:50.0645%;">**Sensor State**</td><td style="height:29.7969px;width:50.0645%;">**Output Value**</td></tr></thead><tbody><tr style="height:29.7969px;"><td style="height:29.7969px;width:50.0645%;">Installed</td><td style="height:29.7969px;width:50.0645%;">Installed | version\_number</td></tr><tr style="height:29.7969px;"><td style="height:29.7969px;width:50.0645%;">Not Installed</td><td style="height:29.7969px;width:50.0645%;">Not Installed</td></tr></tbody></table>


## Related Content

- [CrowdStrike Falcon Protection (Windows EXE)](https://kb.filewave.com/books/software-deployment-recipes-microsoft/page/crowdstrike-falcon-protection-windows-exe "CrowdStrike Falcon Protection (Windows EXE)")

# Fileset recipe to block applications by name (macOS Script)

The Fileset will block the supplied list of applications on your macOS machines by running a script every 5 seconds on your client machines.

## Step-by-step guide

Download, edit and associate the below Fileset.

1. Download the "macOS - Block Applications.fileset.zip" below.  
    [macOS - Block Applications.fileset.zip](https://kb.filewave.com/attachments/287)
2. Import the "macOS - Block Applications.fileset" into the Filesets tab of the Filewave Admin.
3. Edit the Fileset to include the appropriate list of applications to block.  
      
    Select the install\_block\_application.sh file and then Get Info

![11RI5Lm34EXS6yaq-embedded-image-uroiiavm.png](https://kb.filewave.com/uploads/images/gallery/2023-07/11RI5Lm34EXS6yaq-embedded-image-uroiiavm.png)

  
Edit the Executable &gt; Launch Arguments to include the binary name of any app to be blocked, e.g Messages, FaceTime, and Keychain Access

![3l0ZjxmhioBc8Mtk-embedded-image-dybm1arg.png](https://kb.filewave.com/uploads/images/gallery/2023-07/3l0ZjxmhioBc8Mtk-embedded-image-dybm1arg.png)

1. Associate the Fileset to a handful of test machines so you can see the behavior of the Fileset before mass deploying to all of your devices.
2. After that, you are Done!

<p class="callout info">**Binary Names** To find the name of the binary to block, take a look at the application's contents. Every App has the same directory structure &gt; ApplicationName.app/Contents/MacOS/ApplicationName, where ApplicationName is the binary to block, e.g.  
FaceTime  
/Applications/FaceTime.app/Contents/MacOS/FaceTime  
  
Terminal  
/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal</p>

<p class="callout warning">If you are wanting to block an Application with a space in the name like Keychain Access, you will need to have quotes(") around the name. So you would add, "Keychain Access", to Executable &gt; Launch Arguments.</p>

## Blocking Install macOS Apps

Install macOS Apps may be blocked by supplying the following Launch Argument in the Fileset:

```
osinstallersetupd
```

However, this will block all Install macOS Apps. If you wish to block one installer, e.g Catalina, but have workflows that require earlier versions to install, consider the following Fileset example:

[macOS - Block Applications Including macOS Install App.fileset.zip](https://kb.filewave.com/attachments/290)

Use this Fileset instead of the earlier one and supply all desired Apps to block as per below.

Inside the install\_block\_applications.sh script you will find a 'case' block. This section should be edited to meet your requirements. Current settings within the Fileset below.

This will only allow the macOS Ventura Installer.app to run. All other macOS Installer Apps will be prevented from running:

```
	case \$process_details in

		*"Ventura"*)
			log_me "Found: \$process_details"
			log_me "Nothning to do"
			;;
		*)
			block_me "osinstallersetupd"
			;;
	esac
```

### Examples

#### Block Sonoma and Ventura, but allow any other installers

<p class="callout warning">As well as allowing older installers than Ventura to run, this will also allow newer installers beyond Sonoma to run.</p>


```
case \$process_details in

		*"Sonoma"*)
			block_me "osinstallersetupd"
			;;

		*"Ventura"*)
			block_me "osinstallersetupd"
			;;
		*)
			log_me "Found: \$process_details"
			log_me "Allowed.  Nothing to do"
			;;
 esac
```

#### Allow Ventura, block any other installers

<p class="callout info">Ventura and Monterey installers will be allowed to run, but all other installers, including newer ones, will be prevented.</p>

```
case \$process_details in

		*"Ventura"*)
			log_me "Found: \$process_details"
			log_me "Allowed.  Nothing to do"
			;;
          *"Monterey"*)
			log_me "Found: \$process_details"
			log_me "Allowed.  Nothing to do"
			;;
		*)
            block_me "osinstallersetupd"
			;;
 esac
```

## Related Content

The following KB, has an alternate method for blocking just macOS Installation Apps, with user interaction:

[macOS - Block Apple Install macOS Application](https://kb.filewave.com/books/software-updates-apple/page/fileset-to-block-apple-install-macos-applications)

# Firefox Configuration Recipe (macOS)

## Description

After installing Firefox, some configuration may be desirable, examples may include:

- Block auto updates
- Set home page
- Disable Mozilla First Run Pages

<p class="callout info">**Firefox Documentation** The details of the Fileset are based upon: [Firefox Configuration](https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig)  
This is known to work with version 60, upwards. It may work with earlier versions, but testing on placement of files may vary with earlier versions. macOS may alternatively use a [Configuration Profile](#bkmrk-profile-with-macos) (Firefox 64+, ESR 60.4+)</p>

## Ingredients

- FW Admin
- Firefox installer application already as a Fileset
- The provided configuration Fileset:[FirefoxConfig.fileset.zip](https://kb.filewave.com/attachments/124)

## Directions

- Download the Fileset zip file, expand and drag into FileWave &gt; Filesets
- Two files are present in the Fileset.

![vnRkGqKinzaN5YVq-embedded-image-uowhdvgv.png](https://kb.filewave.com/uploads/images/gallery/2023-07/vnRkGqKinzaN5YVq-embedded-image-uowhdvgv.png)

- The autoconfig.js file specifies the file to be used for configuration. In this Fileset the name of the file has been set to 'mozilla.cfg':

```javascript
// Any comment. You must start the file with a comment!
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
```

- To specify any desired settings, edit the mozilla.cfg file. The provided file is designed to prevent Firefox updates, disable privacy telemetry, disable the first run Mozilla home pages and set the user's homepage:

```javascript
// Any comment. You must start the file with a comment!
 
// Disable updater
lockPref("app.update.enabled", false);
lockPref("app.update.auto", false);
lockPref("app.update.mode", 0);
lockPref("app.update.service.enabled", false);
 
// Set Homepage and stop Mozilla startup pages
lockPref("browser.startup.firstrunSkipsHomepage", false);
pref("browser.startup.homepage","http://www.filewave.com");
lockPref("browser.startup.homepage_override.mstone", "ignore");
 
// Disable Privacy telemetry
lockPref("datareporting.policy.firstRunURL",);
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("toolkit.telemetry.unified", false);
```

## Preference Overview

Preference types can include: pref, defaultPref, lockPref, amongst others. Details can be found at: [https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig](https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig)

### pref

This is used to set a preference that can be overridden by the user, but on next launch of the application it will revert back to the setting within the configuration file

### lockPref

A lockPref cannot be overridden by the user

### defaultPref

This is used to set a preference that can be overridden by the user. The user's setting will persist until the user resets them, at which point the defaultPref will be used on next launch of the application

<table id="bkmrk-preference-names-nav"><tbody><tr><td>**Preference Names**

Navigating to 'about:config' in the Firefox URL bar will list all possible preference names and their values and types.

</td></tr></tbody></table>

## Association

When associating, to ensure the configuration is installed with the Application, consider creating a Fileset Group:

![4Q6saH5LFGwHqfhO-embedded-image-s9xryexk.png](https://kb.filewave.com/uploads/images/gallery/2023-07/4Q6saH5LFGwHqfhO-embedded-image-s9xryexk.png)

Associating the 'Firefox' Fileset Group will ensure both the Application and Configuration are associated to devices.

![YQ2qKroZK0ruL1a3-embedded-image-xxgahxhf.png](https://kb.filewave.com/uploads/images/gallery/2023-07/YQ2qKroZK0ruL1a3-embedded-image-xxgahxhf.png)

When there is an update to Firefox, replace the version in the Fileset Group with the latest version after testing.

## Profile With macOS

A Configuration Profile may be delivered to macOS for Firefox management:

[https://support.mozilla.org/en-US/kb/managing-policies-osx-desktops](https://support.mozilla.org/en-US/kb/managing-policies-osx-desktops)

The [linked plist file](https://github.com/mozilla/policy-templates/blob/master/mac/org.mozilla.firefox.plist), may be imported into the FileWave Profile Editor ('Upload File...') and then edited appropriately.

![vwg2iMRNl7AY0JSe-embedded-image-nmxphyhd.png](https://kb.filewave.com/uploads/images/gallery/2023-07/vwg2iMRNl7AY0JSe-embedded-image-nmxphyhd.png)

The key settings to focus on initially are:

- EnterprisePoliciesEnabled
- RequestedLocales

Default values in the template will require editing: EnterprisePoliciesEnabled should be enabled to allow management to take control. RequestedLocales may require editing to meet the specific needs.

The template is preconfigured as:

- de
- en-US

To change from German to British for example:

![RH9qlfb3Hb2Yo7Lh-embedded-image-ypiurs66.png](https://kb.filewave.com/uploads/images/gallery/2023-07/RH9qlfb3Hb2Yo7Lh-embedded-image-ypiurs66.png)

These settings would enforce management for en-GB and en-US, whilst other English locales, e.g en-CA, en-AU would not be managed. Instead, one locale of 'en' could be set to block all English locales.

<p class="callout info">**Key Values** If EnterprisePoliciesEnabled is not set as true and a correct RequestedLocales is not included, management should not be expected.</p>

If unsure which locale is in use, without management in place the 'about:config' URL may be used to view settings:

![5wUpXEcuu4JMVshf-embedded-image-wour7xe5.png](https://kb.filewave.com/uploads/images/gallery/2023-07/5wUpXEcuu4JMVshf-embedded-image-wour7xe5.png)

To ensure users may not circumvent management by changing the locale, enable 'BlockAboutConfig' (already set as TRUE in the template file)

## Related Content

- [Firefox Configuration Recipe (Windows)](https://kb.filewave.com/books/software-deployment-recipes-microsoft/page/firefox-configuration-recipe-windows "Firefox Configuration Recipe (Windows)")

# Google Chrome (macOS)

# Google Chrome Configuration recipe (macOS)

## Description

After installing Chrome, some configuration may be desirable, examples may include:

- Block auto updates
- Set home page
- Disable Welcome Page

The below shows configuration for macOS. For Windows you may wish to consider GPO: [Manage Chrome updates (Windows)](https://support.google.com/chrome/a/answer/6350036)

## Ingredients

- FW Central
- [Chrome installer application](https://cloud.google.com/chrome-enterprise/browser/download) already as a Fileset
- The provided configuration Fileset:

##### macOS

[![FileWave Download.png](https://kb.filewave.com/uploads/images/gallery/2023-06/scaled-1680-/LhUDCHKqr6dGiaoG-filewave-download.png)](https://kb.filewave.com/attachments/174)

## Directions

1. Download the Fileset zip file, expand and drag both the Fileset and Configuration Profile into FileWave &gt; Filesets
2. The 'Google Chrome Ksadmin' contains 'ksadmin.sh' script which configures ksadmin to allow silently disabling Chrome updates
3. The Configuration Profile has example setups that may require editing, e.g Welcome and Home Page; replacing www.filewave.com

<p class="callout info">**Preference Names**  
A list of policies can be found at: [Chrome Enterprise policy list](https://cloud.google.com/docs/chrome-enterprise/policies/#deviceUpdateSettings)</p>

### Association

When associating, to ensure the configuration is installed with the Application, consider creating a Fileset Group:

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/qaV6CB6bqLNHA1nH-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/qaV6CB6bqLNHA1nH-image.png)

Associating the 'Google Chrome Managed' Fileset Group will ensure Application and Configuration are associated to devices.

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/0DyNWFLAKd8QYNRD-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/0DyNWFLAKd8QYNRD-image.png)

When there is an update to Google Chrome, replace the version in the Fileset Group with the latest version, after testing, and re-instal Google Chrome Ksadmin

### Controlling Updates

Updates may be managed with the use of additional configuration that may be added to the Fileset Group.

The following profile contains:

```bash
<key>updatePolicies</key>
<dict>
  <key>com.google.Chrome</key>
  <dict>
    <key>UpdateDefault</key>
    <integer>3</integer>
  </dict>
</dict>

```

**Download**: [Chrome Preferences Keystone.mobileconfig](https://kb.filewave.com/attachments/173)

Edit the profile integer to match the desired experience:

<table id="bkmrk-setting-description-" style="width: 100%;"><tbody><tr style="background-color: rgb(251, 238, 184);"><td style="width: 7.9197%;">Setting</td><td style="width: 92.0803%;">Description</td></tr><tr><td style="width: 7.9197%;">0</td><td style="width: 92.0803%;">Turns on auto-updates. Updates are always applied when detected by Google Software Update. This is the default value.</td></tr><tr><td style="width: 7.9197%;">1</td><td style="width: 92.0803%;">Updates are installed only from the scheduled update checks. Manual update checks will not install updates.</td></tr><tr><td style="width: 7.9197%;">2</td><td style="width: 92.0803%;">Turns off auto-updates. This stops Google Software Update automatically updating all users to the latest stable version of Chrome. Updates are only applied when the user manually checks for updates. For example, on the [chrome://help page](#bkmrk-google-software-mana) or by running the CheckForUpdatesNow.command utility.</td></tr><tr><td style="width: 7.9197%;">3</td><td style="width: 92.0803%;">Updates are never applied.</td></tr></tbody></table>

Add the 'mobileconfig' file as a Custom Settings [Configuration Profile Payload](https://kb.filewave.com/books/profiles-apple/page/profile-editor-details-for-apple "Profile Editor details for Apple")

<p class="callout info">**Google Software Management**  
Other Google software may also be managed with this process. Please read [Manage Chrome updates (Mac)](https://support.google.com/chrome/a/answer/7591084?hl=en) for full details of management options.</p>

# Google Chrome Managed (macOS)

## Description

Chrome browser user experience may be managed on multiple device types by way of a Google Management Token available through the Google Admin Console.

Details on obtaining a token and Chrome management can be found in the following KB:

- [Managed Google Chrome](https://kb.filewave.com/books/google-general-info/page/managed-google-chrome)

The directions below describe applying the token to macOS devices.

<p class="callout success">If Google Admin Console is not available, consider viewing the FileWave KB: [Google Chrome Configuration Recipe (mac0S)](https://kb.filewave.com/books/google-general-info/page/managed-google-chrome)</p>

## Ingredients

- Chrome installer Fileset
- Chrome Browser Enrolment Token (only available via Google Admin Console)
- Profile to push out the token

The below Fileset is a template with two suggested keys, one of which is the required Google Token

##### macOS

[![FileWave Download.png](https://kb.filewave.com/uploads/images/gallery/2023-06/scaled-1680-/LhUDCHKqr6dGiaoG-filewave-download.png)](https://kb.filewave.com/attachments/314)

## Directions

1. Download the above provided Fileset zip file, expand and drag into FileWave &gt; Filesets
2. Open the Profile for editing and access the Custom Settings Payload
3. Edit the CloudManagementEnrollmentToken String, entering the copied token from the Google Admin console

[![image.png](https://kb.filewave.com/uploads/images/gallery/2024-03/scaled-1680-/RpgF8dBVex3pmUWR-image.png)](https://kb.filewave.com/uploads/images/gallery/2024-03/RpgF8dBVex3pmUWR-image.png)

### Association/Deployment

When assigning with devices, to ensure the configuration is installed with the Application, consider creating a Fileset Group:

[![image.png](https://kb.filewave.com/uploads/images/gallery/2024-03/scaled-1680-/nm1kG4mjOY6PzMYC-image.png)](https://kb.filewave.com/uploads/images/gallery/2024-03/nm1kG4mjOY6PzMYC-image.png)

Assigning the 'Google Chrome Management Token' Fileset Group will ensure Application and Configuration are associated to devices. Below is an example Deployment:

[![image.png](https://kb.filewave.com/uploads/images/gallery/2024-03/scaled-1680-/paRnHBB5Os9x3oVi-image.png)](https://kb.filewave.com/uploads/images/gallery/2024-03/paRnHBB5Os9x3oVi-image.png)

When there is an update to Google Chrome, replace the version in the Fileset Group with the latest version (after testing) or switch to a new Fileset Revision if desired.

# Google Chrome Extension Management (macos)

## Description

Chrome Extensions, like [ClassSpaces](https://www.classspaces.org), can be managed via FileWave on multiple device types.

