Netskope Community
06-07-2023 02:09 PM - edited 06-07-2023 02:10 PM
Hello, we are attempting to enable/disable Netskope using the command line on MacOS and Windows. Previous discussions surrounding this provided solutions that are not working in my environment:
For Windows:
Restart the Netskope client through Task manager or Services
From cmd (as admin): stagentsvc -stop
From cmd (as admin): stagentsvc -start
For Mac:
Restart the Netskope client from a Mac terminal window
> sudo launchctl unload /Library/LaunchDaemons/com.netskope.stagentsvc.plist
> sudo launchctl load /Library/LaunchDaemons/com.netskope.stagentsvc.plist
When running these commands in my environment, I'm met with the following errors in Windows and Mac respectively:
Windows: "Command not found" or
'stagentsvc' is not recognized as an internal or external command,
operable program or batch file.
Mac:
/Library/LaunchDaemons/com.netskope.stagentsvc.plist: No such file or directory
Unload failed: 2: No such file or directory
06-07-2023 03:54 PM
We are looking for same solution.
06-07-2023 04:28 PM - edited 06-07-2023 04:40 PM
Hi @Indu, after doing some additional research I've come up with a potential solution on Macs. This workaround kills the Netskope process and renames the Netskope folder in Application Support, which successfully disables Netskope.
#!/bin/sh
# Rename Netskope Application Support Folder to break LaunchAgent
sudo mv /Library/Application\ Support/Netskope /Library/Application\ Support/Netskope_disabled
# Kill Netskope Process
sudo ps aux | grep Netskope | grep -v grep | awk '{ print "kill -9", $2 }' | sudo sh
echo "Netskope Process Killed"
echo 'Successfully disabled.'
Renaming the folder back to "Netskope" and reinstalling the NSClient PKG re-activates Netskope without any interaction from users!
If Netskope comes up with an official solution I'm all ears though 🙂
06-09-2023 09:06 AM
06-14-2023 08:25 AM - edited 06-14-2023 10:39 AM
With R105 we've introduced a new flag that will automatically re-enable the client after restarting the service. This feature applies to user disabled clients and will not affect admin disabled clients.
overrideUserDisableAfterLogin
Release notes here.
Introduced a feature flag overrideUserDisableAfterLogin to override the user disabling Client after restart or logoff/login. When the flag is enabled and user disables the Client, it automatically enables the Client after the user:
Restarts the system, or
Logoff and login again
With that flag enabled these commands can be sent remotely and will result in the client being enabled.
If you have having difficulty running these commands you should open a support ticket to review. Just be sure you are running them with elevated privileges.
Requirement: Netskope Client Version R105 or above.
Work with your CSM/TSM/TAM/SE to get the flag enabled. Please request that "AutoStart NSClient with Reboot/Relogin" be enabled and they will be able to make that happen.
06-14-2023 08:40 AM
Does this feature flag require the 105 client or will it work with older clients? I tried testing this with 104 installed but with the feature flag enabled and it didn't work.
06-14-2023 09:18 AM - edited 06-14-2023 09:19 AM
I forgot to mention that this feature applies to user disabled clients and will not affect admin disabled clients. Did you test against a user disabled client?
I've updated the my original reply to include this information.
06-14-2023 09:29 AM
Yes, we did a user disable - waited a couple hours and rebooted the laptop. The agent never re-enabled. We had to manually enable it. Again, it was a 104 build, not 105. So is 105 client a requirement in addition to the feature flag?
06-14-2023 10:34 AM - edited 06-14-2023 10:43 AM
Yes, Netskope Client R105 or above is a requirement. I've opened a DOC ticket to get the release notes updated so that is clear. We will also update the release notes with some of the information I've provided in my post as to the name of the flag (overrideUserDisableAfterLogin is a backend flag that is not exposed in our frontend systems) as well as additional note and the condition of restarting the service.
Example of what your device page would look like when using this feature. I've disabled the client (user disabled), then logged out and logged back in. The status updates are posted from the client ~5min so I did wait, got the device update, then proceeded with the next step of testing.
06-22-2023 11:52 PM
Thanks mpray, R105 feature flag “AutoStart NSClient with Reboot/Relogin” comes close to our requirement. Additional to this, following powershell script every day (for users who don't reboot/re-login for days) can re-enable NS client with agent service restart.
$my_service_name = "stAgentSvc";
$my_service_status = (Get-Service $my_service_name).Status;
if ($my_service_status -eq "stopped")
{
Restart-Service stAgentSvc
}
07-05-2023 04:57 PM
The MacOS commands do not work on my device despite being on the correct version of Netskope. Do I need to have AutoStart NSClient with Reboot/Relogin enabled as well?
07-10-2023 09:10 PM
Above commands are for Windows.
Yes, feature flag "AutoStart NSClient with Reboot/Relogin" has to be enabled in the backend by Netskope Support to use those commands on Windows.
07-11-2023 04:28 PM
Thanks for the update @Indu ! An earlier post by @mpray included a screenshot with Terminal commands that can be run on Mac, suggesting this is possible on Mac as well.
My question was specifically asking if "AutoStart NSClient with Reboot/Relogin" is required for those Mac commands to work, as I have found that they do not work in my testing.
In my original post, I gave an example of the output of one of the Mac commands:
/Library/LaunchDaemons/com.netskope.stagentsvc.plist: No such file or directory Unload failed: 2: No such file or directory
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In