Hey all,
Anybody managed to install Elastic agent via jamf pro?
during the installation process, it asks whether I want to instal it in /Library/agent and I have yes/no options
That is pausing the installation process and I need away to auto answer with yes !
Thoughts?
I haven't managed to get it to install correctly yet, but it sounds like you're missing an argument: -f
We just got this working. I modified the script so it checks for system architecture to determine whether the Intel or ARM (Apple silicon) installer should be used. Let me if you need a copy.
Interesting .. yes please share it with me
Interesting .. yes please share it with me
I'm 99% sure this works, but I've only tested it once since replacing the URLs in the script with parameters (for slightly easier/cleaner updates). If it doesn't work for you, try replacing {$4} and {$5} with the actual URLs:
#!/bin/bash -eux
# Single script to install the Elastic Agent (Intel and ARM versions) on macOS
# Checks architecture
arch_name="$(uname -m)"
# Create a temporary directory
tempdir=$(mktemp -d)
cd $tempdir
# Steps to complete on Intel-based Macs
if [[ "${arch_name}" = "x86_64" ]]; then
# Downloads the Elastic Agent and saves it to your computer in the directory specified
curl -OL {$4}
# Uses the Tar command to decompress the Elastic Agent and prepare it for installation
tar zxf elastic-agent-8.4.1-darwin-x86_64.tar.gz
# Enters the Elastic Agent directory that was decompressed in the previous step
cd elastic-agent-8.4.1-darwin-x86_64
# Steps to complete on ARM (Apple)-based Macs
elif [[ "${arch_name}" = "arm64" ]]; then
# Downloads the Elastic Agent and saves it to your computer in the directory specified
curl -OL {$5}
# Uses the Tar command to decompress the Elastic Agent and prepare it for installation
tar zxvf elastic-agent-8.4.1-darwin-aarch64.tar.gz
# Enters the Elastic Agent directory that was decompressed in the previous step
cd elastic-agent-8.4.1-darwin-aarch64
fi
# Uses "super user do" to install the Elastic Agent, sends data to Elastic Cloud, and enrolls it in Fleet so that updates to the Agent can be managed
sudo ./elastic-agent install -f --kibana-url=fleet-server-address --enrollment-token=enrollment-token
# Clean up, clean up
rm -rf $tempdir
In the policy, set parameter 4 to the URL for the Intel package and 5 to the URL for the ARM/Apple version.
@Bretterson it works perfectly, thanks
@Bretterson it works perfectly, thanks
Sure thing! Though I just realized I should probably make it so the parameters replace the file name rather than the URL. The way I have it now, to update it you have to replace the URL parameter as well as the file name a few times in the script itself. Here's an updated version (that I just tested successfully):
#!/bin/bash -eux
# Single script to install the Elastic Agent (Intel and ARM versions) on macOS
# Checks architecture
arch_name="$(uname -m)"
# Create a temporary directory
tempdir=$(mktemp -d)
cd $tempdir
# Steps to complete on Intel-based Macs
if [[ "${arch_name}" = "x86_64" ]]; then
# Downloads the Elastic Agent and saves it to your computer in the directory specified
curl -OL https://artifacts.elastic.co/downloads/beats/elastic-agent/${4}.tar.gz
# Uses the Tar command to decompress the Elastic Agent and prepare it for installation
tar zxf ${4}.tar.gz
# Enters the Elastic Agent directory that was decompressed in the previous step
cd ${4}
# Steps to complete on ARM (Apple)-based Macs
elif [[ "${arch_name}" = "arm64" ]]; then
# Downloads the Elastic Agent and saves it to your computer in the directory specified
curl -OL https://artifacts.elastic.co/downloads/beats/elastic-agent/${5}.tar.gz
# Uses the Tar command to decompress the Elastic Agent and prepare it for installation
tar zxvf ${5}.tar.gz
# Enters the Elastic Agent directory that was decompressed in the previous step
cd ${5}
fi
date
# Uses "super user do" to install the Elastic Agent, sends data to Elastic Cloud, and enrolls it in Fleet so that updates to the Agent can be managed
sudo ./elastic-agent install -f --url=https://siemfleet1a.hq.overdrive.com:8220 --enrollment-token=bEQ5emhZTUIweHJYSkJOanlPQVc6TG1mTTZFZWNTX0dWX2xFZ0VhUGdDdw==
# Clean up, clean up
rm -rf $tempdir
Now I have parameter 4 set to "elastic-agent-8.4.1-darwin-x86_64" and 5 as "elastic-agent-8.4.1-darwin-aarch64".
Tada!
@Bretterson Have you managed to grey out the elastic-agent in Login items in Ventura!?
i tried using a service management profile where I used the BundleID and TeamID but still not working !!
@Bretterson Have you managed to grey out the elastic-agent in Login items in Ventura!?
i tried using a service management profile where I used the BundleID and TeamID but still not working !!
I'm not currently running Ventura on my test machine, but I don't have anything for Elastic in "Login items." I'm pretty sure we haven't pushed Elastic Security yet, just the agent. I'll try to look into it and let you know.
I managed to grey it out in the login windows using LabelPrefix co.elastic
Just in case it shows up later in the login items in Ventura.
I managed to grey it out in the login windows using LabelPrefix co.elastic
Just in case it shows up later in the login items in Ventura.
I was able to do the same yesterday. Good call on the prefer rather than regular label!
Is there any way to setup full disk access for the Endpoint agent?
Is there any way to setup full disk access for the Endpoint agent?
Elastic has a Python script that'll create a configuration profile for you. It includes full disk access: https://github.com/elastic/endpoint/blob/main/deployment/macos/mobiledevicemanagement/mobile_config_gen.py
I love this community so much. Thank you all for your work
Elastic has a Python script that'll create a configuration profile for you. It includes full disk access: https://github.com/elastic/endpoint/blob/main/deployment/macos/mobiledevicemanagement/mobile_config_gen.py
Im having trouble getting this to deploy, and there isnt really much info about it on that GitHub page, have you gotten this to work?
Im having trouble getting this to deploy, and there isnt really much info about it on that GitHub page, have you gotten this to work?
Yep, I used it successfully.
Just because I'm a little unclear what you mean by deploy, you aren't trying to deploy the Python script itself, are you? Because it's something you run locally to create a profile you can upload to Jamf.
Yep, I used it successfully.
Just because I'm a little unclear what you mean by deploy, you aren't trying to deploy the Python script itself, are you? Because it's something you run locally to create a profile you can upload to Jamf.
No not the script directly. I used the script to build the .mobileconfig profile, I just cant get the config profile to reach the machine.
No not the script directly. I used the script to build the .mobileconfig profile, I just cant get the config profile to reach the machine.
Ok, so, what's happening..? I'm pretty sure all I did was upload the profile to Jamf and scope it.
Apologies if this redundant-
I was able to get the installer to go on silently-
1st I used mobile config generator in their Github:
https://github.com/elastic/endpoint/blob/main/deployment/macos/mobiledevicemanagement/mobile_config_gen.py
I made that config profile "user removable" and deployable via self service.
then created a policy that executed the below script as a script payload:
# Checks Architecture
arch_name="$(uname -m)"
tarname="$4"
tarnameintel="$5"
installtoken="$6"
# Makes JAMF managed Dir
if [ -a /Applications/JAMF_Managed/ ];
then
echo "JAMF_Managed - Dir exists."
