Configuration guide: Operating systems - Stability, security, and compliance
Introduction
This library pack will help you monitor and manage various operating systems to ensure their stability, compliance, and performance. This page will guide you through the structure of the content.
Content list and dependency
This library pack contains the following content and dependencies:
| Type | Name | Description | Dependencies |
|---|---|---|---|
OS Stability, Compliance, and Security | Helps to monitor and manage various operating systems to ensure their stability, compliance, and performance | ||
Get XProtect status | Provides information about the status of the macOS XProtect (macOS built-in antivirus software) automatic update setting on macOS devices. |
| |
Get firewall options | Provides information about the status of the macOS firewall on macOS devices. |
| |
Get BitLocker information | Returns basic information on BitLocker protection status. |
| |
Get encryption information | Gets an APFS file system disk encryption and decryption information in addition to checking whether FileVault is enabled or not. |
| |
Get macOS updates and restart information | Gets information about macOS devices - the number of days since the last restart, whether there are pending updates, a list of names of pending updates, and others. |
| |
Test pending reboot | Checks if the device is waiting to reboot for an update. |
| |
Set firewall options | Configures firewall settings under System Preferences - Security & Privacy - Firewall on macOS devices. | ||
Set XProtect status | Configures the XProtect status under System Preferences - Software Update - Advanced on macOS devices. | ||
Install Windows update | Installs a ‘.msu’ patch on Windows devices. | ||
Invoke Windows update | Restarts Windows Update and BITS services on Windows devices and forces the device to check for updates. | ||
Set auto updates | Configures additional macOS automatic update settings under System Preferences - Software Update - Advanced on macOS devices. | ||
Get Windows Feature update diagnosis | Executes Microsoft tool SetupDiag.exe, that process Windows Feature update log files and returns a list of possible failure reasons or upgrade confirmation. | ||
Enable BitLocker Encryption | Enables BitLocker encryption on the device's system drive. | ||
OS targeted quality update version | Defines the target quality update versions of Windows and macOS operating systems. |
| |
OS supported version | Determines which Windows and macOS operating system versions, editions, and builds are supported. |
| |
OS targeted feature update version | Defines the target feature update versions of Windows operating systems. Typically, this custom field requires version updates every month. |
|
Configuration guide
To effectively use this library pack, the content must be installed and configured appropriately. Below are some suggested steps to install and configure the content properly before use.
Step 1) Install library pack content
Go to the Nexthink Library and install all required content.
Step 2) Configure remote actions
Navigate to the manage remote action administration page to review and edit your remote actions.
We recommend the following configurations for these remote actions:
| Name | Trigger | Schedule query | Parameters to edit |
|---|---|---|---|
Get XProtect status | Scheduled, daily | Code | |
Get firewall options | Scheduled, daily | Code | |
Get BitLocker information | Scheduled, daily | Code | |
Get encryption information | Scheduled, daily | Code | |
Get macOS updates and restart information | Scheduled, daily | Code | |
Test pending reboot | Scheduled, daily | Code | |
Set firewall options | Manual, can be triggered on multiple devices |
| |
Set XProtect status | Manual, can be triggered on multiple devices |
| |
Install Windows update | Manual, can be triggered on multiple devices |
| |
Invoke Windows update | Manual, can be triggered on multiple devices | ||
Set auto updates | Manual, can be triggered on multiple devices |
| |
Get Windows Feature update diagnosis | Manual, can be triggered on multiple devices |
| |
Enable BitLocker Encryption | Manual, can be triggered on multiple devices |
|
Step 3) Configure custom fields
Navigate to the manage custom fields administration page to review and edit your custom fields.
Operating system versions in the custom fields below are subject to change due to regular patches released by vendors and Apple and Microsoft support policies.
Typically, these versions need to be updated in the custom fields once a month to ensure you have the most current patch versions.
We recommend the following configurations for these custom fields:
| Name | NQL ID | Rule name | Object | NQL query |
|---|---|---|---|---|
OS targeted quality update version | os_targeted_quality_update_version | macos_sonoma | device | Code |
macos_ventura | device | Code | ||
macos_monterey | device | Code | ||
windows_10_quality_update | device | Code | ||
windows_11_quality_update | device | |||
OS targeted feature update version | os_targeted_feature_update_version | windows_10_feature_update | device | Code |
windows_11_feature_update | device | Code | ||
OS supported version | os_supported_version | macos_unsupported_version | device | Code |
macos_supported_version | device | Code | ||
windows_unsupported_version | device | Code | ||
windows_supported_version | device | Code |
Usage guide
Your content is now configured and ready to be used. For usage overview and recommendations, you can visit the usage guide:
Usage guide: Operating systems - Stability, security, and compliance
Last updated