Install Mac forwarder with Jamf Pro

With the Stairwell Forwarder for MacOS, organizations can automatically collect files from macOS devices (Intel & Apple Silicon supported) and have them processed by the Stairwell platform. To deploy the Stairwell Forwarder, multiple pieces will need to be in place before it can fully function.

Step 1: Create Configuration Policies

Step 2: Create Smart Computer Group

Step 3: Create Application Package

Step 4: Create New Policy

Step 5: Confirm Installation

🚧

Warning!

The initial scan (we refer to as the backscan) is a comprehensive physical disk scan that is very resource intensive for a short period of time. We do not recommend installing the forwarder on critical assets early in your deployment. Think of your first several deployments as "sacrificial" in that they will take the biggest hit because they will be uploading the greatest number of unique files and each subsequent install will have less and less unique files and therefore, shorter and less intensive backscans.


1. Create Configuration Policies

1A. Create System Extension Policy

  • Log into Jamf Pro

  • Under Computers ➡️ Content Management, Select Configuration Profiles

  • Select + New

  • Under Options ➡️ General
    • Name: Stairwell Forwarder System Extension Policy
    • Level: Computer Level
    • Distribution Method: Install Automatically
  • Under Options ➡️ System Extensions, Select Configure
  • Check the box for Allow users to approve system extensions
  • Under Allowed Team IDs and System Extensions
    • Display Name: Stairwell System Extension Policy
    • System Extension Types: Allowed System Extensions
    • Team Identifier: 677UQVFGY8
  • Under Allowed System Extensions, Select + Add
    • Type in: com.stairwell.Inception.ProcessMonitor
    • Select Save
  • Under Options ➡️ Scope ➡️ Selected Deployment Targets, Select + Add
    • Select the desired computer, user, group, etc
    • Select Add
  • Select 💾 Save

📘

Optional System Extension Type

Instead of selecting "Allowed System Extensions", you can select "Allow Team Identifiers" and skip the Allows System Extension setup. This is a less restrictive setting.

1B. Create Privacy Policy

  • Under Content Management, Select Configuration Profiles
  • Select + New in top right
  • Under Options ➡️ General
    • Name: Stairwell Forwarder Privacy Policy
    • Level: Computer Level
    • Distribution Method: Install Automatically
  • Under Options ➡️ Privacy Preferences Policy Control, Select Configure
    • Identifier: com.stairwell.Inception.ProcessMonitor
    • Identifier Type: Bundle ID
    • Code Requirement: anchor apple generic and identifier "com.stairwell.Inception.ProcessMonitor" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "677UQVFGY8")
  • Under APP OR SERVICE, Select + Add
    • Select SystemPolicyAllFiles
    • Select Allow
    • Select Save
  • Under Options ➡️ Scope ➡️ Selected Deployment Targets, Select + Add
    • Select the desired computer, user, group, etc
    • Select Add
  • Select 💾 Save

1C. Create Application Settings Policy

  • Under Content Management, Select Configuration Profiles
  • Select + New in top right
  • Under Options ➡️ General
    • Name: Stairwell Forwarder Settings Policy
    • Level: Computer Level
    • Distribution Method: Install Automatically
  • Under Options ➡️ Applications & Custom Settings ➡️ External Applications, Select + Add

    • Source: Custom Schema
    • Preference Domain: com.stairwell.Inception.ProcessMonitor
    • Select + Add schema under Custom Schema
    {  
      "description": "Preference settings for Stairwell Forwarder",  
      "title": "Stairwell Forwarder",  
      "properties": {  
        "EnvId": {  
          "title": "Environment ID",  
          "description": "Stairwell Environment ID",  
          "property_order": 5,  
          "type": "string"  
          },  
        "RegistrationToken": {  
          "title": "Registration Token",  
          "description": "Token used to register assets",  
          "property_order": 10,  
          "type": "string"  
        },  
        "Debug": {  
          "title": "Debug Logging",  
          "description": "Enables debug logging. Defaults to false",  
          "property_order": 75,  
          "type": "boolean"  
        }  
      }  
    }
    
    • Environment ID: Environment ID
    • Registration Token: File Forwarder Token
    • Debug Logging: false
  • Under Options ➡️ Scope ➡️ Selected Deployment Targets, Select + Add

    • Select the desired computer, user, group, etc
    • Select Add
  • Select 💾 Save


2. Create Smart Computer Group

  • Under Computers ➡️ Groups, Select Smart Computer Groups
  • Select + New
  • Under Computer Group
    • Display Name: Stairwell Forwarder Profiles
  • Under Criteria, Select + Add
  • Select Show Advanced Criteria
  • Find Profile Name and Select Choose (repeat this 2 more times)
  • Under Criteria
    • Operator: Has
    • Value: Stairwell Forwarder System Extensions Policy
    • AND/OR: and
    • Operator: Has
    • Value: Stairwell Forwarder Privacy Policy
    • AND/OR: and
    • Operator: Has
    • Value: Stairwell Forwarder Settings Policy
  • Select 💾 Save

3. Create Application Package

  • Under General ➡️ Filename, Select Choose File
  • Select the downloaded package
  • Select 💾 Save

📘

Upload failed: undefined error

If you encounter this error, please check the Cloud Services Connection.


4. Create New Policy

  • Under Computers ➡️ Content Management, Select Policies
  • Select + New
  • Under Options ➡️ General
    • Display Name: Stairwell Forwarder
    • Enabled: ☑️
    • Trigger: Recurring Check-in
  • Under Options ➡️ Packages
    • Select Configure
    • Find the package created in Step 3, Select Add
    • Distribution Point: Each computer's default distribution point
    • Action: Install
  • Under Scope ➡️ Targets ➡️ Selected Deployment Targets
    • Select + Add
    • Select Computer Groups
    • Find the group created in Step 2, Select Add
  • Select 💾 Save

📘

Additional Notes

  1. If the profile payloads from the steps above are incorrect or not present before the installer runs, the installation will fail and require remediation.
  2. Once the above configuration profiles, smart groups, packages, and policies are created, Jamf Pro will automatically install the package on the machines which have the required profiles.

5. Confirm Installation

  • Navigate to https://app.stairwell.com and log in
  • Select Assets
  • Select the newly created asset name(s) to confirm the retrieval of files
  • Take note of the data under All Objects