This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask the community

Can you enable Netskope Client via command line?

connorjbeatty
New Contributor II

‎06-07-2023 02:09 PM - edited ‎06-07-2023 02:10 PM

Hello, we are attempting to enable/disable Netskope using the command line on MacOS and Windows. Previous discussions surrounding this provided solutions that are not working in my environment:

 

For Windows:
Restart the Netskope client through Task manager or Services
From cmd (as admin): stagentsvc -stop
From cmd (as admin): stagentsvc -start

 

For Mac:
Restart the Netskope client from a Mac terminal window
> sudo launchctl unload /Library/LaunchDaemons/com.netskope.stagentsvc.plist
> sudo launchctl load /Library/LaunchDaemons/com.netskope.stagentsvc.plist

 

When running these commands in my environment, I'm met with the following errors in Windows and Mac respectively:

 

Windows: "Command not found" or

 

 

'stagentsvc' is not recognized as an internal or external command,
operable program or batch file.

 

 

Mac: 

 

 

/Library/LaunchDaemons/com.netskope.stagentsvc.plist: No such file or directory
Unload failed: 2: No such file or directory

 

 

Labels:
12 Replies 12
Indu
Partner
Partner

‎06-07-2023 03:54 PM

We are looking for same solution. 

0 Likes
connorjbeatty
New Contributor II
In response to Indu

‎06-07-2023 04:28 PM - edited ‎06-07-2023 04:40 PM

Hi @Indu, after doing some additional research I've come up with a potential solution on Macs. This workaround kills the Netskope process and renames the Netskope folder in Application Support, which successfully disables Netskope.

 

#!/bin/sh

# Rename Netskope Application Support Folder to break LaunchAgent
sudo mv /Library/Application\ Support/Netskope /Library/Application\ Support/Netskope_disabled

# Kill Netskope Process
sudo ps aux | grep Netskope | grep -v grep | awk '{ print "kill -9", $2 }' | sudo sh
echo "Netskope Process Killed"

echo 'Successfully disabled.'

 

Renaming the folder back to "Netskope" and reinstalling the NSClient PKG re-activates Netskope without any interaction from users!

If Netskope comes up with an official solution I'm all ears though 🙂 

Rohit_Bhaskar
Community Manager
Community Manager

‎06-09-2023 09:06 AM

Hi @mpray 

Interesting to have your comments here 😊

Best Wishes
Rohit Bhaskar
0 Likes
mpray
Netskope
Netskope

‎06-14-2023 08:25 AM - edited ‎06-14-2023 10:39 AM

With R105 we've introduced a new flag that will automatically re-enable the client after restarting the service. This feature applies to user disabled clients and will not affect admin disabled clients. 

 

overrideUserDisableAfterLogin 
Release notes here.


Introduced a feature flag overrideUserDisableAfterLogin to override the user disabling Client after restart or logoff/login. When the flag is enabled and user disables the Client, it automatically enables the Client after the user:

  • Restarts the system, or

  • Logoff and login again

 

With that flag enabled these commands can be sent remotely and will result in the client being enabled.
Restart Client service.JPG

If you have having difficulty running these commands you should open a support ticket to review. Just be sure you are running them with elevated privileges. 

 

Requirement:  Netskope Client Version R105 or above.


Work with your CSM/TSM/TAM/SE to get the flag enabled. Please request that "AutoStart NSClient with Reboot/Relogin" be enabled and they will be able to make that happen.

nduda
Contributor
In response to mpray

‎06-14-2023 08:40 AM

Does this feature flag require the 105 client or will it work with older clients? I tried testing this with 104 installed but with the feature flag enabled and it didn't work.

mpray
Netskope
Netskope
In response to nduda

‎06-14-2023 09:18 AM - edited ‎06-14-2023 09:19 AM

I forgot to mention that this feature applies to user disabled clients and will not affect admin disabled clients. Did you test against a user disabled client?

I've updated the my original reply to include this information.

nduda
Contributor
In response to mpray

‎06-14-2023 09:29 AM

Yes, we did a user disable - waited a couple hours and rebooted the laptop. The agent never re-enabled. We had to manually enable it. Again, it was a 104 build, not 105. So is 105 client a requirement in addition to the feature flag?

0 Likes
mpray
Netskope
Netskope

‎06-14-2023 10:34 AM - edited ‎06-14-2023 10:43 AM

Yes, Netskope Client R105 or above is a requirement. I've opened a DOC ticket to get the release notes updated so that is clear. We will also update the release notes with some of the information I've provided in my post as to the name of the flag (overrideUserDisableAfterLogin is a backend flag that is not exposed in our frontend systems) as well as additional note and the condition of restarting the service.

Example of what your device page would look like when using this feature. I've disabled the client (user disabled), then logged out and logged back in. The status updates are posted from the client ~5min so I did wait, got the device update, then proceeded with the next step of testing.

mpray_0-1686764519384.png

 

 

Indu
Partner
Partner
In response to mpray

‎06-22-2023 11:52 PM

Thanks mpray, R105 feature flag “AutoStart NSClient with Reboot/Relogin” comes close to our requirement. Additional to this, following powershell script every day (for users who don't reboot/re-login for days) can re-enable NS client with agent service restart.

$my_service_name = "stAgentSvc";

$my_service_status = (Get-Service $my_service_name).Status;

if ($my_service_status -eq "stopped")

{

Restart-Service stAgentSvc

}

connorjbeatty
New Contributor II
In response to mpray

‎07-05-2023 04:57 PM

The MacOS commands do not work on my device despite being on the correct version of Netskope. Do I need to have AutoStart NSClient with Reboot/Relogin enabled as well?

0 Likes
Indu
Partner
Partner
In response to connorjbeatty

‎07-10-2023 09:10 PM

Above commands are for Windows.

Yes, feature flag "AutoStart NSClient with Reboot/Relogin" has to be enabled in the backend by Netskope Support to use those commands on Windows.

0 Likes
connorjbeatty
New Contributor II
In response to Indu

‎07-11-2023 04:28 PM

Thanks for the update @Indu ! An earlier post by @mpray included a screenshot with Terminal commands that can be run on Mac, suggesting this is possible on Mac as well.

 

My question was specifically asking if "AutoStart NSClient with Reboot/Relogin" is required for those Mac commands to work, as I have found that they do not work in my testing.

 

In my original post, I gave an example of the output of one of the Mac commands:

/Library/LaunchDaemons/com.netskope.stagentsvc.plist: No such file or directory
Unload failed: 2: No such file or directory

 

0 Likes
Subscribe
Labels

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In