else
mkdir /Applications/JAMF_Managed
fi
# Steps to complete on ARM (Apple)-based Macs
if [[ "${arch_name}" = "arm64" ]]; then
# Downloads the Elastic Agent and saves it to your computer in the directory specified
sudo curl -Lo /Applications/JAMF_Managed/"$tarname".tar.gz https://artifacts.elastic.co/downloads/beats/elastic-agent/"$tarname".tar.gz
# Uses the Tar command to decompress the Elastic Agent and prepare it for installation
sudo tar xzvf /Applications/JAMF_Managed/"$tarname".tar.gz -C /Applications/JAMF_Managed
# Enters the Elastic Agent directory and Enrolls
sudo /Applications/JAMF_Managed/"$tarname"/elastic-agent install --url=[[your_fleet_URL_here]]:443 --enrollment-token=$installtoken -f -n
fi
# Steps to complete on Intel-based Macs
if [[ "${arch_name}" = "x86_64" ]]; then
# Downloads the Elastic Agent and saves it to your computer in the directory specified
sudo curl -Lo /Applications/JAMF_Managed/"$tarnameintel".tar.gz https://artifacts.elastic.co/downloads/beats/elastic-agent/"$tarnameintel".tar.gz
# Uses the Tar command to decompress the Elastic Agent and prepare it for installation
sudo tar xzvf /Applications/JAMF_Managed/"$tarnameintel".tar.gz -C /Applications/JAMF_Managed
# Enters the Elastic Agent directory and Enrolls
sudo /Applications/JAMF_Managed/"$tarnameintel"/elastic-agent install --url=[[your_fleet_URL_here]]:443 --enrollment-token=$installtoken -f -n
fi
rm -rf /Applications/JAMF_Managed/"$tarname"
rm -rf /Applications/JAMF_Managed/"$tarname".tar.gz
I also created extension attributes too:
#v2 - Title and Status
#Fleet Status
result=$(sudo elastic-agent status --output human | grep -m2 'fleet\\|status:')
echo "<result>$result</result>"
exit 0
#Elastic Agent Status
result=$(sudo elastic-agent status --output human | grep -m3 'elastic-agent\\|status:' | tail -2)
echo "<result>$result</result>"
exit 0
#Endpoint-Default 1 Status
result=$(sudo elastic-agent status --output human | grep -m4 'endpoint-\\|status:' | tail -2)
echo "<result>$result</result>"
exit 0
#Endpoint-Default 1.1 Status
result=$(sudo elastic-agent status --output human | grep -m6 'endpoint-\\|status:' | tail -2)
echo "<result>$result</result>"
exit 0
#Endpoint-Default 1.2 Status
result=$(sudo elastic-agent status --output human | grep -m8 'endpoint-\\|status:' | tail -2)
echo "<result>$result</result>"
exit 0
In the policy I added the files and process payload to execute the installation of the config profile vis jamfselfservice url:
We use a workbench directory called JAMF_Managed, but you can curl it to where ever you want. The install goes pretty quiet... All thats missing, is dynamic way to get the version numbers of the installer to make it an auto-update script. But the key here is the post install shell command that installs the config profile after the install finishes to enable and system extension and grant full disk access for the executables.
Currently working on a non-interactive uninstaller. I'm close, currently users have to remove the config profile 1st via the remove button in Self Service and then launch the uninstaller policy. I just need to figure out how to uninstall the config profile via shell script....
Hope that helps
Apologies if this redundant-
I was able to get the installer to go on silently-
1st I used mobile config generator in their Github:
https://github.com/elastic/endpoint/blob/main/deployment/macos/mobiledevicemanagement/mobile_config_gen.py
I made that config profile "user removable" and deployable via self service.
then created a policy that executed the below script as a script payload:
# Checks Architecture
arch_name="$(uname -m)"
tarname="$4"
tarnameintel="$5"
installtoken="$6"
# Makes JAMF managed Dir
if [ -a /Applications/JAMF_Managed/ ];
then
echo "JAMF_Managed - Dir exists."
else
mkdir /Applications/JAMF_Managed
fi
# Steps to complete on ARM (Apple)-based Macs
if [[ "${arch_name}" = "arm64" ]]; then
# Downloads the Elastic Agent and saves it to your computer in the directory specified
sudo curl -Lo /Applications/JAMF_Managed/"$tarname".tar.gz https://artifacts.elastic.co/downloads/beats/elastic-agent/"$tarname".tar.gz
# Uses the Tar command to decompress the Elastic Agent and prepare it for installation
sudo tar xzvf /Applications/JAMF_Managed/"$tarname".tar.gz -C /Applications/JAMF_Managed
# Enters the Elastic Agent directory and Enrolls
sudo /Applications/JAMF_Managed/"$tarname"/elastic-agent install --url=[[your_fleet_URL_here]]:443 --enrollment-token=$installtoken -f -n
