Hi
We have been running the 2021R1 agent long time on our MAC's and earlier this week we upgraded the application from 2020R2->2021R1. After that I have triggered several inventories on my MAC per day and performed reconciliation. With the hope to verify that the calculated user works or not.
Its verified that the username exists in the NDI inventory files
Last Logon User is empty, doesn't even flip between system and my userID. Its a bit unclear also if this field will never be populated on Mac or that it will be populated with System or Current Logged-in user instead.
Calculated User requires 10 times, thats why I'm trying to enforce inventories and recon to verify the functionality.
Have anyone got this to work on MAC or do you have tips on how to query the DB to see how many times we currently are up at, thinking of calculated User?
‎Nov 26, 2021 12:58 AM
Hi @mag00_75
So i know there has been further enhancements around Mac agents, and what they bring back (we are working on bringing in the actual last logged on user, and not the current logged on user)
If the user is definitely being brought back via the NDI, it should look something like domain\username
if that username doesn't exist within the ComplianceUsers, under that domain it will not map, and thus will not show as last logged on user.
I believe our system brings it back under this query
SELECT
ho.ComputerID AS ExternalID,
LEFT(hv.Value, 250) AS LastLoggedOnUser,
*
FROM dbo.HardwareObject AS ho
JOIN dbo.HardwareClass AS hc ON hc.HardwareClassID = ho.HardwareClassID
JOIN dbo.HardwareClass AS sc ON sc.HardwareClassID = hc.SuperClassID
JOIN dbo.HardwareValue AS hv ON hv.HardwareObjectID = ho.HardwareObjectID
JOIN dbo.HardwareProperty AS hp ON hp.HardwarePropertyID = hv.HardwarePropertyID
WHERE sc.Class = 'CIM_UnitaryComputerSystem'
AND hp.Property = 'UserName'
AND hv.Value != 'SYSTEM'
where computerid = <computerID of mac device>
After that you can check what is in the importedcomputer table, under last logged on user to see if it has to the device properly.
‎Nov 26, 2021 09:18 AM
Hi,
So there are a few things in regards to this, Last logged on user ignores the system by default, and will only map to a user if that user can be mapped to a complianceuser.
Also currently our agent tracks "current logged on user", so if the tracker is running it will get the domain\username that the user is logged into. (This is set to be changed later on0
With calculated user the 10 times this is only in certain instances
Some inventory sources set the calculated user, ManageSoft connection doesn't. If the calculated user is set for a device by a different connection (which can be based on the user who logged on most frequently, e.g. SCCM does this) then that will be used. If calculated user is not set, which it won't be for FNMS devices, then the Calculated user set set based on the ComplianceUserID...which is based purely off last logged on user - aka "Username" in Win32_ComputerSystem in the NDI.
‎Nov 26, 2021 06:25 AM
Hi @mcavanagh
In this case the issue is with macOS BigSur using FNMS agent 2021R1, the FNMS application is also on 2021R1 level. It has been a bug on 2020R2 for this that shall be resolved in this release which I'm trying to verify if they now works.
‎Nov 26, 2021 08:49 AM
Hi @mag00_75
So i know there has been further enhancements around Mac agents, and what they bring back (we are working on bringing in the actual last logged on user, and not the current logged on user)
If the user is definitely being brought back via the NDI, it should look something like domain\username
if that username doesn't exist within the ComplianceUsers, under that domain it will not map, and thus will not show as last logged on user.
I believe our system brings it back under this query
SELECT
ho.ComputerID AS ExternalID,
LEFT(hv.Value, 250) AS LastLoggedOnUser,
*
FROM dbo.HardwareObject AS ho
JOIN dbo.HardwareClass AS hc ON hc.HardwareClassID = ho.HardwareClassID
JOIN dbo.HardwareClass AS sc ON sc.HardwareClassID = hc.SuperClassID
JOIN dbo.HardwareValue AS hv ON hv.HardwareObjectID = ho.HardwareObjectID
JOIN dbo.HardwareProperty AS hp ON hp.HardwarePropertyID = hv.HardwarePropertyID
WHERE sc.Class = 'CIM_UnitaryComputerSystem'
AND hp.Property = 'UserName'
AND hv.Value != 'SYSTEM'
where computerid = <computerID of mac device>
After that you can check what is in the importedcomputer table, under last logged on user to see if it has to the device properly.
‎Nov 26, 2021 09:18 AM
@mcavanagh I might have located the issue with the help of your input. So the inventory database definitely get the username and the importedcomputer table in compliance DB has the LastLoggedOnUser.
The compliance user we import into our system from Active Directory has domain, however on Mac we are not connected to the domain so the username is the same but without a domain. to match these two users, can we change the importer or update some matcherrule?
In windows: domainA\magnus
In Mac: magnus
‎Nov 26, 2021 10:00 AM
I tested to set the domain on the MAC device to the same domain as the Windows computers, then the user gets mapped in a way I want.
‎Nov 27, 2021 06:16 AM
Here are some comments about logged on user details gathered by the FlexNet inventory agent from MacOS devices in case this is helpful for future reference:
"Last Logged On User" and "Calculated User" fields on inventory devices will only be populated for inventory devices where user details in imported inventory data identify a domain that matches up to a user record in FNMS/Flexera One ITAM. If user details in inventory NDI files gathered by the FlexNet inventory agent do not contain a domain then these details will be insufficient to get these fields populated.
Current releases of the FlexNet inventory agent are only able to gather user and computer domain details from MacOS devices if the device is actually bound (joined) to an Active Directory domain, and domain details can be obtained through MacOS' OpenDirectory API.
If user domain details are not appearing in gathered inventory data (which can be inspected in an inventory NDI fie) then that would suggest these requirements are likely not met.
Some organizations use a Mobile Device Management solution that allows users to login to MacOS devices using a domain account. Unfortunately current versions of the agent do not provide functionality to be able to gather domain details with this sort of setup - an enhancement would be required to do that.
‎Jun 12, 2024 12:52 AM