Skip to main content
Solved

Script to enroll Devices. Need help with adding credentials

S
Forum|alt.badge.img+7

I have a bit of dilemma where I need to remove Jamf Framework and enroll many devices at once.

 

I was thinking we can do something with a script:
#!/bin/bash

sudo jamf removeFramework

sudo jamf enroll -prompt -nopolicy

 

#After this is run, it would request for JSS and password.

 

 

This is where I am stuck. I understand this is a bad Security practice. But I still want to do this. I was thinking of creating a one-time account to do this push and removing the account.

With that said, my question is:

Is there a way to add the username and password inside the script so that when "sudo jamf enroll" runs, it uses the credential to bypass it?

 I don't want the users to enter the credentials instead use a one-time script to run everything and complete it.

Best answer by jamf-42

while its a 'very bad idea' it can be done via 'expect'  see 

https://daniel-ellis.medium.com/shell-script-submitting-a-password-after-a-prompt-690bcf144c0e

more the questions is why are you removing framework then re-enrolling.. ? what are you trying to achive?

if you have ABM - and prestage, you could run a 'profiles renew -type enrollment'  ..maybe?

View original
    Did this topic help you find an answer to your question?

    6 replies

    jamf-42
    Forum|alt.badge.img+17
    • jamf-42
    • Esteemed Contributor
    • 741 replies
    • Answer
    • April 10, 2024

    while its a 'very bad idea' it can be done via 'expect'  see 

    https://daniel-ellis.medium.com/shell-script-submitting-a-password-after-a-prompt-690bcf144c0e

    more the questions is why are you removing framework then re-enrolling.. ? what are you trying to achive?

    if you have ABM - and prestage, you could run a 'profiles renew -type enrollment'  ..maybe?

    scottb
    S
    dvasquez
    3 people like this
    • scottb
      scottb
    • S
      sudoErase
    • dvasquez
      dvasquez
    dvasquez
    Forum|alt.badge.img+16
    • dvasquez
    • Valued Contributor
    • 318 replies
    • April 10, 2024

    To be honest you should test, test, and test again. 

    But to try and accomplish this you can do the following

    #!/bin/bash

    active_user=$(stat -f "%Su" /dev/console) 

    sudo -u $active_user /usr/local/bin/jamf removeFramework

    sudo -u $active_user /usr/local/bin/jamf enroll -prompt -nopolicy

    I used a variable in combination with the first command to capture the current shell user and run the commands as that user.

    Could you test it and see how it goes?

    Best of luck. If I reply slowly it is due to being super busy at work. 

     

    dvasquez
    Forum|alt.badge.img+16
    • dvasquez
    • Valued Contributor
    • 318 replies
    • April 10, 2024

    @jamf-42 I agree.

    easyedc
    Forum|alt.badge.img+16
    • easyedc
    • Esteemed Contributor
    • 623 replies
    • April 18, 2024

    Not sure where you landed with this but there is one obvious flaw with running this

    sudo jamf removeFramework sudo jamf enroll -prompt -nopolicy

     step 1 - remove Jamf

    step 2 - there is no Jamf to call to perform the enrollment (because you removed them in step 1).

    S
    1 person likes this
    • S
      sudoErase
    S
    Forum|alt.badge.img+7
    • sudoErase
    • Author
    • Contributor
    • 37 replies
    • June 1, 2024
    easyedc wrote:

    Not sure where you landed with this but there is one obvious flaw with running this

    sudo jamf removeFramework sudo jamf enroll -prompt -nopolicy

     step 1 - remove Jamf

    step 2 - there is no Jamf to call to perform the enrollment (because you removed them in step 1).


    haha  yep I wasnt thinking... ðŸ˜‚

    easyedc
    Forum|alt.badge.img+16
    • easyedc
    • Esteemed Contributor
    • 623 replies
    • July 17, 2024

    I thought I'd drop this here in case anyone ever stumbles across this, but did you ever think about Jamf's re-enroller?You could remove/readd the same server theoretically.  https://github.com/jamf/ReEnroller

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings