We need to prevent the user from uninstalling the client. So far, I have not found a reliable way to do this It is easily doable on Windows systems..
I was able to download the Double-Click To Deploy Pinned Client.app from the Bomgar Web GUI. I put that in /private/var/tmp and used Composer to build a non-flat package with a a postflight script. The contents of the postflight script is:
"#!/bin/sh
cd /private/var/tmp/Bomgar/Double-Click To Deploy Pinned Client.app/Contents/MacOS/
sh ./mount_dmg_and_exec__bundle.sh"
Has any of you gentle folk tried deploying Bomgar Button, and managed to do it successfully?
I think I have the jump client installation working based on a combination of what I've learned here. Thanks for everyone's input. The only problem is when I check the status in the dashboard, it is showing failures for all of the machines that the policy ran on. It appears from the log that there is a failure in the script, which I copied straight from here.
Can anyone hazard a guess what is causing the failure notice? When I check /Library/Application Support/JAMF/Waiting Room/ the bomgar DMG file is indeed gone. I've anonymized some of the package and token info below, but this is the output on one of the installs that shows the install failed.
Executing Policy Install Bomgar Jump Client
Caching package bomgar-scc-w0idc30w6xyzab9e6jzz5ij66h93efi8zwhjwi6c40jc90.dmg...
Downloading https://ccm.jamfcloud.com/download/9e5af8f609cj4be881857481140e612c/bomgar-scc-w0idc30w6xyzab9e6jzz5ij66h93efi8zwhjwi6c40jc90.dmg?token=6e7ee14ae81548aa9566d04229f53c45a67jf4ojn2xwn4wchih1vfdpljzc28rq...
Verifying DMG...
Running script Deploy Bomgar Jump Client...
Script exit code: 1
Script result: expected CRC32 $F98C9DFA
/dev/disk3 GUID_partition_scheme
/dev/disk3s1 Apple_HFS /Volumes/bomgar-scc
hdiutil: detach failed - No such file or directory
rm: /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0idc30w6xyzab9e6jzz5ij66h93efi8zwhjwi6c40jc90.dmg: No such file or directory
Error running script: return code was 1.
Running Recon...
Retrieving inventory preferences from https://chapman.jamfcloud.com/...
Locating accounts...
Locating package receipts...
Searching path: /Applications
Locating software updates...
Locating plugins...
Locating printers...
Gathering application usage information...
@macmanmk
I just had this same issue, and noticed that it was installing and working just fine from my Bomgar Console. I simply commented out the following:
# hdiutil detach /Volumes/bomgar-scc
# sleep 15
# rm -R /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0idc30jfd5661jwzj8i7we1z1gzeg868f15hw1c40jc90.dmg
I believe the volume is un-mounting automatically once the JUMP Client install completes, and the DMG is removing itself from the cache automatically as well. These steps fail when it can't find the volume or DMG.
I commented them out so I can easily switch back if needed.
Also, I added a UID variable, so I do not need to edit the paths when a new installer is created. Now my script looks like this:
#!/bin/bash
# UID for the current Bomgar DMG (Bomgar DMGs expire after a specified time, or after each update to the Bomgar server)
BOMGARUID="w0idc30jfd5661jwzj8i7we1z1gzeg868f15hw1c40jc90"
# Check that the Bomgar DMG us cached prior to running this script
if [ -a "/Library/Application Support/JAMF/Waiting Room/bomgar-scc-$BOMGARUID.dmg" ]; then
# Attach the DMG
hdiutil attach /Library/Application Support/JAMF/Waiting Room/bomgar-scc-$BOMGARUID.dmg
# Run the installer and wait for install to complete
/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust
sleep 90
# Unmount the disk image, and wait for unmount to complete
# hdiutil detach /Volumes/bomgar-scc
# sleep 15
# Delete the DMG
# rm -R /Library/Application Support/JAMF/Waiting Room/bomgar-scc-$BOMGARUID.dmg
else
echo "Bomgar NOT Present"
fi
@htabata I tried your full workflow and I get this error.
Executing Policy Bomgar Remote Install
Caching package bomgar-scc-w0edc30he7wjjeiifihyzwfz5gfzz7d81x7xzzyc40hc90.dmg...
