Adding Mac workstations to ADAudit Plus

ADAudit Plus uses an agent to fetch the logon events from Mac workstations. The agent can be installed automatically on all the target Mac workstations via ADAudit Plus' UI or manually on each individual workstation.

Add Mac workstations via ADAudit Plus' UI

To add the target Mac workstations automatically, you can install the agent through ADAudit Plus' UI by following the steps below:

• Log in to your ADAudit Plus web console.
• Navigate to the Server Audit tab > Configured Server(s) > Workstations.
• Click +Add workstation(s).
• Select the Mac workstations that you want to audit from the list.
• Check the Allow ADAudit Plus to automatically install agent for macOS devices as it is essential for their functioning check box and click OK.

Note: If you have assigned sufficient privileges to the user configured under Domain Settings, ADAudit Plus will automatically install the agent on the target Mac workstations. Once the agent is installed, the configured Mac workstations can be found listed under the Server Audit tab > Configured Server(s) > Workstations.

Add Mac workstations manually

If you do not wish to install the agent automatically on the target Mac workstations, you can install it manually. The general steps involved in installing the agent manually on the Mac workstations are as follows:

• Log in to the server on which ADAudit Plus is installed, navigate to the <Installation directory>\ManageEngine\ADAudit Plus\adap\agent folder, and copy the MACAgent.zip file to the Mac computer that you want to add to ADAudit Plus.
• Now, log in to the Mac workstation as an administrator, extract the zip file that you just copied, and locate the ADAuditPlus_MacAgent.pkg and serverinfo.plist files.
• Execute the ADAuditPlus_MacAgent.pkg file and provide admin credentials when prompted to complete installation.
• Once the agent is installed, the configured Mac workstations can be found listed under the Server Audit tab > Configured Server(s) > Workstations.
• Delete the extracted .pkg, .plist, and MACAgent.zip files after installation.

Add Mac workstations manually via SSH

If you want to install the agent on target Mac workstations via SSH, follow the steps below:

• Log in to the server on which ADAudit Plus is installed, navigate to the <Installation directory>\ManageEngine\ADAudit Plus\adap\agent folder, and copy the MACAgent.zip file to the Mac computer that you want to add to ADAudit Plus.
• Now, log in to the target computer using SSH by executing the following command:
ssh adminusername@hostname
• Navigate to the location where the MACAgent.zip file is copied and unzip it by executing the following command:
unzip -oq _MACAgent.zip
• Install the agent using the following command:
sudo installer -pkg ADAuditPlus_MacAgent.pkg -target /
• Enter the administrator password when prompted to complete agent installation.
• Once the agent is installed, the configured Mac workstations can be found listed under the Server Audit tab > Configured Server(s) > Workstations.
• Delete the extracted .pkg, .plist, and MACAgent.zip files by executing the following commands:
rm ADAuditPlus_MacAgent.pkg
rm serverinfo.plist
rm MACAgent.zip

Note: Automatic addition and removal of Mac workstations via Automatic Configuration (Configuration tab > Configured Server(s) > Automatic Configuration) is not supported at the moment.

Best practice: Ensure that the fetch interval for events is set to a value greater than 10 minutes for optimal performance in ADAudit Plus.

View macOS logon audit reports in ADAudit Plus

To view the logon events happening in your Mac workstations, navigate to the Reports tab, and within the Local Logon-Logoff section, you can find the relevant events in the following reports:

• Local Logon Failures
• Interactive Logon Failures
• Logon Activity