So I'm futzing around with Casper Imaging and the firstRun script that it creates and have run into some frustration with Configuration Profiles and enrolling on OS X client. My test lab is at JSS 8.6 and OS X 10.8.1.
There are two scenarios:
I specify all of my "must be installed to the boot volume" packages to install at boot time during imaging so they get copied to the firstRun script. I also have a script that runs at reboot that names the Mac, binds it to AD, and runs a jamf enroll command. When the Mac is finished and does it's final reboot, it does not receive any device profiles. I have to log in as a local admin and run a sudo jamf enroll. jamf enroll sees that the Mac is already enrolled, deletes the entry, repushes it's certificate, enrolls it, and device profiles come down immediately. One more reboot and logging in as an end user gets user profilesto come down. Prior to running the enroll command, there isn't even a "profiles" system preference.
I "suppress" the jamf firstRun script, using my own jamfHelper fs script to install the "at boot time" packages. I have a dummy package set to install at reboot that runs a postflight script that calls this post-imaging script I wrote to install packages and then run this naming script (same script as in #1). Doing it this way results in an enrolled Mac with device profiles already being applied.
Any ideas? I'm kinda stumped, though I think it's in the order I have things running.
This is the syntax of the post-image script I wrote:
PostInstallTrigger=( 'InstallAdbeDesStd' 'InstallFlashPlayer' 'InstallFlip4Mac' 'InstalliPhoto' 'InstallMSOffice' 'InstallComboUpdate' 'InstallJava' 'InstallUTC' 'InstallSEP' 'ConfigureSystemSettings' )
fJamfHelper ()
{
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -heading "American Greetings ISD is finishing the imaging process" -description "We are finalizing the image on this computer. It will send a completion email to you and reboot when finished. Now performing action: ${PostInstallTrigger[$i]}." -icon /Library/Application Support/JAMF/EndUserSupport/AGRose.icns > /dev/null 2>&1 &
}
/usr/sbin/jamf policy -trigger InstallISDToolset &
## Get the Process ID of the last comand run in the background ($!)
PID=`echo "$!"`
wait $PID
## For each PostInstall trigger above, trigger the corresponding JAMF policy. We are going to do some magic by sending the trigger text to jamfHelper as a way of providing feedback to the imaging tech on what the imaging process is actually doing.
for (( i = 0; i < ${#PostInstallTrigger[@]} ; i++ ))
do
/usr/sbin/jamf policy -trigger "${PostInstallTrigger[$i]}" &
## Get the Process ID of the last comand run in the background ($!)
PID=`echo "$!"`
fJamfHelper
wait $PID
doneAnd the naming/joining/enrolling script that is applied with both methos one and two:
LOGPATH="/var/log/jamf.log"
NAME=`grep "Set Computer Name to" $LOGPATH | tail -1 | sed -e 's/.*Name to //'`
/usr/sbin/jamf setComputerName -target / -name "$NAME"
...AD OU Stuff ...
## Bind to AD in the appropriate OU based on IP segment where the computer is imaged
dsconfigad -f -a "$NAME" -u -p -ou "$ADOrgUnit" -domain agna.amgreetings.com
## COnfigure no UNC home path, enable mobile accounts quietly, force local home directories
dsconfigad -useuncpath disable -mobile enable -mobileconfirm disable -localhome enable
jamf enroll
