Enterprise Deployment Through MDM

The following sections describe recommended procedures for deploying the SysTrack Agent automatically through MDM software to the endpoint devices.  Some MDM software varies so the procedures may have to be modified specific to the environment. 

Certificates

Before deploying the SysTrack Agent, a secure connection from the endpoint system to the SysTrack Server is required. The macOS agent requires SSL (Secure Socket Layer) Certificate Verification in order to securely connect to the Server. This type of security protocol requires a valid SSL certificate, installed and trusted, on the macOS endpoint system.

A certificate payload can be configured through the MDM server to automatically install and trust the SSL certificate on enrolled macOS devices. For more information, see Apple's Support document.

Cloud Edition deployments do not require a certificate payload given the use of a publicly trusted Certificate Authority (CA) for authentication and encryption.

Privacy Preferences Policy Control

To enable Full Disk Access for the SysTrack Agent on enrolled macOS devices, a Privacy Preferences Policy Control payload can be configured within the MDM server. These payload settings will change the Security and Privacy settings on the endpoint device.  For more information, see Apple's Support document.

Create a payload with the following settings:

Identifier Type

Bundle ID

Identifier Name

com.lakesidesoftware.lsiagentd

Allow or Deny

Allow

Code Signing Requirement

identifier "com.lakesidesoftware.lsiagentd" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = SQL6SRUA2Y

Setting Required

System Policy All Files

System Policy administrator files

SysTrack Deployment

We recommend you complete the following steps to deploy SysTrack through MDM software. For on-premises deployments, you can simply deploy the Install-SysTrack.pkg along with a post-install script to run the Agent control script. For Cloud Edition deployments, you are required to create a new deployment package that contains lsiagent.cfg, Install-SysTrack.pkg, and a post-install script.

On-Premises Deployment

Follow these steps:

  1. The Install-SysTrack.pkg file can be deployed as-is and can be found in the release media.

  2. Add a post-install script to the deployment policy with the following command:

sudo /Library/Application\ Support/Lakeside\ Software/lsiagentctl setup <Server_FQDN> <script_parameters>

Cloud Edition Deployment

Follow these steps:

  1. Create a new flat .pkg file that contains Install-SysTrack.pkg and lsiagent.cfg within a tmp directory.

  2. Add a post-install script to the deployment package with the following commands:

    • Run a silent install of the SysTrack Installer:

      sudo installer -pkg /tmp/Lakeside/Install-SysTrack.pkg -target /

    • Run the lsiagentctl control script with the appropriate script parameters:

      sudo /Library/Application\ Support/Lakeside\ Software/lsiagentctl setup <script_parameters>

Enterprise Upgrades

For SysTrack upgrades with MDM software, you can deploy the updated Install-SysTrack.pkg as-is without any post-install scripts. The SysTrack Agent should automatically update, restart, and connect back to the SysTrack Server with the updated version.