If the Chrome browser is already managed using Google Admin Console, then all management may be applied to devices via the Google Admin Console. It is though possible to apply the management of Chrome to macOS and Windows devices via FileWave also.

## Ingredients

- Chrome installation
- Provided downloads

<table id="bkmrk-%E2%86%93-windows"><tbody><tr><td>↓ macOS

</td></tr><tr><td>[![](https://kb.filewave.com/uploads/images/gallery/2023-07/hxQ5MBkecAvFqBAa-embedded-image-n8bwi3qh.png)](https://kb.filewave.com/attachments/102)

</td></tr></tbody></table>

## macOS

Drag the download Profile into the Admin Console, associate to test devices and deploy once tested.

Contents of Profile:

```xml
Dict {
    PayloadDisplayName = Google Chrome Classspaces
    PayloadScope = System
    PayloadType = Configuration
    PayloadRemovalDisallowed = false
    ConsentText = Dict {
        default = 
    }
    PayloadContent = Array {
        Dict {
            PayloadVersion = 1
            PayloadDisplayName = Custom: (com.google.Chrome)
            PayloadType = com.apple.ManagedClient.preferences
            PayloadContent = Dict {
                com.google.Chrome = Dict {
                    Forced = Array {
                        Dict {
                            mcx_preference_settings = Dict {
                                ExtensionSettings = Dict {
                                    * = Dict {
                                        installation_mode = blocked
                                    }
                                    obeophmpnnhboefjagnpbllfbbaeodnn = Dict {
                                        installation_mode = force_installed
                                        update_url = https://clients2.google.com/service/update2/crx
                                        comment = Classspaces
                                    }
                                }
                            }
                        }
                    }
                }
            }
            PayloadEnabled = true
            PayloadIdentifier = ml1063.lan.c7256e52-e8f0-4b6b-b48d-5ec98c03ff8a.com.apple.ManagedClient.preferences.87789162-48a1-42bf-b444-ff6567a9e7f0
            PayloadUUID = 87789162-48a1-42bf-b444-ff6567a9e7f0
        }
    }
    PayloadIdentifier = ml1063.lan.c7256e52-e8f0-4b6b-b48d-5ec98c03ff8a.Configuration.c7256e52-e8f0-4b6b-b48d-5ec98c03ff8a
    PayloadVersion = 1
    PayloadUUID = c7256e52-e8f0-4b6b-b48d-5ec98c03ff8a
}
```

# Notes

<p class="callout warning">As part of the example, an additional key has been added to block all other extensions. Remove or edit as desired</p>

<p class="callout success">If Chrome is already open, the settings will not be applied until after the browser has been restarted</p>

## Related Content

- [Google Chrome Extension Management (Windows)](https://kb.filewave.com/books/software-deployment-recipes-microsoft/page/google-chrome-extension-management-windows "Google Chrome Extension Management (Windows)")

# Google Chrome Install Recipe (macOS)

## Description

Installation of Chrome or any app that simply goes in /Applications can be fairly simple to do with a Fileset, but if the application is presented as a PKG that does other things besides simply copying a file to /Applications, then this can be a good example of how to accomplish the install. Note that this Fileset also will download the latest Google Chrome at install time, so depending on your use case, this may not be a good solution. An alternative would be to put the PKG inside of the FileSet and use the same script to install it or make a PKG-based FileSet in FileWave. There are many roads to success. This example will show several features of Filesets for teaching purposes.

## Ingredients

- FW Central
- Chrome already as a Fileset (below)

[![FileWave Download.png](https://kb.filewave.com/uploads/images/gallery/2023-06/scaled-1680-/LhUDCHKqr6dGiaoG-filewave-download.png)](https://kb.filewave.com/attachments/176)

## Directions

1. Download the Chrome Fileset zip file, expand and drag the Fileset into FileWave &gt; Filesets
2. Create an Association between the Fileset and one or more macOS systems
3. See Chrome installed on them.

### What does this Fileset do?

The Fileset is entirely 2 scripts. If you highlight the Fileset in the Native Admin and pick the Scripts button in the toolbar you can edit the 2 scripts. The first is the Activation Script. This will create a directory in /private/tmp/ and download Chrome to it. It will install and then delete the installer from that folder. Because of the way this works you may want to make this script a little fancier with error handling, but the below works and is a good starting point. You will also see that it logs what it is doing to /Library/Libgs/GoogleCrhomeInstallScript.log so that you can review the date and time that events happened.

```bash
#!/bin/zsh

pkgfile="GoogleChrome.pkg"
logfile="/Library/Logs/GoogleChromeInstallScript.log"
url='https://dl.google.com/chrome/mac/stable/gcem/GoogleChrome.pkg'

/bin/echo "--" >> ${logfile}
/bin/echo "`date`: Downloading latest version." >> ${logfile}
mkdir /private/tmp/chrome_install/
/usr/bin/curl -s -o /private/tmp/chrome_install/${pkgfile} ${url}

/bin/echo "`date`: Installing..." >> ${logfile}
/usr/sbin/installer -pkg /private/tmp/chrome_install/GoogleChrome.pkg -target /

/bin/sleep 5

/bin/echo "`date`: Deleting package installer." >> ${logfile}
/bin/rm -rf /private/tmp/chrome_install

exit 0

```

Note that in these days of Intel vs. Apple Silicon you may want to add something to behave differently depending on which processor is present below is an easy way in scripting to do this;

```bash
if [[ $(uname -p) == 'arm' ]]; then
  echo M1
else
  echo Intel
fi

```

The second script is for when you remove the Association for the Fileset. It will kill Chrome if it is running and then delete it from /Applications. If you don’t want this behavior then just remove that script from the Fileset.

```bash
#!/bin/zsh

logfile="/Library/Logs/GoogleChromeInstallScript.log"

/bin/echo "--" >> ${logfile}
/bin/echo "`date`: Removing Google Chrome." >> ${logfile}

killall Google\ Chrome

rm -rf "/Applications/Google Chrome.app"

exit 0

```

For **Requirements**, I set it for macOS and only the most recent versions since (1) Anything below macOS 10.14.x is insecure to use, and (2) I don’t know that Chrome will work well on older macOS, but adjust this to your needs.

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/SguH5Id5DWh2TiTA-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/SguH5Id5DWh2TiTA-image.png)

For **Delete Files,** I have it purging the download files so that when the Fileset activates, the folder is clear every time.

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/gmg3akZP9ptsCTOQ-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/gmg3akZP9ptsCTOQ-image.png)

On the **Kiosk** tab, I set this to **Applications** and put a description in. Using a Kiosk Association is a great way to make an application installable by non-admins and they can even uninstall it if they aren’t using it any more.

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/bYHx2UrSRv9vWnH0-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/bYHx2UrSRv9vWnH0-image.png)

So with this example, you can see how you might create a scripted install of an application and handle uninstall of it as well. Keep in mind you don’t have to do this exactly as I did, and these concepts can be applied to other applications.

<p class="callout info">After installing Chrome, some configuration may be desirable, examples may include:  
\* Block auto updates  
\* Set home page  
\* Disable Welcome Page  
This article discusses configuration options: [Google Chrome Configuration Recipe](https://kb.filewave.com/books/software-deployment-recipes-macos/page/google-chrome-configuration-recipe-macos "Google Chrome Configuration recipe (macOS)")</p>

## Related Content

- [Google Chrome Configuration recipe (macOS)](https://kb.filewave.com/books/software-deployment-recipes-macos/page/google-chrome-configuration-recipe-macos "Google Chrome Configuration recipe (macOS)")
- [Google Chrome Extension Management (macos)](https://kb.filewave.com/books/software-deployment-recipes-macos/page/google-chrome-extension-management-macos "Google Chrome Extension Management (macos)")

# Homebrew Deployment (macOS Script)

## Description

<div class="color-fg-muted" id="bkmrk-homebrew%2C-or-also-kn"><div>Homebrew, or also known as simply Brew is the missing package manager for macOS (or Linux), Homebrew is able to install many tools that do not have another installer. Quite a lot of Linux based tools have a Homebrew install. This article will guide you through installing it using FileWave.</div></div><div class="d-md-flex flex-items-center mt-2" id="bkmrk-">  
</div>Actually, not just Brew, but we will also install:

- Apple Command Line Tools
- Brew
- Cask

## Ingredients

- FileWave Central
- Attached Fileset

<table class="align-left" id="bkmrk-macos-brew-fileset" style="border-collapse:collapse;width:23.7037%;border-width:1px;"><colgroup><col style="width:99.876543%;"></col></colgroup><tbody><tr><td style="border-width:1px;background-color:rgb(251,238,184);">**macOS Brew Fileset**</td></tr><tr><td style="border-width:1px;">[![FileWave Download.png](https://kb.filewave.com/uploads/images/gallery/2023-06/scaled-1680-/LhUDCHKqr6dGiaoG-filewave-download.png)](https://kb.filewave.com/attachments/54)</td></tr></tbody></table>

## Directions

1. Unzip the download and drag the Fileset into the FileWave Central &gt; Filesets view, into a Fileset group of choice.
2. Associate with a test device and Update Model
3. After all is well with the test, consider expanding this to a larger quantity of devices

### Activation Script

The Activation Script will choose a version of the possible Apple Command Line tools and proceed to download and instal those tools.

<p class="callout info">Apple Command Line tools are a requirement and will be installed first. </p>

<p class="callout success">The Activation Script will use the newest version of the Command Line tools found, when ran. It is possible to overrule this behaviour by supplying a desired version as a Launch Argument.</p>

##### Example:

To instal version 13.2 Command Line tools, select the Activation Script: 'instal\_apple\_cl.sh' from within the Fileset and from the 'Get Info' view, edit the Executable Launch Arguments, as below:

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-06/scaled-1680-/TqCkYK0PptBtyrgh-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-06/TqCkYK0PptBtyrgh-image.png)

<p class="callout danger">Software Updates may be large in size. This can slow down the installation as well as use high bandwidth. A 'Wait for' as 'Infinite' could easily be required.</p>

##### Post Activation Script

<p class="callout warning">The Fileset will attempt to instal Brew with the currently logged in user. If this current user does not have an ID greater than 500, the script will attempt to instal with an Admin user on the device. The script log should report the user that was configured for Brew. Consider altering the script if a different behaviour is desired.   
  
This user shall also be added to the macOS developer group.</p>

Below are the sections of script that defines the user and also adds that user to the development group:

```shell
current_user=$(stat -f%Su /dev/console)

# ....

# If user is below uid 500 should we abort or pick a user.  Picking an admin user for now
if [ $(id -u $current_user) -lt 501 ]
then
	echo "No 500 user.  Picking a local admin user"
	current_user=$(/usr/bin/dscl . -read /Groups/admin GroupMembership | awk '{print $NF}')
fi

echo "Configuring user ${current_user}..."

# Add them as a developer
is_developer=$(groups $current_user | awk '/ _developer / ')
if [ ! $is_developer ]
then
	echo "Adding user $current_user to _developer group"
	/usr/sbin/dseditgroup -o edit -a "$current_user" -t user _developer
fi
```

<p class="callout danger">Brew/Cask installations may also be large in size. The same considerations as the Activation Script would therefore also be likely. Additionally, the Fileset will double check there are no further updates and if so, those shall also be installed.</p>

### Uninstall

If you want to remove Brew, the best way is likely these scripted methods because you are probably just fixing a single machine when you remove Brew, but you could also use curl to fetch the `unisntall.sh` and put it in the Fileset if you want to uninstall when you remove the Association to the Fileset.

```
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/uninstall.sh)"
```

If you want to run the Homebrew uninstaller non-interactively, you can use:

```
NONINTERACTIVE=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/uninstall.sh)"
```

Download the uninstall script and run `/bin/bash uninstall.sh --help` to view more uninstall options.

# iBooks Author Deployment (macOS App)

## Description

Member of iTunes U? Need to get iBooks Author out to your staff? We can do that.

## Ingredients

- FW Central
- 10.7 (Lion) or higher
- iBooks Author.app already installed

## Directions

1. Log onto the FileWave server with FileWave Admin as an account that has permissions to create Filesets.
2. With FileWave Admin running, drag and drop the installed iBooks Author.app from the Application folder onto the FileWave Admin window while in the Filesets view is formost.
3. Now go to the Associations window to assign who gets the software.
4. Update the FileWave Server Model.

## Notes

Other comments and details

# Installomator - The one installer script to rule them all (macOS PKG)

## Description

This article delves into the application of [Installomator](https://github.com/Installomator/Installomator), a shell script, in combination with FileWave for the maintenance of macOS applications. Installomator supports the downloading and installation of over 450 different applications, operating directly from the vendor's public URLs. This approach is compared with the use of AutoPkg, a tool that provides more stringent control over versioning, testing, and release management.

Installomator can be a valuable tool when deploying the latest publicly available version of an application is the goal. It verifies the authenticity and validity of each download, though it's not a fully automated solution. For certain applications like Chrome, Zoom, and Microsoft Office, their update processes may be better managed via a config profile. Additionally, attention may be needed for built-in auto update prompts of other apps.

A key characteristic of Installomator is its handling of versioning. Instead of installing only when the downloaded version is newer, Installomator initiates installation if the version numbers differ. This is due to the complexities in determining which version number is higher. For instance, if Installomator downloads version 4 after a vendor has released version 5 due to a URL change, it will attempt to install version 4 because the version numbers differ.

## Ingredients

- FW Admin
- swiftDialog - [Deploying swiftDialog via FileWave (macOS PKG)](https://kb.filewave.com/books/software-deployment-recipes-macos/page/swiftdialog-deployment-macos-pkg "Deploying swiftDialog via FileWave (macOS PKG)")
- Installomator - [Releases · Installomator/Installomator (github.com)](https://github.com/Installomator/Installomator/releases)

## Directions

### Deploying Installomator on all your Macs

Installomator operates by taking a 'label' parameter representing the application to be installed. It generally only installs an application if the latest version is newer than the installed version, though exceptions exist, emphasizing the importance of thorough testing. It's deployed via a single FileWave Fileset, with numerous configuration options to improve user experience and system stability. These include user notifications upon completion, the closing of the app prior to installation, prompts before closing the app, and the ability to re-launch the app post-update if it was initially open. Installomator does not interact with App Store applications except to replace them with non-App Store versions if desired. See [Configuration Options](#bkmrk-configuration-option) further down for how to customize the operation of the script.

### Installing Installomator

1. Download the PKG for [SwiftDialog](https://kb.filewave.com/books/software-deployment-recipes-macos/page/swiftdialog-deployment-macos-pkg "Deploying swiftDialog via FileWave (macOS PKG)") and install the PKG as a FileSet.
2. Download the PKG for Installomator from [Releases · Installomator/Installomator (github.com)](https://github.com/Installomator/Installomator/releases) install the PKG as a FileSet. This will place the script file to `/usr/local/Installomator/Installomator.sh`

<p class="callout success">PKG Filesets are easy to make. You can start by dragging and dropping the PKG on the Filesets window in FileWave Central or use our example here: [PKG - Installomator.fileset.zip](https://kb.filewave.com/attachments/216)</p>

### Identifying an App to install

Run Installomator by itself in Terminal and get the full list of apps it can install:

```shell
/usr/local/Installomator/Installomator.sh
```

This is the output of that command:

[![jlevitsk — -zsh — 81×22 2023-07-22 at 12.45.48 PM.jpg](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/jZvwh18Lv00K4mlZ-jlevitsk-zsh-8122-2023-07-22-at-12-45-48-pm.jpg)](https://kb.filewave.com/uploads/images/gallery/2023-07/jZvwh18Lv00K4mlZ-jlevitsk-zsh-8122-2023-07-22-at-12-45-48-pm.jpg)

Or run Installomator in Terminal with grep to filter the results:

```shell
/usr/local/Installomator/Installomator.sh | grep -i bbedit
```

This is the output of that command:

[![jlevitsk — -zsh — 88×8 2023-07-22 at 12.48.33 PM.jpg](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/1JEiTQHtSCJ3iCD7-jlevitsk-zsh-888-2023-07-22-at-12-48-33-pm.jpg)](https://kb.filewave.com/uploads/images/gallery/2023-07/1JEiTQHtSCJ3iCD7-jlevitsk-zsh-888-2023-07-22-at-12-48-33-pm.jpg)

### Installing an App

At this point you have installed both [swiftDialog](https://kb.filewave.com/books/software-deployment-recipes-macos/page/swiftdialog-deployment-macos-pkg "Deploying swiftDialog via FileWave (macOS PKG)") and Installomator. For the next steps here is an example [BBEdit - Installomator.fileset.zip](https://kb.filewave.com/attachments/200) to look at while you follow along.

The BBEdit example is a very simple Fileset containing 3 scripts, and that's all.

