Getting Started
Trust CenterTourStatusPageSupport

Install Mac forwarder with Kandji

Suggest Edits

With the Stairwell Forwarder for MacOS, organizations can automatically collect files from macOS devices (Intel & Apple Silicon supported) and have them processed by the Stairwell platform. To deploy the Stairwell Forwarder, multiple pieces will need to be in place before it can fully function.

📘

This article is for installing the Stairwell Forwarder via Kandji. For other step-by-step guides, please check to see if there is an article available here.

Prerequisite(s)

Before the forwarder package can be installed, several profiles will need to be installed on the client machine. These profiles ensure that the Forwarder install without requiring user interaction as well as ensuring it has full disk access.

  • Privacy Profile
  • System Extension Profile
  • System Extension Policy
  • Stairwell Forwarder Profile

🚧

Warning!

The initial scan (we refer to as the backscan) is a comprehensive physical disk scan that is very resource intensive for a short period of time. We do not recommend installing the forwarder on critical assets early in your deployment. Think of your first several deployments as "sacrificial" in that they will take the biggest hit because they will be uploading the greatest number of unique files and each subsequent install will have less and less unique files and therefore, shorter and less intensive backscans.

Installing the Privacy Profile

The privacy profile ensures that the Forwarder can access all files on the entire disk, including in the User home directory. By default this access is denied by macOS, so it is critical that this profile is deployed ahead of installing the Forwarder.

  • On the left hand menu, select Library
  • Select Add new in the top right hand corner
  • Search for Privacy, select the Privacy profile option then Add & Configure
  • Name the item Stairwell Forwarder Privacy
  • Under Assignment, add this to your test group blueprint.
  • Use the following values in the App Access pane
    • 🔘 Bundle ID
    • Identifier: com.stairwell.Inception.ProcessMonitor
    • For Code Requirement, copy the following string into the box:
anchor apple generic and identifier "com.stairwell.Inception.ProcessMonitor" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "677UQVFGY8")
  • Under App or Service use the following settings:
    • App or Service: SystemPolicyAllFiles
    • Access: Allow
  • Select Save in the bottom right.

Installing the System Extension Profile

The system extension policy allows the Stairwell Forwarder system extension to load without user interaction.

  • On the left hand menu, select Library
  • Select Add new in the top right hand corner
  • Search for System Extension, select the System Extension profile option then Add & Configure
  • Name the item Stairwell Forwarder System Extension
  • Under Assignment, add this to your test group blueprint.
  • Use the following values for this profile:
    • General - ☑️ Allow users to approve system extensions (Unless your security policy dictates otherwise)
    • Under Team ID
      • Team Identifier - 677UQVFGY8
      • Name - Stairwell Forwarder
      • System Extensions - Allow specific system extensions
      • Click Add more
        • Allowed System Extension - com.stairwell.Inception.ProcessMonitor
        • Name - Stairwell Forwarder
      • The completed settings should look like the following:
  • Select Save in the bottom right

Installing the System Extension Policy

If this policy is not pushed, it is impossible to silently remove the Stairwell Forwarder. It is highly suggested to push this profile so that silent remediations are possible.

  • On the left hand menu, select Library
  • Select Add new in the top right hand corner
  • Select Custom Profile followed by Add & Configure
  • Name the item Stairwell Forwarder System Extension Policy
  • Under Assignment, add this to your test group blueprint.
  • Download the example System Extension Policy from the Download Center. 
  • Drag and drop the file under the Profile box, where it says Drag file here or click to upload .mobileconfig file
  • Click save in the bottom right corner

Installing the Stairwell Forwarder Profile

This profile contains the Environment ID for your Stairwell Environment as well as a registration token. Without these settings, the Forwarder will not register correctly.