fi
# Steps to complete on Intel-based Macs
if [[ "${arch_name}" = "x86_64" ]]; then
# Downloads the Elastic Agent and saves it to your computer in the directory specified
sudo curl -Lo /Applications/JAMF_Managed/"$tarnameintel".tar.gz https://artifacts.elastic.co/downloads/beats/elastic-agent/"$tarnameintel".tar.gz
# Uses the Tar command to decompress the Elastic Agent and prepare it for installation
sudo tar xzvf /Applications/JAMF_Managed/"$tarnameintel".tar.gz -C /Applications/JAMF_Managed
# Enters the Elastic Agent directory and Enrolls
sudo /Applications/JAMF_Managed/"$tarnameintel"/elastic-agent install --url=[[your_fleet_URL_here]]:443 --enrollment-token=$installtoken -f -n
fi
rm -rf /Applications/JAMF_Managed/"$tarname"
rm -rf /Applications/JAMF_Managed/"$tarname".tar.gz
I also created extension attributes too:
#v2 - Title and Status
#Fleet Status
result=$(sudo elastic-agent status --output human | grep -m2 'fleet\\|status:')
echo "<result>$result</result>"
exit 0
#Elastic Agent Status
result=$(sudo elastic-agent status --output human | grep -m3 'elastic-agent\\|status:' | tail -2)
echo "<result>$result</result>"
exit 0
#Endpoint-Default 1 Status
result=$(sudo elastic-agent status --output human | grep -m4 'endpoint-\\|status:' | tail -2)
echo "<result>$result</result>"
exit 0
#Endpoint-Default 1.1 Status
result=$(sudo elastic-agent status --output human | grep -m6 'endpoint-\\|status:' | tail -2)
echo "<result>$result</result>"
exit 0
#Endpoint-Default 1.2 Status
result=$(sudo elastic-agent status --output human | grep -m8 'endpoint-\\|status:' | tail -2)
echo "<result>$result</result>"
exit 0
In the policy I added the files and process payload to execute the installation of the config profile vis jamfselfservice url:
We use a workbench directory called JAMF_Managed, but you can curl it to where ever you want. The install goes pretty quiet... All thats missing, is dynamic way to get the version numbers of the installer to make it an auto-update script. But the key here is the post install shell command that installs the config profile after the install finishes to enable and system extension and grant full disk access for the executables.
Currently working on a non-interactive uninstaller. I'm close, currently users have to remove the config profile 1st via the remove button in Self Service and then launch the uninstaller policy. I just need to figure out how to uninstall the config profile via shell script....
Hope that helps
This seems very similar to the script I posted earlier on this thread. I might give those extension attributes a try though.
I'm not sure why you'd need to remove the config profile to uninstall it. I have the profile scoped, with the full disk access and system extension bits, to all machines all the time and it hasn't been an issue.
I had to mess with uninstallation a bunch pretty recently because some installs were inconsistent and wouldn't update from the server. This is the uninstall script I ended up with: (note: I have it run inventory at the end so Jamf sees Elastic missing and puts the machine in scope for the installation policy, which I also trigger at the end)
#!/bin/zsh
/Library/Elastic/Agent/elastic-agent uninstall -f
if [[ -e /Library/LaunchDaemons/co.elastic.elastic-agent.plist ]]; then
echo "Elastic Agent is still installed, removing manually..."
launchctl bootout system/co.elastic.elastic-agent
launchctl bootout system/co.elastic.endpoint
rm /Library/LaunchDaemons/co.elastic.elastic-agent.plist
rm -R /Library/Elastic/Agent
fi
if [[ -e /Library/Elastic/Endpoint/elastic-endpoint ]]; then
echo "Elastic Endpoint is still installed, attempting to uninstall..."
cd /tmp
cp /Library/Elastic/Endpoint/elastic-endpoint elastic-endpoint
/tmp/elastic-endpoint uninstall
rm elastic-endpoint
fi
if [[ -e /Applications/ElasticEndpoint.app ]]; then
echo "Elastic Endpoint is still installed or the app got left behind, attempting to remove..."
rm /Library/LaunchDaemons/co.elastic.endpoint.plist
rm -R /Library/Elastic
rm -R /Applications/ElasticEndpoint.app
fi
jamf recon
sleep 10
jamf policy -id 54
exit 0
This seems very similar to the script I posted earlier on this thread. I might give those extension attributes a try though.
I'm not sure why you'd need to remove the config profile to uninstall it. I have the profile scoped, with the full disk access and system extension bits, to all machines all the time and it hasn't been an issue.