Downloading https://ccm.jamfcloud.com//download/93da0543f694464faef3ebd721b3b123/bomgar-scc-w0edc30he7wjjeiifihyzwfz5gfzz7d81x7xzzyc40hc90.dmg?token=20d56dd340be40b6b31837370a27bf516mn2sa5t78x3mgao0rlgwehchiio7sl1...
Verifying DMG...
Running script Bomgar Install...
Script exit code: 1
Script result: expected CRC32 $145AE782
/dev/disk2 GUID_partition_scheme
/dev/disk2s1 Apple_HFS /Volumes/bomgar-scc
hdiutil: detach failed - No such file or directory
rm: /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc30he7wjjeiifihyzwfz5gfzz7d81x7xzzyc40hc90.dmg: No such file or directory
Error running script: return code was 1.
@kericson, the advice given to me by @jmig in the post above yours was spot on. The volume is un-mounting and the DMG is being removed from cache, which causes the script failure. I commented out a few lines of my script based on his advice and I haven't had a failure since. Here's what I have been using...
#!/bin/bash
# The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...
if [ -a "/Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc308j7ghizzgz6x588zy7ei88zzegexzew6c40hc90.dmg" ]; then
# Attach the Disk Image
hdiutil attach /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc308j7ghizzgz6x885zy7ei88zzegexzew6c40hc90.dmg
# Run the installer
/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust
# Wait a minute for it to finish up
sleep 60
# Unmount the disk image
# hdiutil detach /Volumes/bomgar-scc
# Wait for the unmount to complete
# sleep 15
# Delete the disk image
# rm -R /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc308j7ghizzgz6x885zy7ei88zzegexzew6c40hc90.dmg
else
echo "Bomgar NOT Present"
fi
First, thank you to everyone contributing to this thread it's been very helpful deploying Bomgar via jamf. Once the script executes, our end users are presented with a short(approx 2-3 seconds) splash screen that looks like two computers connecting (as the bomgar service connects to our cloud instance). Has anyone found a way to make the install completely silent with no splash screen presented? Bomgar support advises to use the --silent switch however I'm unsure where to add this command during the script sequence.
Here's the script I'm currently using:
#!/bin/bash
# The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...
if [ -a "/Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc30zygihyzd71h6ydyw8e5jy5izdxegz6wfc40hc90.dmg" ]; then
# Attach the Disk Image
hdiutil attach /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc30zygihyzd71h6ydyw8e5jy5izdxegz6wfc40hc90.dmg
# Run the installer
/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust
# Wait a minute for it to finish up
sleep 60
# Unmount the disk image
hdiutil detach /Volumes/bomgar-scc
# Wait for the unmount to complete
sleep 15
# Delete the disk image
rm -R /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc30zygihyzd71h6ydyw8e5jy5izdxegz6wfc40hc90.dmg
else
echo "Bomgar NOT Present"
fi
/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust --silent
I would probably put this in Self Service vs pushing via policy, and scope to group with cached
We just implemented Beyond Trust, and I basically did what everybody else here is doing, with some small tweaks. I don't like cacheing things. I generally create two stand-alone policies. One for a push install, and the second self service scoped to my Technicians AD Security group. Here are my steps:
1. I created a package in composer to store the Beyond Trust DMG file in /var/tmp/ - basically a copy and paste with correct permissions
2. uploaded the package into Jamf Pro :)
3. I then created the script directly in Jamf Pro, just modified to reflect the tmp directory
4. Created a new policy with the package and the script as "after"
5. Deployed as a push and to my techs
Has anyone been able to get around Catalina erroring the script out due to the OS not being able to scan the jump client for malicious software?
Update 12/16/19: I accomplished this by removing the quarantine attribute from the .dmg file prior to uploading it to the Jamf Server.
xattr -rd com.apple.quarantine
@mbatchelder Could you explain in more detail what you did to fix this? I am currently running into this issue. Are you simply opening Terminal and running this command?
xattr -rd com.apple.quarantine
Thanks!
@Jimbo Hi Jimmy,
Yeah, it's as quick as that. Open a terminal window and put that command in and then you can drag your bomgar .dmg file into the window to append it and hit enter. That should remove the quarantine attribute and you should be good to go to upload it to your Jamf server. I don't know what triggered in Catalina for this to start happening. Even after upgrading our BeyondTrust appliance to the supported Catalina build it was a no go. I just wish they made it so we didn't have to disc jockey the files out every year.