<table id="bkmrk-the-scripts-are-fair" style="border-collapse:collapse;width:100%;"><colgroup><col style="width:55.3787%;"></col><col style="width:44.6213%;"></col></colgroup><tbody><tr><td>The scripts are fairly simple and listed below:

##### check\_installomator.sh 

```shell
#!/bin/zsh
# Checks every 2 minutes for Installomator to be present. 
# Add the contents of your script below:

if [ -f "/usr/local/Installomator/Installomator.sh" ]; then
	exit 0
else
	echo "Could not find Installomator"
	exit 1
fi
```

##### install.sh

```shell
#!/bin/zsh
# Remember to change the properties for both install.sh and verify.sh
# to have the right app label since it is passed to the script from properties. 

/usr/local/Installomator/Installomator.sh $1 NOTIFY_DIALOG=1 NOTIFY=success LOGO=/usr/local/sbin/FileWave.app/Contents/Resources/fwGUI.app/Contents/Resources/kiosk.icns

```

##### verify.sh

```shell
#!/bin/zsh
# Remember to change the properties for both install.sh and verify.sh
# to have the right app label since it is passed to the script from properties. 

/usr/local/Installomator/Installomator.sh $1 NOTIFY_DIALOG=1 NOTIFY=success LOGO=/usr/local/sbin/FileWave.app/Contents/Resources/fwGUI.app/Contents/Resources/kiosk.icns

```

In our example both `install.sh` and `verify.sh` are identical but they don't have to be depending on your needs.

</td><td class="align-right" style="vertical-align:top;">![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/5hdwUuMZR6T2jDKT-image.png)

![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/WOrFqGi867uz03Zt-image.png)

</td></tr></tbody></table>

So now you may be wondering about where "`bbedit`" is since that label is the label we want to use? Highlight the BBEdit Fileset in your admin console and click the Scripts button in the toolbar. Now right click on `install.sh` and pick Properties. The dialog will look like the one here. You'll want to change `bbedit` to whatever app you want this to install. Do the same exact thing for `verify.sh`.

### Configuration Options

In our example, we pass the LOGO parameter to the script. This action assigns a FileWave logo to the script, derived from the FileWave Kiosk icon file located on a device with FileWave installed. You can also pass additional parameters to further refine Installomator's behavior. This is covered in greater detail at the following link: [Configuration and Variables · Installomator/Installomator Wiki (github.com)](https://github.com/Installomator/Installomator/wiki/Configuration-and-Variables) One setting you may want to change is NOTIFY=success to be NOTIFY=all if you are using Kiosk to allow someone to install apps.

### What it looks like

To install an app this way you simply [Associate](https://kb.filewave.com/books/filesets-payloads/page/using-associations-with-filesets "Using Associations with Filesets") the [swiftDialog](https://kb.filewave.com/books/software-deployment-recipes-macos/page/swiftdialog-deployment-macos-pkg "Deploying swiftDialog via FileWave (macOS PKG)") Fileset, Installomator Fileset, and [BBEdit - Installomator.fileset.zip](https://kb.filewave.com/attachments/200) Filesets and you should see it install.

<p class="callout warning">Be careful as some apps/labels may install even if the app is already on the latest version</p>

Depending on what dialogs you have enabled you may show status messages like the below. We recommend not editing the Installomator script itself but rather pass the options as parameters in your Filesets.

[![Using_Installomator_to_support_3rd_party_apps_-_Mac (2).pdf 2023-07-22 at 1.25.57 PM.jpg](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/0P4NjHfL4nAOB966-using-installomator-to-support-3rd-party-apps-mac-2-pdf-2023-07-22-at-1-25-57-pm.jpg)](https://kb.filewave.com/uploads/images/gallery/2023-07/0P4NjHfL4nAOB966-using-installomator-to-support-3rd-party-apps-mac-2-pdf-2023-07-22-at-1-25-57-pm.jpg)

[![Using_Installomator_to_support_3rd_party_apps_-_Mac (2).pdf 2023-07-22 at 1.27.01 PM.jpg](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/Cy5CRZP3QVmKgC6x-using-installomator-to-support-3rd-party-apps-mac-2-pdf-2023-07-22-at-1-27-01-pm.jpg)](https://kb.filewave.com/uploads/images/gallery/2023-07/Cy5CRZP3QVmKgC6x-using-installomator-to-support-3rd-party-apps-mac-2-pdf-2023-07-22-at-1-27-01-pm.jpg)

You should now be able to deploy anything that Installomator supports. Just remember that this tool is designed to always keep things up to date which can be a good or bad thing for you depending on your use case.

## Troubleshooting

You will be able to see what the Fileset is doing by leveraging the [Fileset logs](https://kb.filewave.com/books/filewave-general-info/page/filewave-log-file-locations "FileWave Log File Locations"). All 3 of the scripts will log to `/var/log/fwcld/<fileset_id>`where &lt;fileset\_id&gt; is the same as the ID you see in FileWave for the Fileset.

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/1KqJVXcZ1u7MXjlJ-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/1KqJVXcZ1u7MXjlJ-image.png)

You may also be able to use FileWave Central to right click on the log and view it, but the log on the machine when testing is most simple and will exist 100% of the time.

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/eapUynzlMO3PTUFL-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/eapUynzlMO3PTUFL-image.png)

## Related Links

- [Installomator GitHub](https://github.com/Installomator/Installomator) - Installomator official GitHub page
- [Deploying swiftDialog via FileWave (macOS PKG)](https://kb.filewave.com/books/software-deployment-recipes-macos/page/swiftdialog-deployment-macos-pkg "Deploying swiftDialog via FileWave (macOS PKG)")
- [AutoPkgr with FileWave](https://kb.filewave.com/books/integrations/page/using-autopkgr-with-filewave-for-advanced-macos-software-deployment "AutoPkgr with FileWave") - Information on the AutoPkg tool
- Training Day 2022 Presentation - [Using\_Installomator\_to\_support\_3rd\_party\_apps\_-\_Mac.pdf](https://kb.filewave.com/attachments/195)

## Digging Deeper

The choice between Installomator and AutoPkg ultimately hinges on your administrative preferences and needs. Installomator, with its ability to streamline the download and installation of different versions of applications, serves as a viable option when the goal is to deploy the latest publicly available versions. However, it requires careful management, especially considering its approach to version comparison and updates. On the other hand, AutoPkg presents a viable alternative for those seeking a more tightly controlled release process, offering thorough testing, versioning, and release management.

# Lightspeed Smart Agent Deployment (macOS 2023)

#### Description

Need to deploy Lightspeed Smart Agent along with your configurations. FileWave has got you covered in this step-by-step guide to creating the required Filesets to deploy to your macOS devices. Be sure that you have access to your administrative account on [relay.school.com](http://relay.school.com).

<p class="callout warning">If you are using the new method with Lightspeed Certificate Manager please review:  
[Lightspeed Smart Agent Deployment (macOS v2.3.1+ using Certificate Manager)](https://kb.filewave.com/books/software-deployment-recipes-macos/page/lightspeed-smart-agent-deployment-macos-v231-using-certificate-manager "Lightspeed Smart Agent Deployment (macOS v2.3.1+ using Certificate Manager)")</p>

#### Ingredients

- FileWave Central
- Lightspeed Smart Agent DMG installer
- Lightspeed Smart Agent PKG installer
- Lightspeed mac deploy script
- Lightspeed install script
- Lightspeed certificate

<p class="callout warning">**Web Content Filter** - In creating a Web Content Filter within FileWave Central it changes the UDID and is unsuccessful in deployment. The issue can be resolved by re-creating the Web Content Filter in FileWave Anywhere as a workaround. The issue should be resolved in the next release. See [Known Issues](https://kb.filewave.com/books/downloads/page/filewave-known-issues "FileWave Known Issues")</p>

#### Download Lightspeed Relay Filter Agent

1. Login to your Lightspeed Filter account at [relay.school.com](http://relay.school.com)
    
    
    1. Navigate to Settings &gt; Software
    2. Choose Lightspeed Filter
    3. Select the Mac tab
    4. Select the version of the Relay Filter Agent by clicking on the download icon
    5. Place the downloaded SmartAgent.dmg into your Downloads Folder

#### Download the macOS deploy script

1. Download the mac\_deploy.sh script, found here: [mac\_deploy.sh](https://kb.filewave.com/attachments/40)
2. Place the downloaded mac\_deploy.sh script into your Downloads
3. Unzip the downloaded mac\_deploy.sh script
4. Open Terminal to run the script
    
    ```
    # enter as root
    $ sudo -s
    # nagivate to your Downloads folder
    $ cd ~/Downloads
    # run the script to create three files on the Desktop
    $ ./mac_deploy.sh
    ```
5. Once the script has been executed, it has created three files on your Desktop; ca.cer, deploymont.zip and SmartAgent.pkg

**Note**: Be sure both SmartAgent.dmg and mac\_deploy.sh are in the same directory, i.e. Downloads folder for the mac\_deploy script to successfully create the deployment files and certificate.

#### Create the Configuration Profile

1. Open FileWave Central or FileWave Anywhere
2. Navigate to Filesets &gt; Select New Desktop Fileset &gt; Click on Profile
3. Enter the name of the Profile: General &gt; Name: Lightspeed Agent Profile
    
    ![FileWaveLightspeed1.png](https://kb.filewave.com/uploads/images/gallery/2023-06/ns0RhCsQBwOqTM9f-filewavelightspeed1.png)
4. Select Certificates payload to add your ca.cer certificate
    
    ![FileWaveLightspeed2.png](https://kb.filewave.com/uploads/images/gallery/2023-06/QYb1qsXQGlSSsCCz-filewavelightspeed2.png)
5. Navigate to System Extension Policy payload, add and enter in the following:
    
    
    1. Click + to add Allowed Team Identifiers:  
        **Team Identifier:** *ZAGTUU2342*
    2. Click + to add Allowed System Extensions:
        
        **1st Allowed System Extensions:** *com.lightspeedsystems.network-agent*
        
        Enter add 2nd Allowed System Extensions with comma after 1st Allowed System Extensions
        
        **2nd Allowed System Extensions:** *com.lightspeedsystems.network-agent.network-extension*
    3. Click + to add Allowed System Extension Types and check box for Network:
        
        **Team Identifier:** *ZAGTUU2342*
        
        ![FileWaveLightspeed3.png](https://kb.filewave.com/uploads/images/gallery/2023-06/G03gS8hjOCndqA1T-filewavelightspeed3.png)
6. Navigate to Web Content Filter and enter in the following:
    
    
    1. **Filter Name:** *Lightspeed Agent*
    2. **Identifier:** *com.lightspeedsystems.network-agent*
    3. **Filter Options:** *Socket Traffic Only*
    4. **Socket Filter Bundle Identifier:** *com.lightspeedsystems.network-agent.network-extension*
    5. **Socket Filter Designated Requirement:** *anchor apple generic and identifier "com.lightspeedsystems.network-agent.network-extension" and (certificate leaf\[field.1.2.840.113635.100.6.1.9\] /\* exists / or certificate 1\[field.1.2.840.113635.100.6.2.6\] / exists / and certificate leaf\[field.1.2.840.113635.100.6.1.13\] / exists \*/ and certificate leaf\[subject.OU\] = ZAGTUU2342)*
        
        ![FileWaveLightspeed4.png](https://kb.filewave.com/uploads/images/gallery/2023-06/J8Q8x9PlraioqaEi-filewavelightspeed4.png)
7. The completed configuration profile will have three payloads; these include: Certificates, System Extension Policy and Web Content Filter
    
    ![FileWaveLightspeed5.png](https://kb.filewave.com/uploads/images/gallery/2023-06/SgI2EzDGxn11h9le-filewavelightspeed5.png)

#### Editing the Install script

1. Download and unzip the Install script, found here: [install\_lightspeed.sh](https://kb.filewave.com/attachments/41)
2. Open the install.sh in TextEdit or compatible Text Editor, for example Sublime Text
3. Enter in your URL to the hosted file in line 3 of the Install Script; between the quotes, where it says, “Your FQHN HERE to the deployment.zip”
    
    ![FileWaveLightspeed6.png](https://kb.filewave.com/uploads/images/gallery/2023-06/dp7ffpPate6gDkVI-filewavelightspeed6.png)
4. Save the changes to the install.sh script

<p class="callout warning">**Note**: The deployment.zip file created on the desktop must be hosted for the deployment to succeed. (This can be accomplished with Google Drive (may use [Google Drive Direct Link Generator](https://sites.google.com/site/gdocs2direct/)), Microsoft OneDrive, Amazon S3, etc.) Be sure the deployment.zip file is accessible for the install.sh script to downloaded successfully, otherwise this will not complete the installation of the Lightspeed Filter.</p>

#### Import the Smart Agent PKG

1. Navigate to Filesets &gt; Create New Desktop Fileset &gt; Select MSI / PKG
2. Navigate to your downloaded SmartAgent.pkg to upload into the Fileset
3. Please wait a few moments for the PKG installer to upload into your FileWave server
    
    ![FileWaveLightspeed13.png](https://kb.filewave.com/uploads/images/gallery/2023-06/pp4LDTVRSVenxwRd-filewavelightspeed13.png)
4. After successfully uploading, highlight the Fileset &gt; Select Properties
5. Under the Requirements tab, check the box Platform and check macOS only, then under System Version and checkboxes only for macOS 12.x and 13.x
    
    ![FileWaveLightspeed14.png](https://kb.filewave.com/uploads/images/gallery/2023-06/NCz6kTTLtQelv1qX-filewavelightspeed14.png)
6. Click OK to save

<p class="callout info">**Note**: If all of your devices are not on macOS 12 or greater, you will want to set the **Requirements** for the Fileset for macOS 12 and above</p>

#### Editing the Smart Agent PKG Fileset

1. Highlight the newly created Fileset with your Smart Agent PKG
2. Click on Script in the menu to open Script dialogue window
3. Highlight **Requirement Scripts** and click on the Create button[![LightspeedSmartAgentPKG.png](https://kb.filewave.com/uploads/images/gallery/2023-07/rbbFX2oF4BlTEr1L-lightspeedsmartagentpkg.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/bhpW20C2AcqGB1LC-lightspeedsmartagentpkg.png)
4. Label script, check\_LS.sh
5. Copy and paste the entire check profile script below:  
      
    ```
    #!/bin/zsh
    
    found_profile=""
    
    while [ $# -gt 0 ]
    do
    	found_profile=$(profiles list all | awk -v search=$1  '$0 ~ search {print $NF}')
    	if [ ! -z $found_profile ]
    	then
    		echo "Found installed profile: $found_profile"
    		exit 0
    	else
    		echo "Did not find $1" 
    	fi
    	shift
    done
     
    exit 1
    ```
6. Click OK to save the script
7. Highlight the check\_LS.sh and right-click to select **Properties  
      
    [![LightspeedSmartAgentPKG2.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/jPmy0N16EBdwoasp-lightspeedsmartagentpkg2.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/jPmy0N16EBdwoasp-lightspeedsmartagentpkg2.png)**
8. Select the Executable tab, under the **Launch Arguments** tab, click on the + button to add your Lightspeed Agent Profile’s Identifier (found by double-clicking on your Lightspeed Agent Profile)[![LightspeedSmartAgentPKG3.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/DGgbyCprBDdXOIqp-lightspeedsmartagentpkg3.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/DGgbyCprBDdXOIqp-lightspeedsmartagentpkg3.png)
9. Click OK to Apply to save changes
10. Close out Properties of the Requirement Script
11. Click OK to save changes to Smart Agent PKG Fileset

#### Creating the Installation Fileset

1. Navigate to Filesets &gt; Create New Desktop Fileset &gt; Empty Fileset &gt; label Lightspeed Install Script
2. Click on Script in the menu to open the Script dialogue window
3. Highlight **Activation Scripts** and click on the Create button
    
    ![FileWaveLightspeedScript2.png](https://kb.filewave.com/uploads/images/gallery/2023-06/8ym4oNdTXPHIJSoR-filewavelightspeedscript2.png)
4. Label script, install\_lightspeed.sh
5. Copy and paste the entire install.sh script that you saved your URL to hosted file from previous step on Editing the Install Script.  
    [![FileWaveLightspeedScript3.png](https://kb.filewave.com/uploads/images/gallery/2023-06/YFFvvYojzlQPabqO-filewavelightspeedscript3.png)](https://kb.filewave.com/uploads/images/gallery/2023-06/YFFvvYojzlQPabqO-filewavelightspeedscript3.png)

11. Click OK to save script
12. Highlight **Requirement Scripts** and click on Create button
13. Label script, check\_LS\_profile.sh
14. Copy and paste the entire check profile script below:

```
#!/bin/zsh

found_profile=""

while [ $# -gt 0 ]
do
	found_profile=$(profiles list all | awk -v search=$1  '$0 ~ search {print $NF}')
	if [ ! -z $found_profile ]
	then
		echo "Found installed profile: $found_profile"
		exit 0
	else
		echo "Did not find $1" 
	fi
	shift
done
 
exit 1
```

15. Click OK to save the script
16. Highlight the check\_LS\_profile.sh and right-click to select **Properties  
      
    [![FileWaveLightspeed10.png](https://kb.filewave.com/uploads/images/gallery/2023-06/scaled-1680-/oepVawdpUa7GbWuK-filewavelightspeed10.png)](https://kb.filewave.com/uploads/images/gallery/2023-06/oepVawdpUa7GbWuK-filewavelightspeed10.png)**

17. Select the Executable tab, under the **Launch Arguments** tab, click on the + button to add your Lightspeed Agent Profile’s Identifier (found by double-clicking on your Lightspeed Agent Profile)  
    [![FileWaveLightspeed11.png](https://kb.filewave.com/uploads/images/gallery/2023-06/scaled-1680-/cHdwmEfJh93FQZuV-filewavelightspeed11.png)](https://kb.filewave.com/uploads/images/gallery/2023-06/cHdwmEfJh93FQZuV-filewavelightspeed11.png)

18. Click Apply to save changes
19. Close out Properties of the Requirement Script
20. Click OK to save changes to Lightspeed Installation Fileset

<p class="callout warning">**Note**: This Requirement scripts verifies that the Lightspeed Agent Profile is installed successfully BEFORE running the installation of Lightspeed.  
</p>

When all completed, the Fileset contents will include your Smart Agent PKG, Lightspeed Install and Profile.![LightspeedSmartAgentPKG4.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/559ERnrKYmgIBgeq-lightspeedsmartagentpkg4.png)

[![LightspeedInstallationFileset.png](https://kb.filewave.com/uploads/images/gallery/2023-07/r9UZpmVFU5buQmf7-lightspeedinstallationfileset.png)](https://kb.filewave.com/uploads/images/gallery/2023-06/pzHCdACgHODDTYWu-filewavelightspeed16.png)

#### Creating Fileset Group for your Lightspeed Filter Agent Filesets

Keeping your Filesets organized is good practice, especially if there are multiple Filesets for software deployment. You may create a New Fileset Group, label it Lightspeed Filter Agent (macOS 2023), and move all the Filesets you created into that Fileset Group. Then you may associate the Fileset Group labeled Lightspeed Filter Agent (macOS 2023) to your devices versus individual Filesets.

