Shell scripts on macOS devices

Ivanti EPMM allows you to create and sign your own macOS shell scripts, which you can then upload to Ivanti EPMM and run on managed macOS devices. You can write a script that configures any setting within macOS System Preferences on macOS devices. Or, you may wish to run scripts that:

  • force device users to change their passwords monthly
  • lock the screen after 5 minutes of idle time
  • or configures a secured Wi-Fi network.

After uploading scripts to Ivanti EPMM and configuring macOS script configuration and policy components, Ivanti EPMM executes your scripts on macOS devices using [email protected] for macOS. [email protected] for macOS polls Ivanti EPMM periodically to check whether there are any scripts awaiting execution. If there are scripts in the queue, [email protected] for macOS downloads and runs the scripts on macOS devices according to settings you define on Ivanti EPMM. [email protected] runs the scripts as the device user or as root, depending on how you signed the script. [email protected] then returns the script execution results to Ivanti EPMM, which are shown in the audit logs.

Components required to run shell scripts on macOS devices

To run shell scripts on macOS devices, you need:

  • [email protected] for macOS on macOS devices
  • Ivanti EPMM 9.7.0.0, or supported newer versions, configured with mutual authentication
  • Script signing tool, provided by Ivanti
  • macOS script configuration on Ivanti EPMM
  • macOS script policy on Ivanti EPMM

Main steps of running shell scripts on macOS devices

Running shell scripts on macOS devices involves the following main steps:

  1. Registering macOS devices with Ivanti EPMM using [email protected] for macOS
  2. Creating certificates for your shell scripts for macOS
  3. Creating a shell script for macOS
  4. Testing your shell script for macOS
  5. Signing your shell script for macOS
  6. Configuring a macOS script configuration on Ivanti EPMM
  7. Configuring a macOS script policy on Ivanti EPMM
  8. Viewing macOS script execution logs