General - Mac - Endpoint Management Baseline
A summary of what is installed and configured on all staff Mac hardware in the GLS.
All users will maintain their admin rights of their mac and be able to perform all admin functions. However, there are a few pieces of software that users will not be able to remove since they will automatically be reinstalled upon removal. Those applications include WorkspaceOne IntelligentHub Agent, BigFix BES Agent, Lansweeper Agent, and GlobalProtect VPN. If you are having issues with any of this software and need them removed for any reason, please reach out to the LTG Help Desk for assistance.
- WorkspaceOne IntelligentHub Agent
- WorkspaceOne is the Mobile Device Manager we use for software deployment, profile management, and endpoint security compliance
- Lansweeper Agent
- Allows us to automatically inventory endpoint hardware and software for asset and lifecycle management
- PaloAlto GlobalProtect VPN
- Used for VPN Access
- A Post-enrollment script, which:
- Renames computer to GLS-MLAP and last 8 of serial
- Sets timezone to CST
- Enables Apple remote desktop for remote support by Help Desk
The following settings are configured as Defaults:
- Local firewall is turned on
- We allow users to give permissions to kernel and system extensions for software they install manually
- The computer will require a password once it goes to sleep
- The login window after startup will request a Username and Password
- Certain kernel and system extensions are enabled to make deployed software operational
- An LTG Admin account is added
- The password for this account is unique for every computer (no two computers have an LTG Admin account with the same password and the password changes frequently
Optional Software available via Opt-In:
If you would like this optional software automatically installed and configured on your Mac, please let the LTG Help Desk know and they will add you to the group that receives it.