EV Reach Client Agent - The Agent Manager for MacOS
EV Reach v10 introduces support for MacOS endpoints. EV Reach is now able to provide nearly identical functionality to managing MacOS machines as Windows machines.
See the v9 to v10 Migration guide for information about upgrading to EV Reach v10.
Requirements
A EV Reach Client Agent must be installed on the MacOS system to manage it. The agent can be pushed through the console or manually installed via a PKG installer.
Supported MacOS Versions:
- Mojave
- Catalina
- BigSur
Push Based Installation
- Enable Remote Login on the MacOS endpoint.
- Enable MacOS Agent Deployment support in the EV Reach Console.
- Enter an administrative account in the EV Reach Credential Manager.
- Push the MacOS Reach Agent via the EV Reach Console.
- Enable Permissions on the MacOS desktop.
Manual PKG Installer
- Enter an administrative account in the EV Reach Credential Manager.
- Deploy the MacOS Reach Agent with a PKG file.
- Enable Permissions on the MacOS desktop.
Enable Remote Login on the MacOS endpoint
Enabling "Remote Login" on the MacOS device is required for remote agent installation and agent management. This step is not required if push based agent installations are not going to be used.
Enabling Remote Login opens up SSH access to the system over the network. This step has to be performed on the MacOS system itself.
Enabling "Remote Login" on a MacOS desktop:
- Open System Preferences, click Sharing, then select Remote Login.
- Select the Remote Login checkbox.
- Note: Selecting Remote Login also enables the secure FTP (sftp) service.
- Specify which users can log in:
- All users: Any of your computer’s users and anyone on your network can log in.
- Only these users: Click the Add button , then choose who can log in remotely. Users & Groups includes all the users of your Mac. Network Users and Network Groups include people on your network. The user credentials will then need to be added to the EV Reach Credential Manager.
Enabling MacOS Agent Deployment support in the EV Reach Console
The EV Reach Console will need to be configured to manage MacOS endpoints.
Enabling Agent Deployment for MacOS
- Open the EV Reach Console
- Navigate to the Application Tab --> General Settings --> Client Agents
- Enable Agent Deployment for MacOS
Configuring Credentials for MacOS End Points
EV Reach supports managing Active Directory Domain Joined and Non AD Joined MacOS computers. It is required that the proper credentials be loaded in to the EV Reach Credential Manager in order to access the remote MacOS system. Credentials can be local or domain credentials. See Using Alternate Credentials for further details.
Deploy the MacOS Agent
Once the "Remote Login" setting is enabled in MacOS and the proper credentials are stored in the EV Reach Credential Manager, the MacOS agent can be deployed using push based methods.
Alternatively, a PKG file can be generated using the EV Reach Agent Manager. See the EV Reach Agent Manager for more information.
Granting the EV Reach Agent Permissions on the MacOS Workstation
MacOS requires explicit permissions be granted to the EV Reach Agent Application for remote administration.
The following permissions are required:
- Screen Recording
- Full Disk Access
- Accessibility
These permissions grant the EV Reach MacOS agent the ability to perform administrative tasks. These permissions must be granted by an account on the MacOS system that has administrative privileges and must be done manually.
To grant the required permissions to the remote system:
- Open the EV Reach Client Configuration App on the MacOS system
- Click the System Access Tab
- For each permission, click Review Access
The MacOS system will ask for permission for each item. If permissions need to be re-enabled, click the Review System Access button to request access.
Access does not need to be requested again after the initial installation of an agent. All subsequent installations will use the same permissions.