![LightspeedDeployment.png](https://kb.filewave.com/uploads/images/gallery/2023-07/P7s7eRJcbicrQhgq-lightspeeddeployment.png)

Once all the Filesets and Profile have been created, you may associate the Fileset Group labeled Lightspeed Filter Agent macOS 2023 to a few devices as a test. This is to verify and confirm that the filter is installed and filtering properly based on your configurations. For best practice, always test a few devices before mass deployment.

#### Lightspeed Smart Filter Deployment (iOS 2023)

Needing to deploy Lightspeed for iOS devices? Review the KB article here: [Lightspeed Smart Filter Deployment (iOS 2023)](https://kb.filewave.com/books/software-deployment-recipes-iosipados/page/lightspeed-smart-filter-deployment-ios "Lightspeed Smart Filter Deployment (iOS 2023)").

#### Lightspeed Smart Filter Deployment (macOS v2.3.1+ using Certificate Manager)

Needing to deploy Lightspeed for macOS using Certificate Manager? Review the KB article here: [Lightspeed Smart Filter Deployment using Certificate Manager](https://kb.filewave.com/books/software-deployment-recipes-macos/page/lightspeed-smart-agent-deployment-macos-v231-using-certificate-manager).

# Lightspeed Smart Agent Deployment (macOS v2.3.1+ using Certificate Manager)

## Description

Need to deploy the latest version of Lightspeed Smart Agent version 2.3.1 along with your configurations. FileWave has got you covered in this step-by-step guide to creating the required Filesets to deploy to your macOS devices. Be sure that you have access to your administrative account in Lightspeed Filter app.

<p class="callout warning">This KB article involves using the new Lightspeed Certificate Manager method. If using the version below v2.3.1 please review KB article here: [Lightspeed Smart Agent Deployment (macOS 2023)](https://kb.filewave.com/books/software-deployment-recipes-macos/page/lightspeed-smart-agent-deployment-macos-2023 "Lightspeed Smart Agent Deployment (macOS 2023)")</p>

The new method involves using LightSpeed Certificate Manager. Certificate Manager leverages a cloud-based system to generate and monitor certificates and expiration, automatically pushing new certificate files to devices in the background (without disruption!) to ensure they always are current. In addition, Lightspeed is also leveraging root certificates for the trusting process, meaning that instead of repeatedly needing to re-trust the certificates every time they update - you now only need to trust the first time.

<p class="callout warning">Note: You must use the MacOS Filter Agent 2.3.1+ to use Certificate Manager</p>

## Ingredients

- FileWave Central
- Lightspeed Relay Filter Agent PKG installer (version 2.3.1)
- Lightspeed Root Certificate
- Supplied Fileset and Profile

<p class="callout warning">**Web Content Filter** - A bug (<span class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak" dir="ltr">FW-12629)</span> exists which prevents the Filter Order being set. </p>

### Download Lightspeed Relay Filter Agent for macOS

1. Login to your Lightspeed Filter account
    
    
    1. Navigate to Settings &gt; Software
    2. Choose Lightspeed Filter
    3. Select the Mac tab
    4. Select the version of the Relay Filter Agent by clicking on the download icon
    5. Place the downloaded Relay Filter Agent PKG into your Downloads Folder

[![LightSpeedmacOSFilter.png](https://kb.filewave.com/uploads/images/gallery/2024-02/scaled-1680-/elgZW8xlqDAHfW9n-lightspeedmacosfilter.png)](https://kb.filewave.com/uploads/images/gallery/2024-02/elgZW8xlqDAHfW9n-lightspeedmacosfilter.png)

### Generating the Certificate using Certificate Manager

1. Navigate to your Settings &gt; Certificates within Lightspeed Filter account
2. Click Set Up to generate the certificate
3. Label your Organization name and enter in your number of active days for your certificate
4. Click Save to continue
5. Allow several minutes for the Certificate Manager to generate
6. Click to download and confirm trust certificate
7. Do not proceed with checking the two Acknowledgements boxes, until the certificate, content filter AND agent have been installed on your devices

<p class="callout warning">Lightspeed has noted the importance of order of operations; until you have downloaded and trusted the certificate AND installed the agent on your devices, then you may proceed to complete the two Acknowledgement boxes in the macOS Certificate Confirmation step.</p>

### Filesets

#### Fileset Group

Create a Fileset Group to hold the Filesets to be included. At the end it will look something like the below image.

[![LSAgentv2.3.1+Group.png](https://kb.filewave.com/uploads/images/gallery/2024-06/lmDTf8yEKQTt3FhC-lsagentv2-3-1group.png)](https://kb.filewave.com/uploads/images/gallery/2024-02/lAEszNdwS8mlfF1H-image.png)

#### Configuration Profiles

##### Network Settings

The profile contains 2 payloads: System Extension Policy and Web Content Filter.

<details id="bkmrk-system-extension-cli"><summary>System Extension Policy</summary>

1. Click + to add Allowed Team Identifiers:  
    **Team Identifier:** *ZAGTUU2342*
2. Click + to add Allowed System Extensions:
    
    **1st Allowed System Extensions:** *com.lightspeedsystems.network-agent*
    
    Enter add 2nd Allowed System Extensions with a comma after the 1st Allowed System Extensions
    
    **2nd Allowed System Extensions:** *com.lightspeedsystems.network-agent.network-extension*
3. Click + to add Allowed System Extension Types and check box for Network:
    
    **Team Identifier:** *ZAGTUU2342*

*[![Screenshot 2024-05-20 at 2.47.24 PM.png](https://kb.filewave.com/uploads/images/gallery/2024-05/scaled-1680-/8hvkUXdHhClYs5Uy-screenshot-2024-05-20-at-2-47-24-pm.png)](https://kb.filewave.com/uploads/images/gallery/2024-05/8hvkUXdHhClYs5Uy-screenshot-2024-05-20-at-2-47-24-pm.png)*

</details><details id="bkmrk-network-web-content-"><summary>Web Content Filter</summary>

1. **Filter Name:** *Lightspeed Agent*
2. **Identifier:** *com.lightspeedsystems.network-agent*
3. **Filter Order:** Firewall (currently unable to be set as of FileWave 15.3.1)
4. **Socket Filter Bundle Identifier:** *com.lightspeedsystems.network-agent.network-extension*
5. **Socket Filter Designated Requirement:** *anchor apple generic and identifier "com.lightspeedsystems.network-agent.network-extension" and (certificate leaf\[field.1.2.840.113635.100.6.1.9\] /\* exists / or certificate 1\[field.1.2.840.113635.100.6.2.6\] / exists / and certificate leaf\[field.1.2.840.113635.100.6.1.13\] / exists \*/ and certificate leaf\[subject.OU\] = ZAGTUU2342)*
6. **Username/Password:** Sometimes the Username and Password fields are ‘included” automatically. Do not include them.  
    [![Screenshot 2024-05-20 at 2.53.42 PM.png](https://kb.filewave.com/uploads/images/gallery/2024-05/scaled-1680-/WSg8Y3JvGmAnL5e8-screenshot-2024-05-20-at-2-53-42-pm.png)](https://kb.filewave.com/uploads/images/gallery/2024-05/WSg8Y3JvGmAnL5e8-screenshot-2024-05-20-at-2-53-42-pm.png)

</details><p class="callout warning">**Web Content Filter** - A bug (<span class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak" dir="ltr">FW-12629)</span> exists which prevents the Filter Order being set. </p>

##### Certificate Payload

1. Create a new Profile within the Fileset Group folder
2. Select Certificates and Configure
3. Upload the above generated certificate into this Profile

#### ![FileWaveLightspeed2.png](https://kb.filewave.com/uploads/images/gallery/2023-06/QYb1qsXQGlSSsCCz-filewavelightspeed2.png)

### Lightspeed Agent Installer

The provided Fileset includes a script to instal the above downloaded PKG file.

[Lightspeed Agent Installer v2.3.1+.fileset.zip](https://kb.filewave.com/attachments/371)

1. Drag the Fileset into the FileWave Central Fileset Group Folder created above.
2. Edit the Fileset
3. Place the downloaded SmartAgent.pkg file into the same location as the .placeholder file
4. The .placeholder file may be deleted

[![image.png](https://kb.filewave.com/uploads/images/gallery/2024-02/scaled-1680-/0xcWWGAMVZL0mYhl-image.png)](https://kb.filewave.com/uploads/images/gallery/2024-02/0xcWWGAMVZL0mYhl-image.png)

<p class="callout warning">The name of the PKG is important. The installation script is expecting a file called SmartAgent.pkg. Rename if required.</p>

<p class="callout warning">The check\_for\_profile.sh script ensures the Profile is installed before the PKG. This script relies upon the Profile ID of the supplied Profile.  
</p>

<p class="callout warning">The Fileset has a Reboot setting configured to allow the Filter Network Content applied.</p>

### Assignment

Assign the Fileset Group, either as a Deployment or an Association with one or more test devices. Once satisfied, consider assigning to all required devices.

<p class="callout success">Once that you have installed the agent and trusted the root certificate on your devices, go back to your Lightspeed Account and navigate to Settings &gt; Certificates. Check the two acknowledgement boxes and click Save.</p>

### Requirement Script to check your Profile Identifier

The Fileset Script is designed to check for the presence of Profiles prior to installing the PKG. The provided Profile ID is already of consideration, however the newly generated Certificate Profile cannot be, since the ID cannot be known in advance. Both Profiles should instal at the same time, it is therefore arguably not required to be included in this consideration. However, for completeness, the Generated ID of the Certificate Profile could also be added.

#### Bundle ID

First, the Bundle ID of the newly created Profile needs to be copied.

1. Open the Certificate Profile
2. Highlight the Bundle ID and choose to copy

[![image.png](https://kb.filewave.com/uploads/images/gallery/2024-02/scaled-1680-/lpq4pDdWI3tzvhi6-image.png)](https://kb.filewave.com/uploads/images/gallery/2024-02/lpq4pDdWI3tzvhi6-image.png)

#### Script Info

1. Open the Lightspeed Agent Installer Fileset
2. Select the 'check\_for\_profile.sh' and choose Get Info
3. Select the Executable tab
4. Add a Launch Argument and paste or replace the current Launch Arguments with your copied Bundle ID

[![image.png](https://kb.filewave.com/uploads/images/gallery/2024-02/scaled-1680-/UhXNPclDhFs4E7bs-image.png)](https://kb.filewave.com/uploads/images/gallery/2024-02/UhXNPclDhFs4E7bs-image.png)

### Uninstall Fileset

The Fileset to uninstall Lightspeed Smart Agent v2.3.1+ from of your macOS devices. Included in the Fileset is a script that will execute and remove the LS Smart Agent. Please note this script only removes the Smart Agent, it does not remove the LS certificate or log files from the agent.

[LightSpeed Agent Uninstaller v2.3.1+.fileset.zip](https://kb.filewave.com/attachments/372)

You may download and import into FileWave. You may then create a Fileset Group and include the LightSpeed Agent Uninstaller.

[![LSAgentv2.3.1+Group.png](https://kb.filewave.com/uploads/images/gallery/2024-06/scaled-1680-/lmDTf8yEKQTt3FhC-lsagentv2-3-1group.png)](https://kb.filewave.com/uploads/images/gallery/2024-06/lmDTf8yEKQTt3FhC-lsagentv2-3-1group.png)

### Related Content

Needing to deploy Lightspeed for iOS devices? Review the KB article here: [Lightspeed Smart Filter Deployment (iOS 2023)](https://kb.filewave.com/books/software-deployment-recipes-iosipados/page/lightspeed-smart-filter-deployment-ios "Lightspeed Smart Filter Deployment (iOS 2023)").

Needing to deploy Lightspeed for non-Certificate Manager? Review the KB article here: [Lightspeed Smart Filter Deployment (macOS 2023)](https://kb.filewave.com/books/software-deployment-recipes-macos/page/lightspeed-smart-agent-deployment-macos-2023 "Lightspeed Smart Agent Deployment (macOS)")

# Microsoft Defender Recipe (macOS)

## Description

Example recipe for deploying Microsoft Defender.

## Ingredients

The list is actually quite extensive, due to the necessary payloads:

- Microsoft Defender PKG
- Deployment Script: MicrosoftDefenderATPOnboardingMacOs.sh
- Below provided Fileset
- Profiles for: 
    - Web Content Filter
    - TCC allowances
    - Notifications
    - Data Acceptance &amp; Autoupdater
    - System and Kernel Extensions

##### Downloads:

- [Microsoft Defender Installer/Uninstaller Filesets](https://kb.filewave.com/attachments/256)
- [Microsoft Defender Profiles](https://kb.filewave.com/attachments/254)

<p class="callout info">See below directions for deployment before associating with devices.</p>

Microsoft Defender PKG and deployment script are available through the M365 Defender portal; [details in the Microsoft Deployment KB](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-install-manually?view=o365-worldwide):

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-09/scaled-1680-/zvXWoRHqAgNz3XLE-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-09/zvXWoRHqAgNz3XLE-image.png)

<p class="callout info">The 'MicrosoftDefenderATPOnboardingMacOs.sh' is built by Microsoft with the appropriate licence code embedded into the script, such that the download is personal to the logged in account, when downloading.</p>

```
               <key>OrgId</key>
                <string>[licence code here]</string>
```

The 'OnboardingInfo' key also has this code burnt into its value.

## Directions

Download all of the above provided Filesets. Note the Kernel Extension should only be required for legacy devices.

### Fileset Group

Create a Fileset Group in which to add each of these.

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-09/scaled-1680-/eiTnAPGnDsuElwEU-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-09/eiTnAPGnDsuElwEU-image.png)

<p class="callout info">Profiles should be installed firsts. The Installer Fileset has a requirement script to ensure Profiles are installed, before commencing with download and activation of the Installer.</p>

<p class="callout warning">The requirement script is designed to confirm ALL profiles are installed in advance, with the exception of the Kernel Extension, since this is legacy. The Profile ID of the Kernel Extension may be added to the list within the Fileset. If this is requirement, but are unsure how to approach this, just ask in either the Discord, Alliance or Slack FileWave forums. Links available through the 'Resources' of the [FileWave Website](https://www.filewave.com).</p>

### Installer: 'wdav.pkg'

The 'Microsoft Defender Installer macOS' Fileset requires the downloaded PKG. Open the Fileset and drag the PKG into the same location as the '.placeholder' file; this placeholder file may be deleted.