If you haven't already, you may need to configure a payload for the privacy preferences policy control. We had to do this because the screen sharing wasn't working since Mojave
@mbatchelder Hey, I think I got it working, thank you! Still doing some testing.
I have created a privacy preferences policy using the PPPC Utility tool from jamf. But for the Screen Recording privacy preferences it only allows you to select "Deny". Which means our users will need to manually check the checkbox when attempting to connect to them.
Your comment about created a payload for those privacy settings make it sound like you've found a way around this? From what I understand, Apple has blocked the ability to allow, and therefore must require user input.
Has anyone managed to make the client installation truly silent? The 'sdcust --silent' switch still results in the "two computers connecting" splash screen appearing after the agent is installed. We'd obviously prefer for this not to happen.
Has anyone figured out how to use the flags other than --silent to do anything? I'd love to have the computer 'name' field show up with the user's name who was logged in during install. Would make it easier to identify my endpoints.
Does the client software show up for anyone after installation? Version 19 (we jumped from version 16) is installing in /Applications/.com.bomgar.scc.<uniqueid>/Remote Support Customer Client.app, but doesn't show up in the machine's inventory afterwards? Is this going to require an EA to look for it specifically? Or is this just me...
@cwaldrip Short answer: Yes. I created an EA that checks if it's running since I've had to remove and reinstall the agent a number of times during my testing and didn't want to mess with the uniqueid in the folder name. Here's what I use:
#!/bin/bash
count=$(ps aux | grep bomgar | wc -l)
if [ $count -gt 1 ]; then
echo "<result>YES</result>"
else
echo "<result>NO</result>"
fi
For testing I added the $count variable to the result. You have to check for more than 1 running because it appears that with failed installations you'll still report back that one service is running. But if you get more than one, it's actually up and running.
Thank you everyone for sharing, its very helpful. I used a combination of all the above suggestions and I thought I ll share what I did in case someone else needs it:
1. Download the DMG and run the following commands:
xattr -rd com.apple.quarantine /Users/user/Downloads/bomgar-scc-w0idc30jfd5661jwzj8i7we1z1gzeg868f15hw1c40jc90.dmg
hdiutil internet-enable -no /Users/user/Downloads/bomgar-scc-w0idc30jfd5661jwzj8i7we1z1gzeg868f15hw1c40jc90.dmg
2. Upload the DMG to JAMF Pro
3. Create a policy to "cache" this DMG and the below script "after":
#!/bin/bash
# The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...
if [ -a "/Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc308j7ghizzgz6x588zy7ei88zzegexzew6c40hc90.dmg" ]; then
# Attach the Disk Image
hdiutil attach /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc308j7ghizzgz6x885zy7ei88zzegexzew6c40hc90.dmg
# Run the installer
/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust
# Wait a minute for it to finish up
sleep 60
# Unmount the disk image
# hdiutil detach /Volumes/bomgar-scc
# Wait for the unmount to complete
# sleep 15
# Delete the disk image
# rm -R /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc308j7ghizzgz6x885zy7ei88zzegexzew6c40hc90.dmg
else
echo "Bomgar NOT Present"
fi
4 . Create an EA to report if BeyondTrust is installed and hook it up to a smartgroup:
#!/bin/bash
count=$(ps aux | grep bomgar | wc -l)
if [ $count -gt 1 ]; then
echo "<result>YES</result>"
else
echo "<result>NO</result>"
fi
This works:
If you're on the MacAdmins Slack, join the Bomgar channel. A BeyondTrust employee posted a PDF that will eventually replace the KB article on the BeyondTrust site for mass deployment.
Here's a direct link: https://macadmins.slack.com/archives/CEH9Y26D6/p1606838240060700
There is misinformation in this document. The process is correct, however the file path specified for the DMG file is incorrect. The workflow of caching a package (or in this case a DMG file) start by downloading into "/Library/Application Support/JAMF/Downloads" and then once completed the file moves to "/Library/Application Support/JAMF/Waiting Room". The document specifies the Downloads folder, however the actual path is in the Waiting Room folder.
I spent a lot of time trying to create a policy to deploy BeyondTrust Remote using the above methods. Here is what worked for me. Thank you to the #bomgar Slack channel. Page 21
Deploying the Jump Client
