cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MAC - Calculated User 2021 R1

mag00_75
By Level 8 Champion
Level 8 Champion

Hi

We have been running the 2021R1 agent long time on our MAC's and earlier this week we upgraded the application from 2020R2->2021R1. After that I have triggered several inventories on my MAC per day and performed reconciliation. With the hope to verify that the calculated user works or not.

Its verified that the username exists in the NDI inventory files

Last Logon User is empty, doesn't even flip between system and my userID. Its a bit unclear also if this field will never be populated on Mac or that it will be populated with System or Current Logged-in user instead.

Calculated User requires 10 times, thats why I'm trying to enforce inventories and recon to verify the functionality. 

Have anyone got this to work on MAC or do you have tips on how to query the DB to see how many times we currently are up at, thinking of calculated User?

(1) Solution

Hi @mag00_75 

So i know there has been further enhancements around Mac agents, and what they bring back (we are working on bringing in the actual last logged on user, and not the current logged on user)

If the user is definitely being brought back via the NDI, it should look something like domain\username 

if that username doesn't exist within the ComplianceUsers, under that domain it will not map, and thus will not show as last logged on user. 

I believe our system brings it back under this query 

SELECT

ho.ComputerID AS ExternalID,

LEFT(hv.Value, 250) AS LastLoggedOnUser,

*

FROM dbo.HardwareObject AS ho

JOIN dbo.HardwareClass AS hc ON hc.HardwareClassID = ho.HardwareClassID

JOIN dbo.HardwareClass AS sc ON sc.HardwareClassID = hc.SuperClassID

JOIN dbo.HardwareValue AS hv ON hv.HardwareObjectID = ho.HardwareObjectID

JOIN dbo.HardwareProperty AS hp ON hp.HardwarePropertyID = hv.HardwarePropertyID

WHERE sc.Class = 'CIM_UnitaryComputerSystem'

AND hp.Property = 'UserName'

AND hv.Value != 'SYSTEM'

where computerid = <computerID of mac device> 

 

After that you can check what is in the importedcomputer table, under last logged on user to see if it has to the device properly. 

If you find my answer useful please give kudos, if my answer solves your issue, please make sure to mark as solution

View solution in original post

(6) Replies
mcavanagh
By Level 6 Flexeran
Level 6 Flexeran

Hi,

So there are a few things in regards to this, Last logged on user ignores the system by default, and will only map to a user if that user can be mapped to a complianceuser. 

Also currently our agent tracks "current logged on user", so if the tracker is running it will get the domain\username that the user is logged into. (This is set to be changed later on0

With calculated user the 10 times this is only in certain instances 

Some inventory sources set the calculated user, ManageSoft connection doesn't. If the calculated user is set for a device by a different connection (which can be based on the user who logged on most frequently, e.g. SCCM does this) then that will be used. If calculated user is not set, which it won't be for FNMS devices, then the Calculated user set set based on the ComplianceUserID...which is based purely off last logged on user - aka "Username" in Win32_ComputerSystem in the NDI.

If you find my answer useful please give kudos, if my answer solves your issue, please make sure to mark as solution

Hi @mcavanagh 

In this case the issue is with macOS BigSur using FNMS agent 2021R1, the FNMS application is also on 2021R1 level. It has been a bug on 2020R2 for this that shall be resolved in this release which I'm trying to verify if they now works.

Hi @mag00_75 

So i know there has been further enhancements around Mac agents, and what they bring back (we are working on bringing in the actual last logged on user, and not the current logged on user)

If the user is definitely being brought back via the NDI, it should look something like domain\username 

if that username doesn't exist within the ComplianceUsers, under that domain it will not map, and thus will not show as last logged on user. 

I believe our system brings it back under this query 

SELECT

ho.ComputerID AS ExternalID,

LEFT(hv.Value, 250) AS LastLoggedOnUser,

*

FROM dbo.HardwareObject AS ho

JOIN dbo.HardwareClass AS hc ON hc.HardwareClassID = ho.HardwareClassID

JOIN dbo.HardwareClass AS sc ON sc.HardwareClassID = hc.SuperClassID

JOIN dbo.HardwareValue AS hv ON hv.HardwareObjectID = ho.HardwareObjectID

JOIN dbo.HardwareProperty AS hp ON hp.HardwarePropertyID = hv.HardwarePropertyID

WHERE sc.Class = 'CIM_UnitaryComputerSystem'

AND hp.Property = 'UserName'

AND hv.Value != 'SYSTEM'

where computerid = <computerID of mac device> 

 

After that you can check what is in the importedcomputer table, under last logged on user to see if it has to the device properly. 

If you find my answer useful please give kudos, if my answer solves your issue, please make sure to mark as solution

@mcavanagh I might have located the issue with the help of your input. So the inventory database definitely get the username and the importedcomputer table in compliance DB has the LastLoggedOnUser.

The compliance user we import into our system from Active Directory has domain, however on Mac we are not connected to the domain so the username is the same but without a domain. to match these two users, can we change the importer or update some matcherrule?

In windows:  domainA\magnus
In Mac: magnus

I tested to set the domain on the MAC device to the same domain as the Windows computers, then the user gets mapped in a way I want.

ChrisG
By Community Manager Community Manager
Community Manager

Here are some comments about logged on user details gathered by the FlexNet inventory agent from MacOS devices in case this is helpful for future reference:

"Last Logged On User" and "Calculated User" fields on inventory devices will only be populated for inventory devices where user details in imported inventory data identify a domain that matches up to a user record in FNMS/Flexera One ITAM. If user details in inventory NDI files gathered by the FlexNet inventory agent do not contain a domain then these details will be insufficient to get these fields populated.

Current releases of the FlexNet inventory agent are only able to gather user and computer domain details from MacOS devices if the device is actually bound (joined) to an Active Directory domain, and domain details can be obtained through MacOS' OpenDirectory API.

If user domain details are not appearing in gathered inventory data (which can be inspected in an inventory NDI fie) then that would suggest these requirements are likely not met.

Some organizations use a Mobile Device Management solution that allows users to login to MacOS devices using a domain account. Unfortunately current versions of the agent do not provide functionality to be able to gather domain details with this sort of setup - an enhancement would be required to do that.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)