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-09/scaled-1680-/fhYqrs8eIAwsCHuN-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-09/fhYqrs8eIAwsCHuN-image.png)

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-09/scaled-1680-/UhEvctPT15dqF1sD-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-09/UhEvctPT15dqF1sD-image.png)

### Script: MicrosoftDefenderATPOnboardingMacOs.sh

Edit the text of the provided 'MicrosoftDefenderATPOnboardingMacOs.sh' file within the Fileset and paste in a copy of the script contents downloaded from Microsoft:

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-09/scaled-1680-/CbtJ35rPG7HtAkWX-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-09/CbtJ35rPG7HtAkWX-image.png)

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-09/scaled-1680-/ovCgw0evCe4FVUi2-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-09/ovCgw0evCe4FVUi2-image.png)

### Profile Payload Values

The Profiles to manage the AutoUpdater and Notifications are configured with default values, consider confirming an internal desired process and adjust to match.

<p class="callout info">The 'AcknowledgedDataCollectionPolicy' key prevents a user notification pop-up from showing. Recommendation is to leave this value as set.</p>

All other profile payload values should be correct at the time of writing, however, Microsoft may make changes over time which could require alteration of one or more of these.

Details pertaining to the contents of the payloads may be viewed in [Microsoft's Defender Policies documentation](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide); scroll down past the initial unnecessary information until you reach Step 4.

### Assign to Devices

By way of either a 'Deployment' or 'Association' within FileWave, assign the Fileset to one or more test devices and once happy expand this to more devices.

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-09/scaled-1680-/H2CS6JxWLF3MbupZ-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-09/H2CS6JxWLF3MbupZ-image.png)

## Additional Information

The requirement script within the Installer Fileset is designed to ensure all profiles are in place before downloading and commencing with the installation. Script output from the Client Info &gt; Fileset Status displays logged information.

#### Example:

First time the script ran, the Profiles were not yet installed. On next run profiles were installed and the requirement script exited with a value of 0.

##### Script Log:

```
----------------------- HEADER - Date: (Mon Sep 25 2023) - Time: (13:36:40) -----------------------
Set to match all profile IDs

Looking for profile: ml1063.local.5b1e7237-2773-4d3a-9627-361c4dd8a9b0.Configuration.5b1e7237-2773-4d3a-9627-361c4dd8a9b0
Profile found: FALSE

Looking for profile: ml1063.local.bd9007c3-41d6-45bb-a2bf-774ec901e4c2.Configuration.bd9007c3-41d6-45bb-a2bf-774ec901e4c2
Profile found: FALSE

Looking for profile: ml1063.local.7f249c3c-f79a-48cf-952c-dd178a00a5a6.Configuration.7f249c3c-f79a-48cf-952c-dd178a00a5a6
Profile found: FALSE

Looking for profile: ml1063.local.f68916cf-c1e0-47e2-a73c-700678267fe8.Configuration.f68916cf-c1e0-47e2-a73c-700678267fe8
Profile found: FALSE

Looking for profile: ml1063.local.4726b0a7-4f74-4369-8aeb-2450e4f0f935.Configuration.4726b0a7-4f74-4369-8aeb-2450e4f0f935
Profile found: FALSE
Only found 0 profiles from the supplied list of 5

----------------------- FOOTER - Date: (Mon Sep 25 2023) - Time: (13:36:41) - Exit code: (1) -----------------------

----------------------- HEADER - Date: (Mon Sep 25 2023) - Time: (13:39:31) -----------------------
Set to match all profile IDs

Looking for profile: ml1063.local.5b1e7237-2773-4d3a-9627-361c4dd8a9b0.Configuration.5b1e7237-2773-4d3a-9627-361c4dd8a9b0
Profile found: TRUE

Looking for profile: ml1063.local.bd9007c3-41d6-45bb-a2bf-774ec901e4c2.Configuration.bd9007c3-41d6-45bb-a2bf-774ec901e4c2
Profile found: TRUE

Looking for profile: ml1063.local.7f249c3c-f79a-48cf-952c-dd178a00a5a6.Configuration.7f249c3c-f79a-48cf-952c-dd178a00a5a6
Profile found: TRUE

Looking for profile: ml1063.local.f68916cf-c1e0-47e2-a73c-700678267fe8.Configuration.f68916cf-c1e0-47e2-a73c-700678267fe8
Profile found: TRUE

Looking for profile: ml1063.local.4726b0a7-4f74-4369-8aeb-2450e4f0f935.Configuration.4726b0a7-4f74-4369-8aeb-2450e4f0f935
Profile found: TRUE
All profiles found.  Exiting 0

----------------------- FOOTER - Date: (Mon Sep 25 2023) - Time: (13:39:33) - Exit code: (0) -----------------------
```

Subsequently, the Fileset downloaded and activated:

##### Client Log:

```
2023-09-25 13:39:34.758|main|INFO|CLIENT|about to downloadAllFileset files for Fileset MicroSoft Defender Installer macOS Installer Included, ID 736320, revision ID 736320
2023-09-25 13:39:35.697|main|INFO|CLIENT|Downloading Fileset MicroSoft Defender Installer macOS Installer Included, ID 736320, revision ID 736320
2023-09-25 14:03:49.650|main|INFO|CLIENT|finished downloadFileset files for Fileset MicroSoft Defender Installer macOS Installer Included, ID 736320, revision ID 736320
2023-09-25 14:03:50.285|main|INFO|CLIENT|Create all folders of fileset ID Fileset MicroSoft Defender Installer macOS Installer Included, ID 736320, revision ID 736320, version 4
2023-09-25 14:03:50.289|main|INFO|CLIENT|Activate all files of Fileset MicroSoft Defender Installer macOS Installer Included, ID 736320, revision ID 736320, version 4
2023-09-25 14:03:50.465|main|INFO|CLIENT|Done activating all 4 files of Fileset MicroSoft Defender Installer macOS Installer Included, ID 736320, revision ID 736320, version 4
```

# Microsoft Office Deployment (macOS)

## What

Deploying Microsoft Office for macOS with FileWave is the process of pushing out Microsoft Office for macOS software to a large number of macOS devices using FileWave's Unified Endpoint Management (UEM) tool. FileWave is a software management tool that allows IT administrators to manage and deploy software applications to various devices, including macOS, Windows, iOS, iPadOS, tvOS, Chrome, and Android devices.

## When/Why

You would need to deploy Microsoft Office for macOS with FileWave if you have a large number of macOS devices that need to have Microsoft Office installed. Deploying Microsoft Office for macOS with FileWave allows you to save time and effort, as you can push out the software to multiple devices at once, rather than having to install it manually on each individual device. Additionally, deploying Microsoft Office for macOS with FileWave ensures that all devices have the same version of Microsoft Office and the same settings.

## How

To deploy Microsoft Office for macOS with FileWave, you can follow the guides provided by Microsoft. The deployment guide for Office for Mac is located here: [https://learn.microsoft.com/en-us/deployoffice/mac/deployment-guide-for-office-for-mac](https://learn.microsoft.com/en-us/deployoffice/mac/deployment-guide-for-office-for-mac). The guide provides step-by-step instructions for deploying Microsoft Office for macOS using various methods. In addition to the Microsoft deployment guide, you can use FileWave to push out the PKGs and settings needed to install and configure Microsoft Office for macOS.

# Microsoft Skype Deployment (macOS App)

## Description

<p class="callout warning">Microsoft retired Skype in May 2025. Do not use this recipe for new deployments. The old Skype download page now redirects to Microsoft Teams.</p>

Historically, Skype for macOS was a self-contained application that could be deployed by copying **Skype.app** into **/Applications**. This page is retained for customers auditing or cleaning up older FileWave deployments.

## Ingredients

- An existing archived Skype application, only if you have a legitimate need to audit or remove an older deployment.
- For new deployments, use [Microsoft Teams](https://www.microsoft.com/en-us/microsoft-teams/download-app) instead of Skype.

## Directions

1. Do not download Skype from the old public Skype URL for new deployments; Microsoft redirects that path to Teams.
2. If you are reviewing an existing archived Skype Fileset, verify that it only places **Skype.app** in **/Applications**.
3. Remove or replace existing Skype associations as part of your Teams migration plan.

## Related information

- [Microsoft: The next chapter: Moving from Skype to Microsoft Teams](https://www.microsoft.com/en-us/microsoft-365/blog/2025/02/28/the-next-chapter-moving-from-skype-to-microsoft-teams/)
- [Download Microsoft Teams](https://www.microsoft.com/en-us/microsoft-teams/download-app)

# PaperCut recipe (macOS)

## Description

Needing to deploy the PaperCut Print Deploy client to a macOS client managed by FileWave? FileWave has you covered!

## Ingredients

- FW Central
- PaperCut PKG installer
- .plist configuration file
- MDM managed macOS clients

## Directions

### Converting the DMG to a PKG installer

You will need access to your PaperCut NG/MG server configurations.

1. Log in to your <span class="marky8yc056js">Paper</span>Cut NG/MF server, for example, `https://print-server.example.net:9192/admin`.
2. Click **Enable Printing &gt; Print Deploy**. The Print Deploy page is displayed.
3. Next to Download clients, click the macOS button at the bottom of the page.
4. Save the .dmg file to your Documents folder.
5. Look at the filename and check that the hostname between the square brackets is correct, for example, `pc-print-deploy-client[print-server.company.lan].dmg`.
6. Double-click the .dmg file and copy **<span class="marky8yc056js">Paper</span>Cut Print Deploy Client.pkg** to the Desktop.

### Creating .plist file to configure your MDM macOS clients

The PaperCut Print Deploy Client can use a .plist file to set its server address. You can share and deploy these files in many different ways, such as with a .mobileconfig file, a file-copy command, or a scripted file creation on the client. For our recipe, we are just going to deploy the .plist to the proper directory along with our .pkg.

<p class="callout warning">Note: The .plist file needs to be in proper format. The PaperCut client will not function with your desired configurations if this is not saved in the correct format.</p>

To create the .plist file:

1. Open a terminal and issue the following command:   
    `defaults write ~/Documents/com.papercut.printdeploy.client server_host hostname`
2. Replace the word ‘hostname’ with the FQDN or IP address from the ‘.dmg’, for example, `print-server.company.lan`
3. Convert the .plist file with the following command:  
    `/usr/bin/plutil -convert xml1 ~/Documents/com.papercut.printdeploy.client.plist`  
    This will ensure that the file can be read correctly.
4. Verify the contents of the new `.plist` with the following command:  
    `defaults read ~/Documents/com.papercut.printdeploy.client.plist`  
    The output should be:
    
    ```
    macOS:Documents localadmin$ defaults read ~/Documents/com.papercut.printdeploy.client.plist
    {
    "server_host" = "print-server.company.lan";
    }
    macOS:Documents localadmin$
    ```

### Example .plist file

```
<?xml version="1.0" encoding="UTF-8"?>

<plist version="1.0">
<dict>
	<key>server_host</key>
	<string>YOUR_PRINT_SERVER_ADDRESS</string>
</dict>
</plist>
```

Download here: [com.papercut.printdeploy.client.plist.zip](https://kb.filewave.com/attachments/464)

Replace the YOUR\_PRINT\_SERVER\_ADDRESS, with your print server address if you use the example .plist file.

### Creating the Fileset

1. Open FileWave Central
2. Select the PKG installer Fileset
3. Upload the PKG installer
4. Open Fileset Contents and uncheck 'Hide unused folders'
5. Navigate to Library &gt; Preferences
6. Upload the .plist file to Library/Managed Preferences/
7. Close to save the Fileset

[![PaperCutPrintDeployFileset.png](https://kb.filewave.com/uploads/images/gallery/2025-08/scaled-1680-/YFHvTUv7qDic1yJi-papercutprintdeployfileset.png)](https://kb.filewave.com/uploads/images/gallery/2025-08/YFHvTUv7qDic1yJi-papercutprintdeployfileset.png)

<p class="callout warning">Note: if no directory for /Library/Preferences/ is found, you may create the directory and upload the .plist file as shown above.</p>

Be sure the .plist file has the proper formatting and that the .plist file is in the correct directory. If the .plist file is found, the <span class="marky8yc056js">Paper</span>Cut Print Deploy client should honor the file's settings.

Always, test deployment to a few test machines. This ensures your configurations for PaperCut are correct and ready for your macOS production fleet.

## Related Content

- [Generic steps for how to deploy PaperCut](https://www.papercut.com/help/manuals/print-deploy/roll-out-the-client/with-mdm/deploy-queues-using-another-apple-mdm/#configure-the-client-to-connect-to-the-print-deploy-server)

# Parallels Desktop for Mac Business Edition Deployment (macOS)

## Description

Creating a FileSet for Mass rollout of Parallels Desktop for Mac Business Edition Version 10

## Ingredients

- FW Central
- Attached Script FileSet - [script - activate parallels desktop.fileset.zip](https://kb.filewave.com/attachments/175)
- Resources available from [Parallels.com](http://Parallels.com)

### Directions

1. Follow the directions at [http://kb.parallels.com/en/120093](http://kb.parallels.com/en/120093) to create a pkg for mass deployment of parallels
2. Import the Parallels Desktop Autodeploy.pkg that you equipped with the Data in the first step into FileWave Admin
3. Import the attached file ( [script - activate parallels desktop.fileset.zip](https://kb.filewave.com/attachments/175) ) , open it and edit the content of the script within. In the line /usr/local/bin/prlsrvctl install-license -k XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX replace XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX with your license key , save your changes and close the fileset.
4. Deploy both the PKG fileset and the script fileset to your test client. Make sure the PKG fileset has a higher priority than the script fileset - the attached script fileset is preset to lowest priority per default.

# Renew - A tool to get users to reboot periodically (macOS Script)

## Description

For remote tools to work reliably, and for security patches to be properly installed, users need to restart their workstations regularly. But we all get focused on our day-to-day, and taking 10 minutes to restart our workstations just gets pushed to the back-burner. [SecondSonConsulting](https://www.secondsonconsulting.com/giving-back/) developed Renew to encourage users to restart their workstations on a regular basis, and the timing can be customized to the environment. This tool can be delivered via MDM, or other methods, but then is self-sustaining, running locally without any other tool controlling it. For the safety of their work, it will never restart the computer without the user’s consent.

## Ingredients

- FW Central
- [swiftDialog Deployment (macOS PKG)](https://kb.filewave.com/books/software-deployment-recipes-macos/page/swiftdialog-deployment-macos-pkg "swiftDialog  Deployment (macOS PKG)")
- Renew PKG - [https://github.com/SecondSonConsulting/Renew/releases](https://github.com/SecondSonConsulting/Renew/releases)

## Directions

1. Install SwiftDialog v2.0 or later: [swiftDialog Deployment (macOS PKG)](https://kb.filewave.com/books/software-deployment-recipes-macos/page/swiftdialog-deployment-macos-pkg "swiftDialog  Deployment (macOS PKG)")
2. Install the latest Renew PKG from their [Releases](https://github.com/SecondSonConsulting/Renew/releases) page as a PKG Fileset. Here is an example: [PKG - Renew.fileset.zip](https://kb.filewave.com/attachments/212)
3. Deploy a config profile. This can be done most easily by using [iMazing Profile Editor (free)](https://imazing.com/profile-editor) which has a template for Renew's options. 
    - Save the profile and then drag and drop it in FileWave Central to make a Profile Fileset. An Example Profile from iMazing is here: [Renew Configuration.mobileconfig](https://kb.filewave.com/attachments/214) and the Fileset made from it is here: [Profile - Renew Configuration.fileset.zip](https://kb.filewave.com/attachments/213)

<p class="callout warning">Note that you can not edit the profile in the FileWave profile editor. It will not display the custom payload. </p>

[![Renew Configuration 2023-07-30 at 8.52.58 PM.jpg](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/XYb9mbJQqZp8ElvW-renew-configuration-2023-07-30-at-8-52-58-pm.jpg)](https://kb.filewave.com/uploads/images/gallery/2023-07/XYb9mbJQqZp8ElvW-renew-configuration-2023-07-30-at-8-52-58-pm.jpg)


## Additional Recommended Steps

1. Use the [`OptionalArguments`](https://github.com/SecondSonConsulting/Renew/wiki/OptionalArguments) profile keys to make Renew look and function right for your environment.
2. For macOS Ventura+ compatibility, create a BackgroundItems MDM profile and enforce the LaunchAgent Label ID: `com.secondsonconsulting.renew`with an example here: [Profile - Renew LaunchAgent.fileset.zip](https://kb.filewave.com/attachments/215)

## Examples

### Notification Mode Default User Experience

[![Renew Notification Example Image](https://github.com/SecondSonConsulting/Renew/raw/main/Example%20Screenshots/Renew-NotificationDefault.png?raw=true#gh-light-mode-only)](https://github.com/SecondSonConsulting/Renew/blob/main/Example%20Screenshots/Renew-NotificationDefault.png?raw=true#gh-light-mode-only)

### Normal Mode Default User Experience

[![Renew Normal Example Image](https://github.com/SecondSonConsulting/Renew/raw/main/Example%20Screenshots/Renew-NormalDefaultDialog.png?raw=true#gh-light-mode-only)](https://github.com/SecondSonConsulting/Renew/blob/main/Example%20Screenshots/Renew-NormalDefaultDialog.png?raw=true#gh-light-mode-only)

### Aggressive Mode Default User Experience

[![Renew Aggressive Example Image](https://github.com/SecondSonConsulting/Renew/raw/main/Example%20Screenshots/Renew-AggressiveDefaultDialog.png?raw=true#gh-light-mode-only)](https://github.com/SecondSonConsulting/Renew/blob/main/Example%20Screenshots/Renew-AggressiveDefaultDialog.png?raw=true#gh-light-mode-only)

### Custom Fields Design Example Image

SwiftDialog allows a high degree of customization, and Renew allows you to continue to easily take advantage of that. This is an example of how you can customize the user experience to suit your branding and taste.

