The Kandji Agent offers a suite of powerful Terminal commands that give admins additional control and information for their fleet of devices. While some commands can only be executed locally on a device using Terminal, others can be deployed through a Custom Script Library Item for greater flexibility.
Local-Only Commands
The following commands must be executed directly on a device in Terminal. They cannot be deployed via a Custom Script or a Custom App Library Item.
Run
The agent will run and check in immediately. Normally, the agent checks in every 15 minutes. Without an internet connection, the agent will run in offline mode.
sudo kandji runAdding --reset-daily to the run command will run all Parameters, including those that are run only once per day.
sudo kandji run --reset-dailyRun Daily MDM Inventory Update
The agent will request the MDM server to initiate its daily MDM commands, such as validating Apps & Books from Apple Business Manager, as well as querying certain device information.
sudo kandji update-mdmCollect Apps
Collects full application inventory from the Mac.
sudo kandji collect-appsRun Library Items
Checks for library items to execute.
sudo kandji libraryAvailable library command options:
Option | Description |
|---|---|
| List all of the library items assigned to the computer. |
| Get the current state of the Kandji Agent library manager. |
| Run a specific library item by name or library item ID; specify -F to force the execution. |
| Cancel the currently running library item and clears the current queue. |
Print Kandji Logs
Prints log entries for the Kandji Agent subsystem from the unified logging system. The `--last` option is required and specifies the number of previous seconds to print logs from. Replace <seconds> with a number, like 300. (Actual results displayed are limited based on available unified log storage.)
Redirect the output of the command using > to save to an external log file.
sudo kandji logs --last <seconds>Available logs command options:
Option | Description |
|---|---|
| Print log entries without ANSI color formatting. |
| Includes debug level logs, debug logging must be enabled prior. |
Enable debug logging.
sudo log config --mode "level:debug" --subsystem io.kandji.KandjiAgentDisable debug logging.
sudo log config --mode "level:default" --subsystem io.kandji.KandjiAgentExample debug logging command usage.
sudo kandji logs --no-format --debug --last 10000 >~/Desktop/kandji.logAvert
List quarantined files.
sudo kandji avert --list-quarantineDelete quarantined files.
sudo kandji avert --delete-quarantineScriptable Commands
These commands can be executed through a Custom Script or a Custom App Library Item. They can also be run locally on a Mac in Terminal.
When using the scriptable options below, such as within a Custom Script Library Item, you must replace sudo kandji with the the full path to the binary: /usr/local/bin/kandji
Reboot
This option can be used in scripted workflows to force a reboot leveraging the Kandji Agent and menu bar application. It is visually similar to the reboot forced during FileVault enablement or a Managed OS upgrade.
This initiates a restart by prompting the logged-in user with a countdown timer. If no delay is specified, the default 1800 (30 minutes) will be used. If no user is logged in, the delay will be ignored, and the Mac will restart immediately.
sudo kandji reboot --delaySeconds NumberOfSecondsForces a restart without giving users the option to delay.
sudo kandji reboot --no-deferral Dock
This option can be used in scripted workflows to add items to the end of the macOS Dock or remove items from the macOS Dock of the currently logged-in user.
The application referred to by the bundle identifier must be in the /Applications folder.
Optionally specifying the --all option adds the icon to the end of the Dock for all user accounts.
sudo kandji dock [--add bundle identifier] [--remove bundle identifier] [--all]If using multiple options at a time, use a single command, and separate options using quotes and separating spaces, as shown in the example below.
/usr/local/bin/kandji dock --add "com.google.Chrome us.zoom.xos com.tinyspeck.slackmacgap"Alert
This command can be used in scripted workflows to present an alert to users.
sudo kandji display-alert [--title text] [--message text] [--icon path_to_image] [--suppression-key string] [--help-url url] [--no-wait]It has several options, outlined below.
Option | Description | Default if not provided |
|---|---|---|
| Specifies a custom title for the alert window | "Alert" |
| Specifies a custom message for the alert window | No default value |
| Specifies a custom icon for the alert window. It is recommended to use .jpg, .png, or .icns files | Kandji Agent icon |
| If provided, it will show an option to the user: "Do not show this message again" If this suppression key is provided in a future alert, and the user opts not to see it again, the alert will not be shown. | No default value If no suppression key is specified, the "Do not show this message again" option is not displayed. |
| Allows for specifying a custom URL for the alert Help button. Must be an HTTPS URL | No default value If no URL is specified, the Help button is not displayed. |
| Allows the alert to show but keeps the remainder of the script running without waiting for user interaction on the alert | Alert will show and wait for interaction from the user before the script proceeds. |
Below is an example of the underlying command for an alert and the resulting experience in macOS Sequoia:
sudo /usr/local/bin/kandji display-alert --title "Low Disk Space" --message "Your Mac computer's Hard Drive is running critically low on space, please contact Accuhive IT as soon as possible." --suppression-key accuhive --help-url https://kandji.io --no-wait
Submit Diagnostics
Submit Diagnostics to Kandji. Equivalent to the action menu (gear) item available in the Kandji Menu.
sudo kandji submit-diagnostics [--comment text]Available submit-diagnostics command option:
Option | Description | Default if not provided |
|---|---|---|
| Specifies a comment to be presented in the diagnostics | No default value |
Version
Display the installed Kandji Agent version.
sudo kandji versionHelp
Display help text.
sudo kandji help