I had to mess with uninstallation a bunch pretty recently because some installs were inconsistent and wouldn't update from the server. This is the uninstall script I ended up with: (note: I have it run inventory at the end so Jamf sees Elastic missing and puts the machine in scope for the installation policy, which I also trigger at the end)
#!/bin/zsh
/Library/Elastic/Agent/elastic-agent uninstall -f
if [[ -e /Library/LaunchDaemons/co.elastic.elastic-agent.plist ]]; then
echo "Elastic Agent is still installed, removing manually..."
launchctl bootout system/co.elastic.elastic-agent
launchctl bootout system/co.elastic.endpoint
rm /Library/LaunchDaemons/co.elastic.elastic-agent.plist
rm -R /Library/Elastic/Agent
fi
if [[ -e /Library/Elastic/Endpoint/elastic-endpoint ]]; then
echo "Elastic Endpoint is still installed, attempting to uninstall..."
cd /tmp
cp /Library/Elastic/Endpoint/elastic-endpoint elastic-endpoint
/tmp/elastic-endpoint uninstall
rm elastic-endpoint
fi
if [[ -e /Applications/ElasticEndpoint.app ]]; then
echo "Elastic Endpoint is still installed or the app got left behind, attempting to remove..."
rm /Library/LaunchDaemons/co.elastic.endpoint.plist
rm -R /Library/Elastic
rm -R /Applications/ElasticEndpoint.app
fi
jamf recon
sleep 10
jamf policy -id 54
exit 0
I'll give yours a try, heres what I have so far-
I didn't think I needed to remove the profile either but when i watch the uninstaller process, the files don't remove until i uninstall the config profile... heres my script so far :
Thanks!
#Unload Launch Daemons and Kills Process
sudo launchctl unload /Library/LaunchDaemons/co.elastic.elastic-agent.plist
sudo launchctl unload /Library/LaunchDaemons/co.elastic.endpoint.plist
sudo profiles remove -type='configuration' -identifier='UID goes here' -verbose
agentvar=$(pgrep elastic-agent)
endpointvar=$(pgrep elastic-endpoint)
filebeatvar=$(pgrep filebeat)
echo "this is var 1:$agentvar"
echo "this is var 2:$endpointvar"
echo "this is var 3:$filebeatvar"
sudo kill -9 $agentvar
sudo kill -9 $endpointvar
sudo kill -9 $filebeatvar
#Deletes Files
sudo rm -rf /Library/Elastic/*
sudo rm -rf /Library/Elastic
sudo rm -rf /Applications/Elastic\\ Security.app
sudo rm -rf /Applications/ElasticEndpoint.app
sudo rm -rf /Library/LaunchDaemons/co.elastic.endpoint.plist
sudo rm -rf /Library/LaunchDaemons/co.elastic.elastic-agent.plist
This seems very similar to the script I posted earlier on this thread. I might give those extension attributes a try though.
I'm not sure why you'd need to remove the config profile to uninstall it. I have the profile scoped, with the full disk access and system extension bits, to all machines all the time and it hasn't been an issue.
I had to mess with uninstallation a bunch pretty recently because some installs were inconsistent and wouldn't update from the server. This is the uninstall script I ended up with: (note: I have it run inventory at the end so Jamf sees Elastic missing and puts the machine in scope for the installation policy, which I also trigger at the end)
#!/bin/zsh
/Library/Elastic/Agent/elastic-agent uninstall -f
if [[ -e /Library/LaunchDaemons/co.elastic.elastic-agent.plist ]]; then
echo "Elastic Agent is still installed, removing manually..."
launchctl bootout system/co.elastic.elastic-agent
launchctl bootout system/co.elastic.endpoint
rm /Library/LaunchDaemons/co.elastic.elastic-agent.plist
rm -R /Library/Elastic/Agent
fi
if [[ -e /Library/Elastic/Endpoint/elastic-endpoint ]]; then
echo "Elastic Endpoint is still installed, attempting to uninstall..."
cd /tmp
cp /Library/Elastic/Endpoint/elastic-endpoint elastic-endpoint
/tmp/elastic-endpoint uninstall
rm elastic-endpoint
fi
if [[ -e /Applications/ElasticEndpoint.app ]]; then
echo "Elastic Endpoint is still installed or the app got left behind, attempting to remove..."
rm /Library/LaunchDaemons/co.elastic.endpoint.plist
rm -R /Library/Elastic
rm -R /Applications/ElasticEndpoint.app
fi
jamf recon
sleep 10
jamf policy -id 54
exit 0
I actually figured out a work around for the uninstaller.
I just wrapped my uninstaller sh command inside a function, and the call the function 2x with a sleep 10 in between. That seems to work for me, and I don't need to remove the config profile.