This example uses a banner image tailored to the window size, and the following OptionalArgument in the configuration file.

```
<key>AdditionalDialogOptions</key>

<string>--width 300 --height 350 --messagefont size=15 --position topright --ontop --messagealignment centre</string>
```

[![Renew Customized Example Image](https://github.com/SecondSonConsulting/Renew/raw/main/Example%20Screenshots/Renew-CustomizedDialog.png?raw=true#gh-light-mode-only)](https://github.com/SecondSonConsulting/Renew/blob/main/Example%20Screenshots/Renew-CustomizedDialog.png?raw=true#gh-light-mode-only)

## Related Content

- [SecondSonConsulting/Renew: A macOS script to encourage users to restart their workstations (github.com)](https://github.com/SecondSonConsulting/Renew)
- [Home · SecondSonConsulting/Renew Wiki (github.com)](https://github.com/SecondSonConsulting/Renew/wiki)

# Securly Classroom macOS Agent (Beta)

## **Overview**

Securly Classroom now supports macOS devices, allowing educators to monitor student screens, manage web access, and control application usage. This guide outlines the steps to install and verify the Securly Classroom macOS agent using FileWave.

## **Why Use the Securly Classroom macOS Agent?**

The macOS agent enables:

- **Screen Monitoring**: View students’ screens in real-time.
- **Web Access Management**: Enforce content filtering policies in Safari and Chrome.
- **Application Control**: Restrict or allow certain applications during class sessions.

## **Installation Steps**

### **1. Deploy the MDM Privacy Profile**

Before installing the Securly Classroom agent, you must configure the necessary **Privacy Preferences Policy Control (PPPC) profile** via FileWave MDM. This profile ensures the agent has permissions to:

- **Automation**: Allow interaction with the system and other apps.
- **Accessibility**: Enable monitoring features.
- **Screen Recording**: Capture student screens.

There are two profiles available from Securly, allowing two deployment options:

- **Admin Only**: Requires an administrator to grant permissions manually.
- **Admin or Students**: Allows students to enable permissions themselves.

<p class="callout info">**Admin Only:** In this scenario, admins would update each device to ensure that students are unable to change this permission. This is labor-intensive but locked down.  
  
**Admin or Students:** In this scenario, teachers instruct students on how to enable this permission. Please note that in this configuration, students will then be able to remove this permission. Such matters should be handled by instructing students in your district’s Acceptable Use Policy. This scales more easily, but it requires coordination.  
  
**Please note:** Screen recording policy follows Apple's privacy policy. Any user can agree to allow screen recording for the application, disable screen recording services, and revoke FileWave's right to view the screen, as per [Apple Inc. policy.](https://www.apple.com/legal/privacy/en-ww/)</p>

Ensure this profile is deployed before proceeding with the PKG installation. Securly Classroom macOS Fileset has a placeholder for the PKG installer and a requirement script to check TCC Profile is installed before the PKG installation.

[Securly Classroom macOS.fileset.zip](https://kb.filewave.com/attachments/448)

##### Requirement Script:

Where software is already installed and services are active, Privacy Settings Profiles installed subsequently require the service of that software to be restarted. This Fileset example includes a Requirement Script that checks for profile installation before activating Securly, preventing the need to restart the service.

The 'check\_profile.sh' script is designed to recognise one of the two provided Profiles and, once installed, allow activation of the Fileset. If Profiles with a different Profile ID are used instead of those supplied, the script settings will require alteration.

- Double-click the Fileset
- Select the 'check\_profile.sh' (located in a numbered subfolder in /var/scripts/)
- Choose Get Info &gt; Executable view

The Launch Arguments display the Payload ID of the TCC profile. Add in the correct Fileset Profile UDID.

<table id="bkmrk-replace-with-your-se" style="border-collapse:collapse;width:100%;"><colgroup><col style="width:33.3333%;"></col><col style="width:33.3333%;"></col><col style="width:33.3333%;"></col></colgroup><tbody><tr><td>Fileset Contents</td><td>Check Profile script</td><td>Enter the TCC Profile UDID</td></tr><tr><td>[![SecurlyClassroommacOS.png](https://kb.filewave.com/uploads/images/gallery/2025-04/scaled-1680-/QXDVfIQklwWnVG13-securlyclassroommacos.png)](https://kb.filewave.com/uploads/images/gallery/2025-04/QXDVfIQklwWnVG13-securlyclassroommacos.png)</td><td>[![RequirementTCCProfile.png](https://kb.filewave.com/uploads/images/gallery/2025-04/scaled-1680-/eGfMRTIHfGQ2oWkt-requirementtccprofile.png)](https://kb.filewave.com/uploads/images/gallery/2025-04/eGfMRTIHfGQ2oWkt-requirementtccprofile.png)</td><td>[![ReplaceUDID.png](https://kb.filewave.com/uploads/images/gallery/2025-04/scaled-1680-/UO7GWatZDRtn6mjE-replaceudid.png)](https://kb.filewave.com/uploads/images/gallery/2025-04/UO7GWatZDRtn6mjE-replaceudid.png)</td></tr></tbody></table>

### **2. Obtain and Deploy the PKG Installer/Profile**

Once the MDM profile is installed:

1. **Download the Securly Classroom macOS agent PKG** from Securly.
2. **Import the PKG into the Fileset using FileWave** to a few test devices.
3. **Reboot the device** after installation, or [require a reboot in the Fileset's properties](https://kb.filewave.com/books/filesets-payloads/page/force-a-reboot-after-installing-a-fileset-macoswindows) (Reboot is required by Securly)
4. **Verify installation** by checking for the Securly Classroom icon in the menu bar.
5. **Deploy the Fileset** to your student devices.

### **3. Update Student Account Information**

- Navigate to **Users &gt; Students** in the Securly Classroom portal.
- Ensure each student's **username matches their Account Name (SAMAccountName)**.
- Restart student devices for changes to take effect.

### **4. Configure Device Settings**

Adjust parental controls or additional security settings to **ensure Securly Classroom is always allowed**.

## **Additional Considerations**

- **Application Blocking**: Supports limiting app usage for classroom management.
- **Troubleshooting**: Ensure the agent is running and permissions are correctly configured if students appear offline.

For further assistance, refer to [Securly's official guide](https://support.securly.com/hc/en-us/articles/30108299979287-Installing-and-verifying-Securly-Classroom-macOS-agent-Beta).

# SentinelOne Deployment (macOS)

## Description

SentinelOne is a cybersecurity company that specializes in endpoint security and threat intelligence. They provide a platform for autonomous endpoint protection that uses AI and machine learning to prevent, detect, and respond to a wide range of security threats, including malware, ransomware, and other cyberattacks.

This recipe will guide on how to setup and deploy to your macOS devices.

<p class="callout warning">Upgrading SentinelOne on macOS Clients is not done the same way as it's initial deployment. We have edited the Installation script to identify if the client already has SentinelOne installed and run the following command to upgrade instead of going the normal install route: *sentinelctl upgrade-pkg<span class="apple-converted-space"> </span>PKG\_pathname* To deploy the upgraded SentinelOne Client to devices, simply create a new revision, upload the new PKG to the Fileset, and change the file name references in the install script.</p>

## Ingredients

- FileWave Central
- [SentinelOne\_Fileset&amp;Profiles.zip](https://kb.filewave.com/attachments/514)
- SentinelOne PKG installer
- SentinelOne Group/Site Token

## Directions

#### Editing the Fileset:

```
sentinelctl upgrade-pkg PKG_pathname
```

1. Download and import the SentinelOne Fileset into FileWave Central (we'll handle the Profiles later)
2. In a text editor, create a plain text file named com.sentinelone.registration-token that contains only your Site/Group Token  
    [![Screenshot 2025-01-15 at 11.22.14 AM.png](https://kb.filewave.com/uploads/images/gallery/2025-01/scaled-1680-/zO0RfwdcsB8oM0mh-screenshot-2025-01-15-at-11-22-14-am.png)](https://kb.filewave.com/uploads/images/gallery/2025-01/zO0RfwdcsB8oM0mh-screenshot-2025-01-15-at-11-22-14-am.png)
3. Open the imported Fileset and replace the files under /usr/local/etc/FileWaveInstallers/SentinelOne with your registration token file and SentinelOne PKG.  
      
    <p class="callout info">Make sure the token file ownership is set to root:staff. You can change the ownership by selecting the file &gt; Get Info &gt; Ownership</p>
    
    <p class="callout info">The "com.sentinelone.registration-token" plaintext file must also be extension-less in the fileset and will not work if the file has a .txt extension at the end of the file name. If your filename ends in a ".txt" this can be removed/edited by right-clicking on the file in the fileset &gt; "Rename".</p>
    
      
    <table style="border-collapse:collapse;width:100%;"><colgroup><col style="width:50%;"></col><col style="width:50%;"></col></colgroup><tbody><tr><td>Before:</td><td>After:</td></tr><tr><td>[![Screenshot 2025-04-09 at 3.15.42 PM.png](https://kb.filewave.com/uploads/images/gallery/2025-04/scaled-1680-/VCKEbybJ5HCdfPhw-screenshot-2025-04-09-at-3-15-42-pm.png)](https://kb.filewave.com/uploads/images/gallery/2025-04/VCKEbybJ5HCdfPhw-screenshot-2025-04-09-at-3-15-42-pm.png)
    
    </td><td>[![Screenshot 2025-04-09 at 3.19.27 PM.png](https://kb.filewave.com/uploads/images/gallery/2025-04/scaled-1680-/UGAxPK1sBhSGnPz3-screenshot-2025-04-09-at-3-19-27-pm.png)](https://kb.filewave.com/uploads/images/gallery/2025-04/UGAxPK1sBhSGnPz3-screenshot-2025-04-09-at-3-19-27-pm.png)
    
    </td></tr></tbody></table>
    
      
    Now we need to edit the install script so it points to the uploaded installer.
4. In Admin, select the SentinelOne Fileset and then select 'Scripts' in the toolbar.
5. Edit the Activation Script 'Instal\_SentinelOne.sh'. You will need to change the name of the PKG to what you have uploaded. Click OK to save.   
    <table style="border-collapse:collapse;width:100%;"><colgroup><col style="width:50%;"></col><col style="width:50%;"></col></colgroup><tbody><tr><td>Before:</td><td>After: <span style="background-color:rgb(241,196,15);">***Your installer's name will be different***</span></td></tr><tr><td>[![Screenshot 2025-04-09 at 4.27.11 PM.png](https://kb.filewave.com/uploads/images/gallery/2025-04/scaled-1680-/WnwvrDlfSnw2Yv3S-screenshot-2025-04-09-at-4-27-11-pm.png)](https://kb.filewave.com/uploads/images/gallery/2025-04/WnwvrDlfSnw2Yv3S-screenshot-2025-04-09-at-4-27-11-pm.png)</td><td>[![Screenshot 2025-04-09 at 4.19.44 PM.png](https://kb.filewave.com/uploads/images/gallery/2025-04/scaled-1680-/FsMGMPmftV7xTvJB-screenshot-2025-04-09-at-4-19-44-pm.png)](https://kb.filewave.com/uploads/images/gallery/2025-04/FsMGMPmftV7xTvJB-screenshot-2025-04-09-at-4-19-44-pm.png)</td></tr></tbody></table>
    
    Now we need to import the four Profiles to allow the installer the access and permissions it needs
6. <span class="s1">Import the Profiles that were downloaded with the Fileset. To do so, just drag and drop the Profiles into FileWave Central. </span>
    
    Video: [Importing Profiles](https://kb.filewave.com/attachments/424)<p class="callout info">Profile Metadata shown below</p>


##### We're all set! Now create a Deployment with the Fileset and four Profiles.

##### The Fileset contains a script that will only allow the Installation once all four Profiles have been installed. It is normal to see a Fileset failure the first try. It will keep trying until profiles have installed.   
  
  


<p class="callout info">The check\_profile script logs each attempt and why it either failed or succeeded. You can see this log by right-clicking on the script in Client Info&gt;Fileset Status. Select the Fileset in the list and the script status will show on the right. Right-click to see script output.[![Screenshot 2025-04-09 at 3.30.03 PM.png](https://kb.filewave.com/uploads/images/gallery/2025-04/scaled-1680-/6ASwNv6RQjlHOx3g-screenshot-2025-04-09-at-3-30-03-pm.png)](https://kb.filewave.com/uploads/images/gallery/2025-04/6ASwNv6RQjlHOx3g-screenshot-2025-04-09-at-3-30-03-pm.png)  
[![Screenshot 2025-04-09 at 3.34.09 PM.png](https://kb.filewave.com/uploads/images/gallery/2025-04/scaled-1680-/4IH618E3VdFuH2fs-screenshot-2025-04-09-at-3-34-09-pm.png)](https://kb.filewave.com/uploads/images/gallery/2025-04/4IH618E3VdFuH2fs-screenshot-2025-04-09-at-3-34-09-pm.png)  
You'll notice that the script exited successfully (exit 0) once all the Profiles were found. The profiles are identified by their Profile ID. You can find this by double-clicking on the Profile in the Filesets view.</p>

## Profile Metadata

#### Service Management Profile

<details id="bkmrk-service-management-p"><summary>Service Management Profile</summary>

[![SentinelOne_ServiceManagementProfile.png](https://kb.filewave.com/uploads/images/gallery/2023-11/scaled-1680-/7GVv7yAfsRLhDESf-sentinelone-servicemanagementprofile.png)](https://kb.filewave.com/uploads/images/gallery/2023-11/7GVv7yAfsRLhDESf-sentinelone-servicemanagementprofile.png)

</details>#### Privacy Control Configuration Profile

<details id="bkmrk-tcc-profile"><summary>TCC Profile</summary>

[![SentinelOne_TCCProfile01.png](https://kb.filewave.com/uploads/images/gallery/2023-11/scaled-1680-/i2uTSpnL1eQgtjIe-sentinelone-tccprofile01.png)](https://kb.filewave.com/uploads/images/gallery/2023-11/i2uTSpnL1eQgtjIe-sentinelone-tccprofile01.png)[![SentinelOne_TCCProfile02.png](https://kb.filewave.com/uploads/images/gallery/2023-11/scaled-1680-/4aKFodVFdekHVzpH-sentinelone-tccprofile02.png)](https://kb.filewave.com/uploads/images/gallery/2023-11/4aKFodVFdekHVzpH-sentinelone-tccprofile02.png)

</details>#### Notifications

Bundle Identifier: com.sentinelone.SentinelAgent

<details id="bkmrk-notifications-settin"><summary>Notifications Settings</summary>

[![SentinelOneNotifications.png](https://kb.filewave.com/uploads/images/gallery/2026-05/scaled-1680-/x9kuvrFICKoVwTKk-sentinelonenotifications.png)](https://kb.filewave.com/uploads/images/gallery/2026-05/x9kuvrFICKoVwTKk-sentinelonenotifications.png)

</details>#### Network System Extension Profile

Team Identifier: 4AYE5J54KN

Allowed System Extensions: com.sentinelone.network-monitoring

<details id="bkmrk-system-extension-pro"><summary>System Extension Profile</summary>

[![SentinelOne_SystemExtensionProfile.png](https://kb.filewave.com/uploads/images/gallery/2023-11/scaled-1680-/zg5n9qECenBUDeU5-sentinelone-systemextensionprofile.png)](https://kb.filewave.com/uploads/images/gallery/2023-11/zg5n9qECenBUDeU5-sentinelone-systemextensionprofile.png)

</details>#### Web Content Filter Profile

<details id="bkmrk-network-filter-profi"><summary>Network Filter Profile</summary>

[![SentinelOne_WebContentFilterProfile.png](https://kb.filewave.com/uploads/images/gallery/2023-11/scaled-1680-/Sb99PXjS1p8aCz0Q-sentinelone-webcontentfilterprofile.png)](https://kb.filewave.com/uploads/images/gallery/2023-11/Sb99PXjS1p8aCz0Q-sentinelone-webcontentfilterprofile.png)

</details>## Related Content

- [SentinelOne Support](https://www.sentinelone.com/global-services/get-support-now/)

# swiftDialog  Deployment (macOS PKG)

## Description

This article provides instructions on how to deploy [swiftDialog](https://github.com/bartreardon/swiftDialog) using FileWave. swiftDialog is a simple utility for macOS that allows shell scripts to display GUI dialogs. swiftDialog is beneficial when you want to provide interactive user feedback or collect user input during a shell script's execution. By deploying swiftDialog via FileWave, administrators can efficiently distribute this utility across all managed macOS devices.