  • On the left hand menu, select Library
  • Select Add new in the top right hand corner
  • Select Custom Profile followed by Add & Configure
  • Name the item Stairwell Forwarder Settings
  • Under Assignment, add this to your test group blueprint.
  • Download the example profile from the Download Center.
  • Edit the example profile with your favorite text editor
  • Replace YOUR_ENVID_HERE with your actual Env ID.
  • Replace YOUR_REGISTRATION_TOKEN_HERE with your registration token.

❗️

If either of these values are incorrect, the Forwarder will fail to register. Double check these values before continuing.

  • Save your changes to the profile
  • Drag and drop your customized settings profile under the Profile box, where it says Drag file here or click to upload .mobileconfig file
  • Click save in the bottom right corner

Installing the Stairwell Forwarder

Once all the above profiles are pushed to the blueprint you are targeting, the last step is to install the Stairwell Forwarder itself.

  • On the left hand menu, select Library

  • Select Add new in the top right hand corner

  • Select Custom Apps followed by Add & Configure

  • Name the item Stairwell Forwarder Install

  • Under Assignment, add this to your test group blueprint.

  • Use the following values for this Custom App:

  • Installation - Audit and enforce

  • Use the following audit script:

    #!/bin/zsh

# App install check
APP_CHECK_ENABLED=true
APP_NAME="Inception Forwarder"
APP_PATH="/Applications/${APP_NAME}.app"
APP_VERSION_CHECK_ENABLED=true
APP_VERSION=851
APP_VERSION_KEY="CFBundleVersion"
# Profile install check
PROFILE_CHECK_ENABLED=true
PROFILE_NAME="Stairwell Forwarder System Extension"

# non-zero exit code to install the software

appVersionCheck() {
	## App Version check
	INSTALLED_APP_VERSION=$(defaults read "${APP_PATH}/Contents/Info" "${APP_VERSION_KEY}")
	if (($INSTALLED_APP_VERSION >= $APP_VERSION)); then
		echo "${APP_NAME} is up to date, exiting..."
		exit 0
	else
		echo "${APP_NAME} is out of date, proceeding..."
		exit 1
	fi
}

## Profile check
# If a profile is required for the software to work properly, check for it before
# proceeding
if [ "$PROFILE_CHECK_ENABLED" = true ] ; then
	/usr/bin/profiles -C -v | awk -F: '/attribute: name/{print $NF}' | grep -q "${PROFILE_NAME}"
	# 1 if missing, 0 if present
	profile_installed=$?
	if [ $profile_installed -ne 0 ]; then
		echo "${PROFILE_NAME} profile is missing, exiting..."
		exit 0
	else
		echo "${PROFILE_NAME} profile is installed, proceeding..."
	fi
fi

## App check
if [ "$APP_CHECK_ENABLED" = true ] ; then
	# If the app exists in the path specified in APP_PATH, skip install
	if [ -d $APP_PATH ]; then
		if [ "$APP_VERSION_CHECK_ENABLED" = true ]; then
			appVersionCheck
		fi
		echo "${APP_NAME}.app is installed, exiting..."
		exit 0
	else
		echo "${APP_NAME}.app is missing, proceeding..."
		exit 1
	fi
fi

📘

In this script

APP_VERSION must match the build number of the Stairwell Forwarder. If the file name is InceptionForwarder-1.3.2.851, the build number would be 851

PROFILE_NAME must match the profile used to allow the system extension to be installed. If following this guide exactly, it should be Stairwell Forwarder System Extension

  • Skip all Self Service settings
  • Under Install Details, use the following settings:
    • 🔘 Installer Package
    • Drag and drop the latest install package found on the Download Center
  • No Preinstall or Postinstall scripts are required
  • Click Save in the bottom right corner.

Once all of the above has been completed, the Forwarder will be deployed and working on the blueprint selected in the above steps.

Confirm Installation

  • Navigate to https://app.stairwell.com and log in
  • Click on Assets
  • Click on the newly created asset name(s) to confirm the retrieval of files
  • Take note of the data under All Objects

📘

It may take a few minutes for file ingestion to begin and show in the application.

Updated 9 months ago