#!/bin/bash
elasticUninstall(){
/Library/Elastic/Agent/elastic-agent uninstall -f
if [[ -e /Library/LaunchDaemons/co.elastic.elastic-agent.plist ]]; then
echo "Elastic Agent is still installed, removing manually..."
#Unload Launch Daemons and Kills Process
sudo launchctl bootout system/co.elastic.elastic-agent
sudo launchctl bootout system/co.elastic.endpoint
sudo launchctl unload /Library/LaunchDaemons/co.elastic.elastic-agent.plist
sudo launchctl unload /Library/LaunchDaemons/co.elastic.endpoint.plist
sudo profiles remove -type='configuration' -identifier='Profile UID goes here' -verbose
sudo rm -rf /Library/LaunchDaemons/co.elastic.elastic-agent.plist
fi
agentvar=$(pgrep elastic-agent)
endpointvar=$(pgrep elastic-endpoint)
filebeatvar=$(pgrep filebeat)
echo "this is var 1:$agentvar"
echo "this is var 2:$endpointvar"
echo "this is var 3:$filebeatvar"
sudo kill -9 $agentvar
sudo kill -9 $endpointvar
sudo kill -9 $filebeatvar
if [[ -e /Library/Elastic/Endpoint/elastic-endpoint ]]; then
echo "Elastic Endpoint is still installed, attempting to uninstall..."
sudo launchctl unload /Library/LaunchDaemons/co.elastic.endpoint.plist
sudo launchctl bootout system/co.elastic.endpoint
sudo rm -rf /Library/LaunchDaemons/co.elastic.endpoint.plist
fi
#Deletes Files
sudo rm -rf /Library/Elastic/*
sudo rm -rf /Library/Elastic
sudo rm -rf /Applications/Elastic\\ Security.app
sudo rm -rf /Applications/ElasticEndpoint.app
}
elasticUninstall
sleep 10
elasticUninstall
exit 0
I actually figured out a work around for the uninstaller.
I just wrapped my uninstaller sh command inside a function, and the call the function 2x with a sleep 10 in between. That seems to work for me, and I don't need to remove the config profile.
#!/bin/bash
elasticUninstall(){
/Library/Elastic/Agent/elastic-agent uninstall -f
if [[ -e /Library/LaunchDaemons/co.elastic.elastic-agent.plist ]]; then
echo "Elastic Agent is still installed, removing manually..."
#Unload Launch Daemons and Kills Process
sudo launchctl bootout system/co.elastic.elastic-agent
sudo launchctl bootout system/co.elastic.endpoint
sudo launchctl unload /Library/LaunchDaemons/co.elastic.elastic-agent.plist
sudo launchctl unload /Library/LaunchDaemons/co.elastic.endpoint.plist
sudo profiles remove -type='configuration' -identifier='Profile UID goes here' -verbose
sudo rm -rf /Library/LaunchDaemons/co.elastic.elastic-agent.plist
fi
agentvar=$(pgrep elastic-agent)
endpointvar=$(pgrep elastic-endpoint)
filebeatvar=$(pgrep filebeat)
echo "this is var 1:$agentvar"
echo "this is var 2:$endpointvar"
echo "this is var 3:$filebeatvar"
sudo kill -9 $agentvar
sudo kill -9 $endpointvar
sudo kill -9 $filebeatvar
if [[ -e /Library/Elastic/Endpoint/elastic-endpoint ]]; then
echo "Elastic Endpoint is still installed, attempting to uninstall..."
sudo launchctl unload /Library/LaunchDaemons/co.elastic.endpoint.plist
sudo launchctl bootout system/co.elastic.endpoint
sudo rm -rf /Library/LaunchDaemons/co.elastic.endpoint.plist
fi
#Deletes Files
sudo rm -rf /Library/Elastic/*
sudo rm -rf /Library/Elastic
sudo rm -rf /Applications/Elastic\\ Security.app
sudo rm -rf /Applications/ElasticEndpoint.app
}
elasticUninstall
sleep 10
elasticUninstall
exit 0Interesting that it works fine if you loop it and manages to remove the profile. I still find it strange that the profile is causing an issue for you; I wonder how yours differs from mine. Mine is computer level rather than user level, maybe that matters?
I'm also surprised your script doesn't give you a hard time about using "launctl unload", whenever I use unload these days it just complains about it being deprecated. Though they should already be unloaded by the time it gets to that spot in the script.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.