Perform a macOS agent silent install

As an alternate installation option for macOS agent installs, you can install the agent from a probe. You need to change configuration options on the Mac device to enable this install to occur.

You need a universal administrative account on every macOS device to facilitate agent installation. It is recommended that you create at minimum one account for your workstations and a separate account for servers.

For further information, see Install a macOS agent.

You need a device's agent activation key to install the agent software. You can find the activation key by navigating to the All Devices view and clicking on the name of the device. In Device Details, click Settings > Local Agent. Next to Activation Key, click Get Activation Key then Copy Activation Key.

The macOS agent supports the following operating systems:

macOS Agents

  • 14.x (Sonoma)

  • 13.x (Ventura)

  • 12.x (Monterey)

Install the macOS agent with the dmg-install.sh script

  1. From N-central download the "DMG Installation Script" and the "macOS Agent (dmg)".

  2. Make sure to extract the script into the same folder location as the dmg.
  3. Use one of the methods below to install:
    • With an activation key, retrieved from the central server:

      sudo dmg-install.sh -k <activation key>

    • Prior to N-centrall 2020.1, with a Customer Name and Customer ID (Customer name may need to be quoted if it contains spaces or shell meta-characters):

      sudo sh dmg-install.sh -s <server endpoint ip/fqdn without the https://> -c <customer name> -i <customer id>

    • On 2020.1 or later with a Customer Name and Customer ID (Customer name may need to be quoted if it contains spaces or shell meta-characters):

      sudo sh dmg-install.sh -s <server endpoint ip/fqdn without the https://> -c <customer name> -i <customer id> -t <registration token>

    • For N-central 2022.6 and later with a Customer Name and Customer ID (Customer name may need to be quoted if it contains spaces or shell meta-characters):

      sudo sh silent_install.sh -s <server endpoint ip/fqdn without the https://> -c <customer name> -i <customer id> -t <registration token> -I <installation package>

  4. Additional Flags:
    1. -p Specify the protocol for the agent to use.
    2. -a Specify the port for the agent to use.
    3. -x Specify an http proxy for the agent to use.
  5. Once the script has run navigate to All Devices and click the Network Devices tab.
  6. Click Add.
  7. Click Discovered Assets.
  8. Select your device and import it.

Your device should now be added in N-central.

You can confirm this from the Customer level, by navigating to All Devices, and click the Network Devices tab.

Enable remote login on the macOS device.

Enabling remote login allows the probe to access the device to perform the install.

  1. Click the Apple MenuSystem PreferencesSharing.
  2. Click the check box for Remote Management.
  3. Select either all users or a specific administrative account.
  4. Click Computer Settings and select the options required.

Temporarily allow applications downloaded from anywhere in Gatekeeper.

The Gatekeeper in macOS ensures that only trusted software can be installed and run on a Mac. N-able N-central agents are built on the N-able N-central Server during the N-able N-central install or upgrade and the agent is not signed by an identified developer's certificate from Apple. Because the agent is not downloaded from the App Store, the Gatekeeper can block the installation of this software.

Verify that the macOS device has the permissions to download and install the agent software.

  1. Click the Apple MenuSystem PreferencesSecurity & Privacy.
  2. In the Allow apps downloaded from area, ensure App Store and identified developers is selected.

Once the agent install is complete, change this setting back to App Store.

Configure the discovery job

Configure your Discovery Job with the credentials for all the macOSdevices you want to install the agent on. Ensure you add the Workstation - macOS class to the Import and Install Agent lists on the Auto Import tab.

Once Remote Login is enabled on a macOS device, you can use the SSH object in an Automation Policy to remotely disable and enable GateKeeper. For more information see the article How to Disable Gatekeeper from Command Line in macOS.

Use these setup steps as the referenced Install Available Mac Updates automation policy script, replacing Softwareupdate -i -a with the required commands to disable/enable GateKeeper.