## Ingredients

- FW Admin
- swiftDialog PKG - [Releases · bartreardon/swiftDialog (github.com)](https://github.com/bartreardon/swiftDialog/releases)
- Example PKG Fileset - [PKG - swiftDialog.fileset.zip](https://kb.filewave.com/attachments/201)
- Profile Fileset to enable notifications for swiftDialog - [Profile - swiftDialog - Enable Notifications.fileset.zip](https://kb.filewave.com/attachments/211)

## Directions

<div class="pointer-container" id="bkmrk-%C2%A0" tabindex="-1"><div class="pointer flex-container-row items-center justify-space-between p-s anim is-page-editable"><div class="flex-container-row items-center gap-s"><div class="input-group"> </div></div></div></div>### Deploying swiftDialog to your Macs using FileWave

1. Download the swiftDialog PKG from: [Releases · bartreardon/swiftDialog (github.com)](https://github.com/bartreardon/swiftDialog/releases)
2. Create a new PKG fileset in FileWave and import the swiftDialog PKG. See the example: [PKG - swiftDialog.fileset.zip](https://kb.filewave.com/attachments/201)
    - "New Desktop Fileset" was picked and then PKG and then the PKG select.
    - On Properties for the Fileset I made it work on macOS 11.x and higher. Newer versions of swiftDialog may require macOS 12.x or higher so consider that.
    - Additionally the script below was added to set the notification icon to be a FileWave icon. You'll see in our example Fileset that it has this as a Preflight Script. When the icon is in place before the PKG it allows the custom icon to be used.  
          
        ```shell
        #!/bin/zsh
        
        if [ -f "/usr/local/sbin/FileWave.app/Contents/Resources/fwGUI.app/Contents/Resources/kiosk.icns" ]
        then
            mkdir -p "/Library/Application Support/Dialog/"
            sips -s format png /usr/local/sbin/FileWave.app/Contents/Resources/fwGUI.app/Contents/Resources/kiosk.icns --out "/Library/Application Support/Dialog/Dialog.png"
        else
            echo "File not found: /usr/local/sbin/FileWave.app/Contents/Resources/fwGUI.app/Contents/Resources/kiosk.icns"
        fi
        
        exit 0
        
        ```
3. Dowload [Profile - swiftDialog - Enable Notifications.fileset.zip](https://kb.filewave.com/attachments/211) if you want to ensure swiftDialog notifications will be seen.
4. Assign both swiftDialog and the swiftDialog Enable Notifications Filesets to your target macOS devices.

## Related Links

- [swiftDialog GitHub](https://github.com/bartreardon/swiftDialog) - swiftDialog official GitHub page
- [acodega/dialog-scripts: Scripts to use with the awesome Dialog app https://github.com/bartreardon/Dialog](https://github.com/acodega/dialog-scripts)
- [SecondSonConsulting/swiftDialogExamples (github.com)](https://github.com/SecondSonConsulting/swiftDialogExamples)
- [Installomator - The one installer script to rule them all (macOS Script)](https://kb.filewave.com/books/software-deployment-recipes-macos/page/installomator-the-one-installer-script-to-rule-them-all-macos-pkg "Installomator - The one installer script to rule them all (macOS Script)")

# VMware Carbon Black Cloud sensor recipe (macOS)

## Description

VMware Carbon Black is a powerful endpoint protection solution that plays a critical role in an organization's cybersecurity strategy. Deploying Carbon Black via the installer package through the admin console is a strategic approach that ensures consistent, efficient, and effective endpoint security. By mastering this deployment process, organizations can enhance their cybersecurity posture, mitigate threats proactively, and protect their digital assets in an increasingly dangerous digital landscape.

This guide will help you create a Fileset and deploy the application along with the required profiles.

## Ingredients

- FileWave Central
- VMware Carbon Black Cloud dmg
- VMware CBC license code
- VMware CBC uninstaller code
- System Extension mobile configuration
- Network Extension Web Content Filter mobile configuration
- TCC Privacy Policy mobile configuration

## Downloads

[VMware CBCloud Profiles.zip](https://kb.filewave.com/attachments/265)  
[VMware Carbon Black Cloud.fileset.zip](https://kb.filewave.com/attachments/267)

## Directions

<p class="callout warning">Please note this recipe includes Carbon Black Cloud sensor (CB Defense) version 3.7.4.53. This version is supported on MacOS 11.0 and newer.</p>

### Downloading and extracting the MDM profiles and installers

You will first want to grab and download your VMware installations and profiles. The .dmg will need to be mounted first and then extract the necessary components from this file.

Once the .dmg has been mounted you will see the contents listed. Below is the CBCloud Install.pkg and doc folder containing the required MDM profiles.

[![VMwareCBCSensor01.png](https://kb.filewave.com/uploads/images/gallery/2023-09/scaled-1680-/Zbpw5w6bm9xOeRCA-vmwarecbcsensor01.png)](https://kb.filewave.com/uploads/images/gallery/2023-09/Zbpw5w6bm9xOeRCA-vmwarecbcsensor01.png)

The required MDM profiles and unattended script for the Fileset deployed are found in the docs folder within the mounted .dmg.

Extract the MDM profiles. These MDM profiles will be uploaded into FileWave Central. Below are the configurations for the three MDM profiles:

<details id="bkmrk-kernel-extension-pol"><summary>Kernel Extension Policy</summary>

[![VMwareCBCSensor02.png](https://kb.filewave.com/uploads/images/gallery/2023-09/scaled-1680-/KwJSyfpQbIkg2VQP-vmwarecbcsensor02.png)](https://kb.filewave.com/uploads/images/gallery/2023-09/KwJSyfpQbIkg2VQP-vmwarecbcsensor02.png)

</details><details id="bkmrk-privacy-and-consent-"><summary>Privacy and Consent Control (TCC) Policy</summary>

[![VMwareCBCSensor04.png](https://kb.filewave.com/uploads/images/gallery/2023-09/scaled-1680-/CbTMGXE99RhXaqV9-vmwarecbcsensor04.png)](https://kb.filewave.com/uploads/images/gallery/2023-09/CbTMGXE99RhXaqV9-vmwarecbcsensor04.png)

</details><details id="bkmrk-web-content-filter-p"><summary>Web Content Filter Policy</summary>

[![VMwareCBCSensor03.png](https://kb.filewave.com/uploads/images/gallery/2023-09/scaled-1680-/MsPb2pokgjeBxEN3-vmwarecbcsensor03.png)](https://kb.filewave.com/uploads/images/gallery/2023-09/MsPb2pokgjeBxEN3-vmwarecbcsensor03.png)

</details>### MDM Profiles Configurations

If you do not have the VMware Carbon Black Cloud .dmg, you may create the Profiles with the following.

<p class="callout warning">VMware CCB macOS version 3.8+ introduces Approving the System Extension</p>

#### Approve System Extension

For the Allowed System Extension, please enter in the following:

<details id="bkmrk-system-extension-pol"><summary>System Extension Policy</summary>

<span class="ph cmd" id="bkmrk-specify-the-apple-te">Specify the Apple Team ID and System Extension bundle Identifier in your Allowed System Extension configuration profile:</span>

<div class="itemgroup info">- System Extension Types: **Allowed System Extensions**
- Apple Team ID: **7AGZNQ2S2T**
- System Extension Bundle ID: **com.vmware.carbonblack.cloud.se-agent.extension**`<a href="https://kb.filewave.com/uploads/images/gallery/2024-03/D7eOXsT9Kd8O74UD-vmware-ccb-system-extension.png" target="_blank"><img alt="Vmware CCB System Extension.png" src="https://kb.filewave.com/uploads/images/gallery/2024-03/scaled-1680-/D7eOXsT9Kd8O74UD-vmware-ccb-system-extension.png"></img></a>`

</div></details>#### Kernel Extension Policy

For the Kernel Approval profile, please enter in the TeamID and BundleID:

**Apple Team ID: 7AGZNQ2S2T**

**KEXT Bundle ID: com.carbonblack.defense.kext**

<p class="callout info">Kernel Extension Policy: The recommended way to deliver this configuration is through  
the provided [MDM-KEXT-reboot-command.xml](https://kb.filewave.com/attachments/261). FileWave has the Rebuild Kernel Cache command by highlighting the MDM client, right-clicking Restart (Supported MDM devices), checking the box for Rebuild Kernel Cache, and entering in the Kernel file path:  
  
*/Library/Extensions/CbDefenceSensor.kext* </p>

<details id="bkmrk-kernel-rebuild-cache"><summary>Kernel Rebuild Cache</summary>

[![RebuildKernelCache.png](https://kb.filewave.com/uploads/images/gallery/2023-10/scaled-1680-/hZHfZ5fioRAIFC1q-rebuildkernelcache.png)](https://kb.filewave.com/uploads/images/gallery/2023-10/hZHfZ5fioRAIFC1q-rebuildkernelcache.png)

</details>#### Privacy and Consent Control (TCC) Policy

The following will need to be entered for each of the BundleIDs along with Code Requirements and Services to set.

<details id="bkmrk-tcc-metadata-the-fie"><summary>TCC metadata</summary>

The fields should be completed exactly as follows. Please copy and paste for accuracy.  
1\]  
Identifier: **com.vmware.carbonblack.cloud.daemon**

Identifier Type should be set to: Bundle ID

Code Requirement: **identifier "com.vmware.carbonblack.cloud.daemon" and anchor apple generic and certificate 1\[field.1.2.840.113635.100.6.2.6\] /\* exists \*/ and certificate leaf\[field.1.2.840.113635.100.6.1.13\] /\* exists \*/ and certificate leaf\[subject.OU\] = "7AGZNQ2S2T"**

App or Service should be set to: **SystemPolicyAllFiles**

Access should be set to: **Allow**

2\]  
Identifier: **com.vmware.carbonblack.cloud.se-agent.extension**

Identifier Type should be set to: Bundle ID

Code Requirement: **identifier "com.vmware.carbonblack.cloud.se-agent.extension" and anchor apple generic and certificate 1\[field.1.2.840.113635.100.6.2.6\] /\* exists \*/ and certificate leaf\[field.1.2.840.113635.100.6.1.13\] /\* exists \*/ and certificate leaf\[subject.OU\] = "7AGZNQ2S2T**

App or Service should be set to: **SystemPolicyAllFiles**

Access should be set to: **Allow**

3\]  
Identifier: **com.vmware.carbonblack.cloud.osqueryi**

Identifier Type should be set to: Bundle ID

Code Requirement: **identifier "com.vmware.carbonblack.cloud.osqueryi" and anchor apple generic and certificate 1\[field.1.2.840.113635.100.6.2.6\] /\* exists \*/ and certificate leaf\[field.1.2.840.113635.100.6.1.13\] /\* exists \*/ and certificate leaf\[subject.OU\] = "7AGZNQ2S2T"**

  
App or Service should be set to: **SystemPolicyAllFiles**

Access should be set to: **Allow**

4\]  
Identifier: **com.vmware.carbonblack.cloud.uninstall**

Identifier Type should be set to: Bundle ID

Code Requirement: **identifier "com.vmware.carbonblack.cloud.uninstall" and anchor apple generic and certificate 1\[field.1.2.840.113635.100.6.2.6\] /\* exists \*/ and certificate leaf\[field.1.2.840.113635.100.6.1.13\] /\* exists \*/ and certificate leaf\[subject.OU\] = "7AGZNQ2S2T"**

  
App or Service should be set to: **SystemPolicyAllFiles**

Access should be set to: **Allow**

5\]  
Identifier: **com.vmware.carbonblack.cloud.uninstallerui**

Identifier Type should be set to: Bundle ID

Code Requirement: **identifier "com.vmware.carbonblack.cloud.uninstallerui" and anchor apple generic and certificate 1\[field.1.2.840.113635.100.6.2.6\] /\* exists \*/ and certificate leaf\[field.1.2.840.113635.100.6.1.13\] /\* exists \*/ and certificate leaf\[subject.OU\] = "7AGZNQ2S2T"**

  
App or Service should be set to: **SystemPolicyAllFiles**

Access should be set to: **Allow**

</details>#### Web Content Filter Policy

The following will need to be entered to create the web content filter manually.

<details id="bkmrk-web-content-filter-p-2"><summary>Web Content Filter Policy</summary>

The fields should be completed exactly as follows. Please copy and paste for accuracy.

In the General payload:

Payload Scope should be set to: **System**

In the Web Content Filter payload:

Filter Type: **Plug-In**

Plug-In Bundle ID: **com.vmware.carbonblack.cloud.se-agent**

Check Enable Socket Filtering

Filter Data Provider System Extension Bundle ID (macOS): **com.vmware.carbonblack.cloud.se-agent.extension**

 Filter Data Provider Designated Requirement (macOS): **identifier "com.vmware.carbonblack.cloud.se-agent.extension" and anchor apple generic and certificate 1\[field.1.2.840.113635.100.6.2.6\] /\* exists \*/ and certificate leaf\[field.1.2.840.113635.100.6.1.13\] /\* exists \*/ and certificate leaf\[subject.OU\] = "7AGZNQ2S2T"**

Check Enable Packet Filtering (macOS)

Filter Packet Provider System Extension Bundle ID (macOS): **com.vmware.carbonblack.cloud.se-agent.extension**

Filter Packet Provider Designated Requirement (macOS): **identifier "com.vmware.carbonblack.cloud.se-agent.extension" and anchor apple generic and certificate 1\[field.1.2.840.113635.100.6.2.6\] /\* exists \*/ and certificate leaf\[field.1.2.840.113635.100.6.1.13\] /\* exists \*/ and certificate leaf\[subject.OU\] = "7AGZNQ2S2T"**

</details>## Creating the VMware Carbon Black Cloud Fileset

You may download and upload the VMware Carbon Black Cloud Fileset into your FileWave Admin. You should see four items listed in the Fileset Contents:

1. CBCloud Install.pkg
2. check\_for\_profiles.sh script
3. cbcloud\_install\_unattended.sh script
4. install\_VMware\_CBCloud.sh script
5. uninstall\_VMware\_CBCloud.sh script

<p class="callout success">Verification Settings: VMware CBCloud client will get updates from the CBCloud server. If your organization allows, be sure to change the verification settings from 'Self-Healing' to 'Ignore at Verify' for the Fileset.</p>

[![vmwarecbcloudfileset.png](https://kb.filewave.com/uploads/images/gallery/2023-10/AeZt7EOwC5dD9Ve8-vmwarecbcloudfileset.png)](https://kb.filewave.com/uploads/images/gallery/2023-10/q5CbcuI0c0v0jAEx-vmwarecbcloudfileset.png)

### VMware CBCloud install script

You will need to modify and add your company code to the install\_VMware\_CBCloud.sh script.

1. Highlight the Fileset and click on Scripts (FW Central menu)
2. Highlight Activation Scripts, install\_VMware\_CBCloud.sh
3. Click on Edit to open the script
4. Enter your company code, i.e. #######
5. Click OK to save
6. Click OK to save your changes

<table id="bkmrk-%C2%A0-%C2%A0-%C2%A0-%C2%A0-%C2%A0" style="border-collapse:collapse;width:100%;"><colgroup><col style="width:50%;"></col><col style="width:50%;"></col></colgroup><tbody><tr><td>[![VMwareCompanyCode01.png](https://kb.filewave.com/uploads/images/gallery/2023-10/scaled-1680-/BeZriTCt64iWlZku-vmwarecompanycode01.png)](https://kb.filewave.com/uploads/images/gallery/2023-10/BeZriTCt64iWlZku-vmwarecompanycode01.png)

</td><td>[![VMwareCompanyCode02.png](https://kb.filewave.com/uploads/images/gallery/2023-10/scaled-1680-/Nc7unhGpw8Mc8pT0-vmwarecompanycode02.png)](https://kb.filewave.com/uploads/images/gallery/2023-10/Nc7unhGpw8Mc8pT0-vmwarecompanycode02.png)

</td></tr></tbody></table>

### Check for Profiles requirement script

You will need to modify and add your profile bundle IDs to the requirement script.

