macOS - Software Lifecycle - Install VMware-Tools

What the VMware Tools deployer does

This Automox Worklet™ deploys VMware Tools to macOS virtual machines from a vendor-supplied ZIP archive attached to the Automox policy. The Worklet locates the attached .zip file, unzips it to find the bundled ISO image, mounts the ISO with hdiutil attach, and hands the VMware Tools.pkg payload to the macOS installer utility for unattended deployment. No console session on the guest is required.

VMware Tools is the guest-side runtime that lets ESXi, Fusion, and Workstation hypervisors talk to the macOS guest. It installs the VMware Tools application support directory under /Library/Application Support/VMware Tools/ and the vmware-tools-cli helper used for guest-host commands. Without the package installed, the guest runs in a degraded mode. Time drift accumulates against the host, the hypervisor cannot issue a clean shutdown, and clipboard or folder sharing does not appear in the menu bar.

The Worklet pairs an evaluation phase that detects an existing install with a remediation phase that performs the deployment and a post-install check. The verification step confirms /Library/Application Support/VMware Tools/vmware-tools-cli is present before the Worklet reports success, so a half-installed package surfaces a non-zero exit code in the Automox activity log rather than reporting a silent success.

Why deploy VMware Tools on every macOS guest

A macOS virtual machine without VMware Tools is a maintenance liability. The hypervisor cannot signal a graceful shutdown, snapshots quiesce inconsistently, and the guest clock drifts against the host until Kerberos tickets and TLS handshakes start failing. Build pipelines that capture macOS golden images for CI fleets repeatedly bake in a stale Tools version. Developer workstations running Fusion get whatever copy the user installed once and forgot. The result is a fleet of Mac VMs where VMware Tools is missing on some guests, several releases behind on others, and current on the ones an admin touched last quarter.

VMware Tools provides the time sync, clipboard integration, and hypervisor reporting that every virtualized macOS guest needs, but per-guest install drives help-desk requests one Mac VM at a time. This Worklet attaches the VMware Tools ZIP to the Worklet policy, runs the installer under the Automox elevated context on every macOS VM in scope, and verifies that the vmware-tools-cli binary lands at /Library/Application Support/VMware Tools/vmware-tools-cli. Endpoints that fail the install report back through the Automox activity log for follow-up.

How VMware Tools deployment works

1. Evaluation phase: The Worklet checks for /Library/Application Support/VMware Tools/ on the guest. If the directory is present, VMware Tools is already deployed and the Worklet exits 0 without making changes. If the directory is absent, the endpoint is flagged non-compliant and remediation is scheduled. This idempotent gate makes the policy safe to schedule recurrently across a mixed fleet of Mac VMs.

2. Remediation phase: The Worklet locates the .zip file attached to the Automox policy with find -iname "*.zip", unzips it, and locates the bundled .iso file under the extracted vmtools directory. It mounts the ISO with hdiutil attach to /Volumes/VMware Tools, then runs installer -pkg "/Volumes/VMware Tools/Install VMware Tools.app/Contents/Resources/VMware Tools.pkg" -target / to lay down /Library/Application Support/VMware Tools/. After the installer exits, the Worklet detaches the ISO with hdiutil detach and validates that /Library/Application Support/VMware Tools/vmware-tools-cli exists. A missing binary surfaces a non-zero exit code in the Automox activity log rather than reporting a silent success.

VMware Tools deployment requirements

• macOS guest running on VMware ESXi, vSphere, Fusion, or Workstation; supplying a VMware Tools archive that matches the guest macOS and architecture

• VMware Tools archive attached to the Automox policy as a required file; the Worklet aborts if no archive is found, so confirm the upload before scheduling

• Root or administrator privileges on the macOS guest to run /usr/sbin/installer and write to /Library/Application Support/VMware Tools/ (the default Automox agent context already meets this)

• Free disk space on the guest for the extracted ISO scratch directory and the installed VMware Tools payload, typically 200 MB combined

• macOS System Extension or kernel extension approval flow handled out of band where required; the VMware Tools KEXTs need user approval on first install for some macOS versions

• Use a current VMware Tools build from Broadcom or VMware to avoid signature mismatches with the guest macOS version under deployment

Expected state after VMware Tools deployment

After a successful run, /Library/Application Support/VMware Tools/ exists on the guest with the vmware-tools-cli binary in place, the vmtoolsd LaunchDaemon is loaded under launchd, and the hypervisor reports the guest as having VMware Tools running. From the host side, vSphere or Fusion shows the guest tools status as current, and clipboard sharing, time synchronization, and clean shutdown commands begin working immediately.

On the next policy run, the evaluation phase finds the application support directory already in place and the Worklet exits 0 without re-running the installer. The result is a fleet of macOS virtual endpoints where VMware Tools deployment state is a known property, not a per-guest accident. The Automox compliance view answers "which Mac VMs are missing Tools" without a separate inventory script.