We (finally) got zero-touch working this year, but the only issue is we’re only targeting new hires so far. What we ran into is existing Mac users getting a lease replaced machine don’t have an automated way of getting the software they use today installed on their new machines. They would have to go to ServiceNow and request it all again. I was wondering if anyone had any experience via the API or scripts to look at what they had installed on an old machine assigned to the same user and scope the new machine for the same software (using maybe an allow/block list for things like licensed software)?
Solved
Automating software installs on zero touch replacement Macs?
+1Best answer by AJPinto
If you want to give ServiceNow PUT access, it can do this with API. The Service Now Team would need to write logic to look at the old device’s IMDB record, see what groups the device is a member of and run the API commands to add the new device to those same groups.
I prefer to scope software with smart groups, that way once the device is assigned or the user logs in, everything just scopes automatically and starts installing. We use Jamf Connect, and I read the Jamf Connect Plist for user AD groups with a Jamf Extension Attribute, and software access is provided with AD groups. Very hands off, and if you dont use Jamf Connect there are ways to do this with scripting off AD or EAD group membership.
+11Best way to achieve this is create a smart group where those users can fit in, for instance you can use department value and scope app to that smart group. no need to make it over complicated.
+26If you want to give ServiceNow PUT access, it can do this with API. The Service Now Team would need to write logic to look at the old device’s IMDB record, see what groups the device is a member of and run the API commands to add the new device to those same groups.
I prefer to scope software with smart groups, that way once the device is assigned or the user logs in, everything just scopes automatically and starts installing. We use Jamf Connect, and I read the Jamf Connect Plist for user AD groups with a Jamf Extension Attribute, and software access is provided with AD groups. Very hands off, and if you dont use Jamf Connect there are ways to do this with scripting off AD or EAD group membership.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.