1. Highlight the Fileset and on Scripts (FW Central menu)
2. Highlight Requirement Scripts, check\_for\_profiles.sh
3. Right-click and select properties
4. Select and click on the Launch Arguments tab
5. Enter in your three profile bundle IDs
6. Click 'Apply' to save your changes
7. Select and click on the Environment Variables tab
8. Confirm the all\_or\_one variables string is set to 'all'
9. Click 'Apply' to save your changes, if not saved
10. Close the script properties window
11. Click OK to save your changes to the requirement script

<table id="bkmrk-%C2%A0" style="border-collapse:collapse;width:100%;"><colgroup><col style="width:33.3333%;"></col><col style="width:33.3333%;"></col><col style="width:33.3333%;"></col></colgroup><tbody><tr><td>[![Requirementscript.png](https://kb.filewave.com/uploads/images/gallery/2023-10/scaled-1680-/aW4OOQBm0fd8htAz-requirementscript.png)](https://kb.filewave.com/uploads/images/gallery/2023-10/aW4OOQBm0fd8htAz-requirementscript.png)

</td><td>[![LaunchArugments.png](https://kb.filewave.com/uploads/images/gallery/2023-10/scaled-1680-/FPF8uCSrEqJh1GYc-launcharugments.png)](https://kb.filewave.com/uploads/images/gallery/2023-10/FPF8uCSrEqJh1GYc-launcharugments.png)</td><td>[![EnvironmentVariables.png](https://kb.filewave.com/uploads/images/gallery/2023-10/scaled-1680-/PIliyt0wE87MKISJ-environmentvariables.png)](https://kb.filewave.com/uploads/images/gallery/2023-10/PIliyt0wE87MKISJ-environmentvariables.png)</td></tr></tbody></table>

### Vmware uninstall script

<p class="callout warning">This is optional and not required!</p>

If you have a company code to allow uninstallation of the VMware Carbon sensor, you may enter your code into the script under:

- Line 12 **&lt;CompanyCodeHere&gt;**; replace with your code and remove the &lt;&gt;

<details id="bkmrk-uninstall_vmware_cbc"><summary>uninstall\_Vmware\_CBCloud.sh</summary>

```
#!/bin/bash

#Logging uninstallation
exec 1>>/var/log/fwcld.log
exec 2>>/var/log/fwcld.log

#Uninstalling VMware CBCloud sensor
# There are two command line options:
# -c <CODE> If specified by the policy active on the endpoint, this option and uninstall code will be required.
# -y Skips the interactive prompt to confirm that uninstallation is desired. Recommended for unattended uninstall.

/Applications/VMware\ Carbon\ Black\ Cloud/uninstall.bundle/Contents/MacOS/uninstall -c <CompanyCodeHere> -y

exit 0
```

</details>To make the changes in the Fileset:

1. Highlight the Fileset and click on Scripts (FW Central menu)
2. Highlight Pre-Uninstallation Scripts, uninstall\_VMware\_CBCloud.sh
3. Click on Edit to open the script
4. Enter in your company code, i.e. #######
5. Click OK to save
6. Click OK to save your changes

<table id="bkmrk-%C2%A0-%C2%A0-%C2%A0" style="border-collapse:collapse;width:100%;"><colgroup><col style="width:50%;"></col><col style="width:50%;"></col></colgroup><tbody><tr><td>[![Uninstallscript.png](https://kb.filewave.com/uploads/images/gallery/2023-10/scaled-1680-/eBdJZDqYR4ybZUqN-uninstallscript.png)](https://kb.filewave.com/uploads/images/gallery/2023-10/eBdJZDqYR4ybZUqN-uninstallscript.png)</td><td>[![Uninstallscript02.png](https://kb.filewave.com/uploads/images/gallery/2023-10/scaled-1680-/C3iHoyW3Pp78Ihek-uninstallscript02.png)](https://kb.filewave.com/uploads/images/gallery/2023-10/C3iHoyW3Pp78Ihek-uninstallscript02.png)

</td></tr></tbody></table>

### Fileset Group

Once the Fileset and Profiles have been created, the best practice is to create a Fileset group. Organizing and keeping multiple profiles and Filesets within the same group for the same application and its configurations is great management and organization.

<p class="callout info">Profiles should be installed first. The VMware Carbon Black Cloud Fileset has a requirement script to ensure profiles are installed, before commencing with download and activation of the Fileset.</p>

[![VMware CCB FS Group.png](https://kb.filewave.com/uploads/images/gallery/2024-03/scaled-1680-/rsEOGRlovWPLJ4SI-vmware-ccb-fs-group.png)](https://kb.filewave.com/uploads/images/gallery/2024-03/rsEOGRlovWPLJ4SI-vmware-ccb-fs-group.png)

Remember to always test Fileset to a few devices before mass deployment.

## Related Content

- [VMware Carbon Black Cloud release notes](https://docs.vmware.com/en/VMware-Carbon-Black-Cloud/3.7.4.53/rn/vmware-carbon-black-cloud-macos-sensor-37453-release-notes/index.html)

# Wacom Tablet Deployment (macOS Fileset Magic)

## Description

Installing the Wacom intuos drivers

<p class="callout info">Last tested with **WacomTablet 6.3.30**</p>

## Ingredients

- FW Central
- Latest Wacom intuos Installer - [https://www.wacom.com/en/products/intuos](https://www.wacom.com/en/products/intuos)

### Directions

1. Do a Fileset Magic capture 
    - In /priviate/var/ the only thing you need is the db/receipts folder
2. Select the fileset and add a script attribute 
    - Create a post-flight script **macOS**```bash
        #!/bin/bash
        launchctl load /Library/LaunchAgents/com.wacom.wacomtablet.plist
        launchctl start com.wacom.wacomtablet
        launchctl load /Library/LaunchAgents/com.wacom.DataStoreMgr.plist
        launchctl start com.wacom.DataStoreMgr
        
        ```
3. Save the fileset and deploy

<p class="callout warning">If 10.13 or greater you will also need to send a profile to allow the kernel extension: [User Approved MDM Enrollment (macOS)](https://kb.filewave.com/books/filewave-client/page/user-approved-mdm-enrollment-macos "User Approved MDM Enrollment (macOS)")</p>

# XCreds - Log in to your Mac with your Cloud Password (macOS PKG)

## Description

<div class="contents-2MsGLg" id="bkmrk-it-does-look-like-th"><div class="markup-eYLPri messageContent-2t3eCI" id="bkmrk-it-does-look-like-th-1">XCreds supercharges your Mac login window. Use your Azure, Google Cloud, Okta or any OpenID Connect password to log in to your Mac. XCreds verifies the password with your identity provider and saves the tokens to the user keychain for validation that the cloud password is in sync with the local password. Perfect. This article will show you how to use it with FileWave. </div></div><div class="markup-eYLPri messageContent-2t3eCI" id="bkmrk-"></div><p class="callout info">This article will give you as much detail as possible to help you get started, but this is incredibly easy software to deploy and configure and we'll show you how below.</p>

<p class="callout warning">Xcreds replaces the loginwindow and allows the connection with a directory providers that supports OIDC. Not all directory providers, however, support Apple's Platform SSO. At the time of writing, only Entra and Okta support Apple's Platform SSO.</p>

## Ingredients

- FW Admin
- Example Fileset - [PKG - XCreds.fileset.zip](https://kb.filewave.com/attachments/474)
- Configuration files - [Configuration + License](#bkmrk-software---download-)

## Directions

<div class="contents-2MsGLg" id="bkmrk--1"></div>XCreds has two components:

- XCreds app -- runs in user space
- XCreds Login Window -- security agent which runs when the user is logging in to macOS

Example Login Window:

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/MJPAjQvRJE8CqM8w-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/MJPAjQvRJE8CqM8w-image.png)

Both the security agent and the app share keychain items in the user’s keychain to keep track of the current local password and the tokens from the cloud provider. Both items prompt the user with a web view to authenticate to their cloud provider, verify login was successful and then update both the local password and user keychain passwords as needed.

<div class="markup-eYLPri messageContent-2t3eCI" id="bkmrk--3"></div>### Features

<table id="bkmrk-login-window-log-in-" style="border-collapse:collapse;width:100%;"><colgroup><col style="width:50%;"></col><col style="width:50%;"></col></colgroup><tbody><tr><td>- Login Window log in to OIDC provider
- Support for Azure, Google Cloud, Okta and any OIDC provider
- Initial account provisioning
- WiFi Login Window configuration
- Restart and shutdown from Login Window
- Profile manifest available for easy configuration
- Local password update with IdP password
- Prompt for IdP password when changed
- Login Keychain password updating
- Customizable preferences
- Easy deployment
- Uses OpenID Connect

</td><td>- Attractive and pleasing menu icon
- Easy configuration with profile / MDM
- [Profile Manifest](https://github.com/ProfileCreator/ProfileManifests) for [Profile Creator](https://github.com/ProfileCreator/ProfileCreator) Support
- Two-Factor and Multi-Factor support
- New username and password window
- Able to create a user as an admin using group member preference
- Kerberos ticket
- Switch to login window at screensaver
- Reset keychain
- Most preferences are now able to be overridden
- Added shake to the password field

</td></tr></tbody></table>

<div class="markup-eYLPri messageContent-2t3eCI" id="bkmrk--5"></div><div class="container-2sjPya" id="bkmrk-pricing"><article class="embedWrapper-1MtIDg embedFull-1HGV2S embed-hKpSrO markup-eYLPri">
</article></div>### Getting Started

You'll want to review their Pricing ( [https://twocanoes.com/products/mac/xcreds/#pricing](https://twocanoes.com/products/mac/xcreds/#pricing) ) but it's very reasonable and you can download the software and get started for free.

<div class="markup-eYLPri messageContent-2t3eCI" id="bkmrk-download-the-latest-">- Download the latest PKG: [Download XCreds](https://twocanoes-software-updates.s3.amazonaws.com/XCreds.pkg)
- Review the Admin Guide: [XCreds Admin Guide](https://twocanoes.com/knowledge-base/xcreds-admin-guide/)
- Once purchased, take a look about the license file: [Install Software License Configuration Profile](https://twocanoes.com/knowledge-base/install-software-license-configuration-profile/)
- Depending on the directory system you use:

</div><table id="bkmrk-idp-microsoft-entra-" style="border-collapse:collapse;width:100%;height:93px;"><colgroup><col style="width:24.938272%;"></col><col style="width:24.938272%;"></col><col style="width:24.938272%;"></col><col style="width:24.938272%;"></col></colgroup><tbody><tr style="height:29px;"><td style="height:29px;">IdP</td><td style="height:29px;">Microsoft Entra (Azure)</td><td style="height:29px;">Okta</td><td style="height:29px;">Google</td></tr><tr style="height:35px;"><td style="height:35px;">Vendor Specific Instructions</td><td style="height:35px;">[Microsoft Setup](https://twocanoes.com/knowledge-base/xcreds-setup-with-azure-oidc/)</td><td style="height:35px;">[Okta Setup](https://twocanoes.com/knowledge-base/xcreds-setup-with-okta/)</td><td style="height:35px;">[Google Setup](https://twocanoes.com/knowledge-base/xcreds-setup-with-google-oidc/)</td></tr><tr style="height:29px;"><td style="height:29px;">Example Plist</td><td style="height:29px;">[Microsoft Plist](https://twocanoes-app-resources.s3.amazonaws.com/xcreds/xcreds_example_azure.mobileconfig)</td><td style="height:29px;">[Okta Plist](https://twocanoes-app-resources.s3.amazonaws.com/xcreds/okta/XCredsOktaTest.mobileconfig)</td><td style="height:29px;">[Google Setup](https://twocanoes-app-resources.s3.amazonaws.com/xcreds/xcreds_example_google.mobileconfig)</td></tr></tbody></table>

### Installing with FileWave

Example, pre-created Fileset:

- [PKG - XCreds.fileset.zip](https://kb.filewave.com/attachments/474)

The provided Fileset includes:

- PKG installer (included version is latest build as of 21/07/23)
- Uninstallation Script
- Reboot flag enabled. The Fileset will trigger a reboot at the end of activation

#### Steps

##### PKG Fileset

Create a new Fileset Group for XCreds and then either:

1. Add the provided Fileset into this group
2. Download the latest version of XCreds PKG and drag this into the XCreds Fileset Group

<p class="callout info">If the second option is actioned, the provided uninstaller will not be included, but could be added, based upon the details shown below in the uninstaller section.</p>

##### IdP Configuration

Follow the related IdP twocanoes documentation to configure the IdP App. Details from this App will be required in the next step.

##### Profile Creation

Download ProfileCreator App and the twocanoes manifest from the Profile Creator page:

- [ProfileCreator App Releases Page](https://github.com/ProfileCreator/ProfileCreator/releases)
- [twocanoes Profile Manifest](https://github.com/ProfileCreator/ProfileManifests/blob/master/Manifests/ManagedPreferencesApplications/com.twocanoes.xcreds.plist)

On the computer running Profile Creator, add the manifest to the following user location:

```
~/Library/Application\ Support/ProfilePayloads/Manifests/ManagedPreferencesApplications/com.twocanoes.xcreds.plist
```

Run Profile Creator and add any items required from the chosen IdP settings, for example: Client ID, DiscoveryURL, etc. and save.

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/wy8603IOWVVXmmYr-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/wy8603IOWVVXmmYr-image.png)

<p class="callout info"> For Microsoft DiscoveryURL, edit the plist, replacing 'common' with the Directory (Tenant) ID if available. For example: discoveryURL = https://login.microsoftonline.com/5c3864d2-38e9-5555-8888-621b9d17fd46/.well-known/openid-configuration</p>

This Profile may now be used to create a Profile Fileset. Do so, by dragging this mobileconfig file to the same XCreds Fileset Group where the XCreds PKG Fileset resides. For example:

[![image.png](https://kb.filewave.com/uploads/images/gallery/2023-07/scaled-1680-/uzlukxsVdfSGg5PF-image.png)](https://kb.filewave.com/uploads/images/gallery/2023-07/uzlukxsVdfSGg5PF-image.png)

<p class="callout danger">The contents of the XCreds payload are beyond the scope of the FileWave interface. Once imported to FileWave, the Payload may not be edited directly within FileWave. Any attempt to view the Payload will fail to show the XCreds portion of the Payload; ensure to Cancel and not save if opened. For the same reason, it is not possible to duplicate this Fileset either. Any editing should be handled within Profile Creator and the Payload re-uploaded to FileWave.</p>

##### Testing

The Fileset Group may now be associated with one or more test devices, as seen fit. Use the above details for the licence file during testing.

Once tested and all is good, the scope of association may be increased and once purchased, the licence details should be pushed as another Profile. This may also be added to the same XCreds Fileset Group

<div class="container-2sjPya" id="bkmrk-support-the-twocanoe"><article class="embedWrapper-1MtIDg embedFull-1HGV2S embed-hKpSrO markup-eYLPri">### Uninstalling

Below is from their website, but this is incorporated in to the Fileset that is on this article as well so you can simply break the association and it will uninstall.

1. To remove XCreds Login, restore the backup security agent rules and remove the launch agent, run: `sudo /Applications/XCreds.app/Contents/Resources/xcreds_login.sh -r`
2. Drag the XCreds app to the trash.

### Support

The twocanoes Software Knowledge Base is located at [https://twocanoes.com/knowledge-base/](https://twocanoes.com/knowledge-base/) but you can also chat on our [FileWave Discord Server](https://kb.filewave.com/books/community-engagement/page/filewave-discord-server "FileWave Discord Server") with other customers as well. Please join the [XCreds channel on MacAdmins Slack](https://macadmins.slack.com/archives/C03GBF2DE7P) for any questions you have directly for twocanoes. Paid support is also [available from twocanoes Software](https://twocanoes.com/products/mac/xcreds/).

### Related Content

- [IdP Setup: Microsoft Entra ID](https://kb.filewave.com/books/identity-provider-idp-integration/page/idp-setup-microsoft-entra-id-azure "IdP Setup: Microsoft Entra ID")
- [IdP Setup: Okta](https://kb.filewave.com/books/identity-provider-idp-integration/page/idp-setup-okta "IdP Setup: Okta")
- [IdP Setup: Google](https://kb.filewave.com/books/identity-provider-idp-integration/page/idp-setup-google "IdP Setup: Google")

</article></div><div class="container-2sjPya" id="bkmrk--8"><article class="embedWrapper-1MtIDg embedFull-1HGV2S embed-hKpSrO markup-eYLPri"></article>  
</div>