Managed MDM Preferences for MacOS

Managed MDM Preferences for MacOS

Managed Preferences / MDM / LDAP Configuration for MacOS

MacOS can now also load Client Filter pushed preferences in 7.58 and above. MacOS has a few locations where these can be configured, depending on the technology used to configure them.  The first preference found is used.

Lenovo Netsweeper recommends using a system to push Managed Preferences. However, if this does not exist or for Local testing, you can use the /Library/Preferences. Remember, the first setting found is used.

Loading Order

Apple manages the per user setting in /Library/Managed Preferences, however, an Administrator can also set a Preference in /Library/Preferences.
  1. /Library/Managed Preferences/USER/com.netsweeper.nscf.netsweeper.divert.plist
  2. /Library/Managed Preferences/com.netsweeper.nscf.netsweeper.divert.plist
  3. /Library/Preferences/com.netsweeper.nscf.netsweeper.divert.plist

ConfigEdit or divert -c

Mac now behaves the same way as Windows but is configured with a plist file.

Example plist File non-encoded

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

    <key>configedit</key>

    <string>-p demo.netsweeper.com</string>

</dict>

</plist>

Example plist File encoded

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

    <key>configedit</key>

    <string>LHEha25kL2JubCEseCFydmRkcWRzISxnITMxNTghLHUhODk2</string>

</dict>

</plist>

Jamf Example

Manual mobileconfig Profile Install

Sample mobileconfig

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

   <dict>

   <key>PayloadIdentifier</key>

   <string>com.netsweeper.divert.managed</string>

   <key>PayloadRemovalDisallowed</key>

        <true/>

   <key>PayloadScope</key>

   <string>System</string>

   <key>PayloadType</key>

   <string>Configuration</string>

   <key>PayloadUUID</key>

   <string>com.netsweeper.divert.managed</string>

   <key>PayloadOrganization</key>

      <string>Netsweeper Client Filter</string>

   <key>PayloadVersion</key>

      <integer>1</integer>

   <key>PayloadDisplayName</key>

      <string>Netsweeper Client Filter Configuration</string>

   <key>PayloadDescription</key>

      <string>Netsweeper Client Filter Configuration</string>

   <key>PayloadContent</key>

        <array>

             <dict>

            <key>PayloadType</key>

             <string>com.apple.ManagedClient.preferences</string>

             <key>PayloadVersion</key>

                <integer>1</integer>

             <key>PayloadIdentifier</key>

             <string>com.netsweeper.nscf.netsweeper.divert.configedit</string>

             <key>PayloadUUID</key>

             <string>com.netsweeper.nscf.netsweeper.divert.configedit</string>

             <key>PayloadEnabled</key>

                <true/>

             <key>PayloadDisplayName</key>

                <string>Netsweeper Client Filter Configuration</string>

             <key>PayloadContent</key>

                <dict>

                  <key>com.netsweeper.nscf.netsweeper.divert</key>

                     <dict>

                          <key>Forced</key>

                          <array>

                               <dict>

                               <key>mcx_preference_settings</key>

                                    <dict>

                                      <key>configedit</key>

                                       <string>-p ps.cloud.netsweeper.com:3431 -f 2048</string>

                                    </dict>

                               </dict>

                          </array>

                     </dict>

                </dict>

             </dict>

        </array>

   </dict>

</plist>

Force Refreshing/Update of Managed Preferences

If playing the plist in /Library/Managed Preferences or deleting the system will cache the current values.
To remove/refresh use the following:
sudo mcxrefresh USERID
sudo mcxrefresh james

Silent Install

When installed by command line or via MDM the pkg scripts will automatically be silent based on the environment variable COMMAND_LINE_INSTALL
sudo installer -pkg "Netsweeper Client Filter - 8.1.40.40 mac64.pkg" -target /

A MobileConfig is Now Uploaded with Each Release/Brand

Checking Current Managed Preferences

Open system profiler, "Click Apple -> About -> System Report -> Software -> Managed Clients

    • Related Articles

    • Installing Lenovo NetFilter for macOS Devices

      Overview This article explains how to install the macOS client on an individual student device (MacBook, iMac, etc.). You must have local administrator rights to install software on the student devices in order to perform the steps below. Run the ...

    • Importing and Exporting Lists

      Importing and Exporting Lists The most efficient way to add a list of URLs to your local Allow or Deny lists is to create an external file in Excel or a text editor and then import the list into the WebAdmin. Use the Export button to export a list to ...

    • Manually Uninstalling Apple OSx Client Filter

      If the Apple OS x Client Filter cannot be uninstalled with the Client Filter preference pane, the uninstaller program can be manually run instead. Run the Apple OS x Client Filter uninstaller by following these steps: 1.      When logged in as an ...

    • Troubleshooting Client Filter

      This document outlines troubleshooting procedures for the Windows and Apple OS x Client Filter. Troubleshooting the Windows Client Filter Accessing the Filter settings and Checking the Status 1.    Open Control Panel or select the System Preferences ...

    • Netsweeper Additional Features

      What additional feature are obtained by migrating to Netsweeper? Lenovo NetFilter is based upon the filtering technology from Netsweeper using their nFilter and nClient technologies. With this migration, you will get important additional ...