macOS Ventura Deployment Support - Managed Login Items?

Wondering what the timeframe is for guidance/support for deployments of the Solarwinds Discovery Agent to macOS Ventura?

The Agent is installing okay-ish* on macOS Ventura 13.0, but the Agent is throwing a service management Login Items message about Ruby and I can't get the background service fully managed.

There's no TeamID for the executables, so I can only use the Label as shown in the launch daemon to try to manage the Login Item. This is not successful, and the end user has the ability to turn off the background item and presumably kill the Agent's ability to report in.

The screenshot below shows the ruby background item that has been turned off by the end user on the computer, along with other login items that have been properly managed and cannot be toggled.

Indeed, with Ruby in this state, when I try to do a forced inventory update from the agent, Apple system profiler throws an error and while the command claims "done!" the results do not show up in SWSD audit for the device.

*The applications still report "code object is not signed at all" when checking with the codesign command, and the permissions are . . . nonstandard for the locations where they end up.

Parents
  • Wondering if there's an update for this issue yet?

  • I have solved the issue at least as regards to preventing users from toggling off the ruby subsystem:

    If a managed login items profile isn't working correctly (mostly for Label rules), try signing it and uploading as a .mobileconfig file.

    I tried every combination of bundle identifier, Label, Label Prefix I could find and still was unable to lock out users from turning off the SWSD agent. I'd never had to sign a profile before when uploading to Jamf (it's a huge hassle if you have to make any changes), but that was the only thing I had left, so I followed Jamf's instructions for creating a signing certificate and gave it a try. This was successful for the Solarwinds Discovery Agent and another utility I was having trouble with.

    I still look forward to seeing the agent properly signed and notarized in the future. I hope the developers will be paying attention the WWDC this coming June so they know about the next changes that will need to be supported.

Reply
  • I have solved the issue at least as regards to preventing users from toggling off the ruby subsystem:

    If a managed login items profile isn't working correctly (mostly for Label rules), try signing it and uploading as a .mobileconfig file.

    I tried every combination of bundle identifier, Label, Label Prefix I could find and still was unable to lock out users from turning off the SWSD agent. I'd never had to sign a profile before when uploading to Jamf (it's a huge hassle if you have to make any changes), but that was the only thing I had left, so I followed Jamf's instructions for creating a signing certificate and gave it a try. This was successful for the Solarwinds Discovery Agent and another utility I was having trouble with.

    I still look forward to seeing the agent properly signed and notarized in the future. I hope the developers will be paying attention the WWDC this coming June so they know about the next changes that will need to be supported.

Children
No Data