Live

Agent installers

One unified Reign Zero Agent per customer — bundles MDM enrollment, MeshCentral agent, and PPPC profile. End user installs one file, not three.

Build an installer

Bakes the enroll secret into the .pkg — one-click install, no user prompt.

Manage enrollment codes →

What's inside the installer

  1. 1
    MDM enrollment profile
    For manual enrollment; skipped automatically on ABM-enrolled devices.
  2. 2
    Reign Zero MDM agent
    Telemetry + policy evaluation. Registers with this customer via their enroll secret (baked into the .pkg — regenerated per install).
  3. 3
    MeshCentral agent
    Remote desktop + shell + file transfer. Auto-joins this customer's Mesh device group.
  4. 4
    PPPC profile (TCC pre-grants, macOS only)
    Grants MeshAgent Screen Recording + Accessibility without user prompts. Applied via MDM after enrollment.
  5. 'Reign Zero' receipt on disk
    Marks the host as managed so re-running the installer is a no-op.

Distribution options

A. Zero-touch via ABM (preferred)
Upload the built .pkg as a bootstrap package in MDM Controls → Setup experience, scoped to this customer. ABM-enrolled Macs will auto-install it during Setup Assistant, before the user sees a desktop.
B. Manual download link
Send the customer a signed download URL. They run the .pkg with admin rights once. Install takes ~2 minutes.
C. Customer self-service portal
Expose the build at /portal/<customer>/install so their IT contact downloads it without bothering you. (Future.)

Production signing: generating signed + notarized .pkg files requires an Apple Developer ID Installer cert (separate from the MDM Vendor cert). Obtain via your Apple Developer Organization account. Once loaded on the ops-hub host, installer_builder._wrap_pkg() will run productsign + notarytool automatically. Until then: sandbox mode returns the bootstrap script as a download.