BeyondTrust is telling us that the only way the "support deployment is through ARD." We are not huge fans of ARD. Has anyone been able to deploy with Jamf and the provided DMG? If so do you mind sharing how.
Which product from BeyondTrust? Thy have bought up a bunch of stuff recently.
Great question, we are using the Secure Remote Access Jump Client.
Hi @IndianaChris,
If you are referring to installing the remote support client (previously called Bomgar), you can take a look at this thread Deploying Bomgar JumpClient to Macs using Casper
I checked BeyondTrust's web site and they still only list the their old Bomgar documentation about using Automator and ARD to mount a DMG, etc. However the installer is no longer ON a disk image. It's a standalone app (yes, an app... sigh). I'm looking into this too, but it MIGHT be as simple as installing it in /var/tmp/ and using open /var/tmp/Open To Deploy Jump Client.app
. You'll probably need a user environment to run it in though.
Edit: Even with running this as root (sudo), there's still a prompt for local credentials to make changes.
@IndianaChris We're using @mm2270's App Packager for the bomgar-rep-installer.dmg.
Sigh, update. I missed the 'programmatic' download option, which contains sdcust in the applications...
If I run the install manually from the command line...sudo hdiutil attach /private/var/tmp/bomgar-scc*.dmg
sudo /Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust
...it installs fine.
If I do the same thing in a post-install script as part of a package that puts the dmg in the same place, the splash screen comes up for a while, and it eventually goes away without anything being installed.
I don't understand why and I can't find any type of reference in a log anywhere (looked in console for sdcust, Bomgar, beyond trust, etc).
Interesting. We use Bomgar/Beyond Trust in our environment for remote support. We don't install any agents -- just a config profile on all machines that will allow the app to do it's thing. We have the use go to a website and click on the technicians name and it will initiate a remote session where the client will download and run a quick package. Allow screen recording and accept the connection. Done.
@david.maestre but you're not installing the jump client to remote into the machine when a user isn't there. I've got the PPPC setup for most of it, but in 10.15 it prompts to allow screen recording, which I'd think happens even with user-initiated sessions...
@cwaldrip This is correct we've tried remote portal and it does prompt to allow screen recording which then requires the user to restart the remote session before control can be had. We have upgraded our base to 6.1 and jump agents to 20.1.1. We now see the .app and have tried multiple ways to deploy and run a post script to install the .app installer without success. Has anyone figured this out as I have an open case with Bomgar with no pathway to success yet.
Is the issue you're experiencing around the screen recording prompt, or getting the jump client installer to work?
If the former, this is a macOS restriction in Catalina and above, and I'm not aware of a workaround. If the latter, I'd be happy to share my postinstall script. It did take a bit of trial and error to get it working, main thing is to make your installers valid for a year (the maximum) or you'll find yourself re-packaging it a lot.
@IndianaChris Look at this script to deploy this.
Steps:
1. Create the jump client dmg from the Bomgar console
2. Create policy in Jamf to Cache the dmg and run this script after.
3. Scope and deploy.
#!/bin/sh
# The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...
if [ -a "/Library/Application Support/JAMF/Waiting Room/bomgar-scc-"*".dmg" ]; then
# Attach the Disk Image
hdiutil attach /Library/Application Support/JAMF/Waiting Room/bomgar-scc-*.dmg
# Run the installer
/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust
# Wait a minute for it to finish up
sleep 90
# Unmount the disk image
hdiutil detach /Volumes/bomgar-scc
# Wait for the unmount to complete
sleep 25
# Delete the disk image
rm -R /Library/Application Support/JAMF/Waiting Room/bomgar-scc-*.dmg
else
echo "Bomgar NOT Present"
exit 1
fi
exit 0
@kericson when I use that script the jump client installs correctly but the the security/privacy preferences aren't set. Was wondering what would be the best way to set those item when installing the actual jump client using that script?
Here is the script I'm running:
#!/bin/bash
BOMGAR_URL='https://it-fileshare-files-179wwtfhkyps2.s3-us-west-2.amazonaws.com/IT/Mac/BomgarProgrammatic.dmg'
DMG_PATH='/tmp/BomgarProgrammatic.dmg'
/usr/bin/curl --silent "${BOMGAR_URL}" --output "${DMG_PATH}"
