Deploy Watchman Monitoring as a Custom App

Use this guide to deploy the Watchman Monitoring client as a custom app from your Kandji instance.

Prerequisites

  • Download the Watchman Monitoring client installer package for Mac from your Watchman portal ([your_subdomain].monitoringclient.com/installers/mac).

  • Copy the watchman_client_ae_script.zsh script from the Kandji support GitHub repository (GitHub Link).

Custom App

The steps below will deploy the Watchman Monitoring client and register the Mac to the default [Blank] group. See the Adding devices to a specific Watchman group section for the additional steps needed to add a Mac to a specific group in the Watchman Monitoring console.

  1. Create a Custom App in Kandji by going to Library > Add New > Custom App > Add & Configure.

  2. Give the Custom App a name. Example: Watchman client. Optionally, add a custom icon

  3. Assign to a test blueprint.

  4. Change the installation type to Audit and Enforce.

  5. Copy and paste the watchman_client_ae_script.zsh script from earlier into the Audit & Enforce text box. No modification needed.

  6. Select Installer Package (install .pkg or .mpkg) as the deployment type

  7. Upload the installer package.

  8. Click Save

Adding devices to a specific Watchman group

If you would like the Mac computer to register to a specific group in the Watchman Monitoring console, you can use a preinstall script to achieve this.

  1. Click Add Preinstall Script and paste the preinstall script from below

  2. Update the ENTER_GROUP_NAME variable appropriately.

  3. Click Save.

Preinstall

#!/usr/bin/env zsh

#
#   Preinstall script for Watchman client
#

###################################################################################################
###################################### VARIABLES ##################################################
###################################################################################################

# Define the Watchman group name that the Mac should be added to
GROUP_NAME="ENTER_GROUP_NAME"

###################################################################################################
############################ MAIN LOGIC - DO NOT MODIFY BELOW #####################################
###################################################################################################

# Write the group name to the client settings file.
/bin/echo "Setting group to: $GROUP_NAME"
/usr/bin/defaults write /Library/MonitoringClient/ClientSettings ClientGroup -string "$GROUP_NAME"

exit 0

Depending on the App product and version installed, the app path, privacy access, and kernel or system extension requirements may change. As with all Custom Apps, we urge you to test this thoroughly before deploying to a Mac that is in production.