Netskope Client disabled by User, how to enable via command line?

  • 29 November 2022
  • 4 replies
  • 1165 views

Badge
Migrated Content

4 replies

Userlevel 4
Badge +12

You can't. I've been trying to work with Netskope for ~2 years on better improvements with how agent interactivity is done from the desktop. They really don't seem to understand how a product like Netskope, when impacted, can bring a company to its knees. Having easy ways to have employees disable the agent for short timer periods or a way admins can interact with it from CLI is crucial. The only workaround are to block internet traffic. The only way to enable the client when a user disables it is through the console. We've had outages with Netskope in the past that took hours and hours to get our users "disabled"

Badge +12

Hello Dbell and welcome!

Unfortunately, there isn't an option to enable the client via command line after the user has disabled it. Currently that must be done via the console (see attached for how). We understand that this is not always the most convenient way to address this issue and have plans to implement the command line option in the future. I've included the NPLAN for your reference.

 

Enable the NS Client via command line on Windows hosts after disable (NPLAN-139)

 

 

Another option is to not allow the user to disable the client so that Netskope Admins can maintain control over that. That is a setting in the client config. We have a feature coming soon where an admin can configure the client to reenable itself after X amount of time once it's been administratively disabled.

 

 

Userlevel 5
Badge +16

@mpraywrote:

Hello Dbell and welcome!
Another option is to not allow the user to disable the client so that Netskope Admins can maintain control over that. That is a setting in the client config. We have a feature coming soon where an admin can configure the client to reenable itself after X amount of time once it's been administratively disabled.


Another option, beyond just removing the ability to disable, you can control whether the user has the ability to disable through client config. Set two client configs, with the difference being that toggle. Place the disabled state into the default config, then control application of the enabled config through group membership.

Badge +12

With R105 we've introduced a new flag that will automatically re-enable the client after restarting the service. This applies to user disabled clients only and doesn't apply to admin disabled clients. 

 

overrideUserDisableAfterLogin 
Release notes here.


Introduced a feature flag overrideUserDisableAfterLogin to override the user disabling Client after restart or logoff/login. When the flag is enabled and user disables the Client, it automatically enables the Client after the user:

  • Restarts the system, or

  • Logoff and login again

 

With that flag enabled these commands can be sent remotely and will result in the client being enabled.

 

 

If you have having difficulty running these commands you should open a support ticket to review. Just be sure you are running them with elevated privileges. 

Requirement:  Netskope Client Version R105 or above.

Work with your CSM/TSM/TAM/SE to get the flag enabled. Please request that "AutoStart NSClient with Reboot/Relogin" be enabled and they will be able to make that happen.

Reply