# The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...
if [ -a "${DMG_PATH}" ]; then
# Attach the Disk Image
hdiutil attach "${DMG_PATH}"
# # Run the installer
/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust --silent
# # Wait a minute for it to finish up
# sleep 60
# # Unmount the disk image
# hdiutil detach /Volumes/bomgar-scc
# # Wait for the unmount to complete
# sleep 15
# # Delete the disk image
# rm -R "${DMG_PATH}"
else
echo "Bomgar NOT Present"
fi
I'm then receiving this error output:
Script result: Checksumming Protective Master Boot Record (MBR : 0)…
Protective Master Boot Record (MBR :: verified CRC32 $E2F8D74C
Checksumming GPT Header (Primary GPT Header : 1)…
GPT Header (Primary GPT Header : 1): verified CRC32 $6E0A0204
Checksumming GPT Partition Data (Primary GPT Table : 2)…
GPT Partition Data (Primary GPT Tabl: verified CRC32 $E4C3873D
Checksumming (Apple_Free : 3)…
(Apple_Free : 3): verified CRC32 $00000000
Checksumming disk image (Apple_HFS : 4)…
disk image (Apple_HFS : 4): verified CRC32 $F182C998
Checksumming (Apple_Free : 5)…
(Apple_Free : 5): verified CRC32 $00000000
Checksumming GPT Partition Data (Backup GPT Table : 6)…
GPT Partition Data (Backup GPT Table: verified CRC32 $E4C3873D
Checksumming GPT Header (Backup GPT Header : 7)…
GPT Header (Backup GPT Header : 7): verified CRC32 $1AECF169
verified CRC32 $FF3EC199
/dev/disk2 GUID_partition_scheme
/dev/disk2s1 Apple_HFS /Volumes/bomgar-scc
20201202 18:43:32 999999 19811:main(19affdc0) UTIL:INFO>license file: '/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/Resources/server.lic'
Let me know if anyone has any insights
@jimmychi Which script are you using? The security/privacy preferences can't only be set with a PPPC profile and one part the user has to approve no way to automate per Apple.
@kericson I'm using the following script:
#!/bin/bash
BOMGAR_URL='https://it-fileshare-files-179wwtfhkyps2.s3-us-west-2.amazonaws.com/IT/Mac/BomgarProgrammatic.dmg'
DMG_PATH='/tmp/BomgarProgrammatic.dmg'
/usr/bin/curl --silent "${BOMGAR_URL}" --output "${DMG_PATH}"
# The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...
if [ -a "${DMG_PATH}" ]; then
# Attach the Disk Image
hdiutil attach "${DMG_PATH}"
# # Run the installer
/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust --silent
# # Wait a minute for it to finish up
# sleep 60
# # Unmount the disk image
# hdiutil detach /Volumes/bomgar-scc
# # Wait for the unmount to complete
# sleep 15
# # Delete the disk image
# rm -R "${DMG_PATH}"
else
echo "Bomgar NOT Present"
fi
Previously that script worked for us and we didn't have to set any security/privacy preferences so was trying to fix it but to no success. Was wondering how we would set the PPPC profile for screen recording and to allow the bomgar jump client?
@jimmychi You can't pre-authorize screen recording for any app. The use MUST authorize screen recording. Hard limit from Apple.
BTW, I managed to deploy Remote support button through Self Service, but it seems to fail with the same kind of error when mass deploying the Remote support button, because the install is done in root context when there is no session opened. Bummer.
Our script, similar to the above, used to work fine for installing the Jump Client - and still does - just not for Big Sur.
During installation on Big Sur the user runs into the dialog:
"Double-Click To Start Support Session" can't be opened because Apple cannot check it for malicious software. This software needs to be updated. Contact the developer for more information.
Really? They posted Big Sur support in the release notes but gave us no way to install via MDM?
Is there any way around this via Jamf?
Allow me to answer my own question. The app can be pulled out of quarantine manually.
Added to the script - copy the app to /tmp/ and remove it from quarantine and then run it from there instead of the volume.
cp -R '/Volumes/foobar/Double-Click To Start Support Session.app' '/tmp/Double-Click To Start Support Session.app'
xattr -d com.apple.quarantine '/tmp/Double-Click To Start Support Session.app'
If you're on the MacAdmins Slack, join the Bomgar channel. A BeyondTrust employee posted a PDF that will eventually replace the KB article on the BeyondTrust site for mass deployment.
Here's a direct link: https://macadmins.slack.com/archives/CEH9Y26D6/p1606838240060700
@patgmac I don't have an acct to that slack workspace. Can you copy the PDF here please
@sgiesbrecht there is no way to attach files here. It's free to sign up for that Slack and it's a great place to hang out and get help.
Interesting. We use Bomgar/Beyond Trust in our environment for remote support. We don't install any agents -- just a config profile on all machines that will allow the app to do it's thing. We have the use go to a website and click on the technicians name and it will initiate a remote session where the client will download and run a quick package. Allow screen recording and accept the connection. Done.
david_maestre Your method was working fine with Big Sur Mac machines.. So in this case only PPPC is enough and we can able to take remote of user machines without any issues. FYI, We can allow screen recording and accessibility through PPPC itself. Cheers buddy...
Can't access the direct link for Slack.
Any more hints for this problem ?
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.