anyone can help me out on jamf connect from 2.11 to 2.12

Laura7878
New Contributor II

I know this properly very easy to do, but i pretty new on the jamf . if anyone can assist that would be very appreciated!

we have patch management setup by jamf trainer that we setup earlier, it shows below and remind me to update the package. 

Laura7878_0-1652134090999.png

I have downloaded the latest dmg form jamf account , i mount it and put the "jamf connect configuration.app" to the application folder .  one of the jamf connect updated, but the other still 2.12. same with the patch management too. please advise. 

 

Laura7878_1-1652134323721.png

Laura7878_2-1652134332696.png

 

 

 

 

 

1 ACCEPTED SOLUTION

YanW
Contributor III

No. If you have installed the certificate to the Keychain, you're Gucci now. Make sure you have selected that when creating packages to use in Pre-Stage Enrollment packages. In Composer > Preferences > Packaging > Check "Sign With" and select the certificate from your Keychain. That's how you sign the package. You could've stopped at "Signing a Custom Configuration Profile with the Installed Certificate" section or anything beyond that because they don't apply to you.  You've "knighted" that computer sort of speak🙄

Again, any packages to use in policies, you can use any computer with Composer. Just use the "knighted" computer for any Pre-Stage Enrollment packages. 

View solution in original post

12 REPLIES 12

YanW
Contributor III

I don't see you mention installing the JamfConnect.pkg. Jamf Connect Configuration is for the admin, not for everyone.  

JamfConnect.png

For deployment, we use Jamf Connect built-in Deployment and Update which can be found in Jamf Applications. We don't care to keep it up-to-date, usually skip several versions. 

Deployment and Update Settings.png

Laura7878
New Contributor II

do you use the configuration profile above to automatically deploy and update ? 

The jamf trainer they create 3 packages via policy .for us at the time i forgot where to located. i checked back to success team , they have no clue too 

YanW
Contributor III

If I'm not mistaken, the packages should be the JamfConnect and LaunchAgent. Some organization have additional package with their own logos and wallpapers to customize the Login screen and Menu Bar icon. You should be able to find them in "Packages" under "Computer Management".

These packages are part of our Pre-Stage Enrollments "Enrollment Packages" instead of policies. But if you're certain they created policies, then they should be there unless someone deleted them. If you have a device already went through the process, you can check that device's Management > Policies, and see which policies they have. 

We don't touch the deployment packages, so they're older version. We have the Jamf Connect update settings to update them (my previous screenshot).

 

Laura7878
New Contributor II

thanks Yan to reply. 

1. yes, 3 package are currently under packages  ( jamfconnect.pkg ; jamfconnect -graphic.pkg; jamfconnectlaunchagent.pkg ) [just don't know how they make the jamfconnect-graphic.pkg or where to get this file]

2. true, we jsut launch jamf from our enviroment , so we created on both ( one for exiting device, other is for pre-stage enrollment)

YanW
Contributor III

Did they create the jamfconnect-graphic.pkg on your computer? If so, probably in folder usr/local/jamfconnect-graphic. Otherwise, you'll have to create that again. The package has to be signed though. Follow the instruction HERE. You also can find folder on any newly enrolled device.

Follow THIS to create the .pkg. Keep the logos and background with the same name as before, or you'll have to edit the Jamf Connect plist...

<key>BackgroundImage</key> and <key>LoginLogo</key>

 

Laura7878
New Contributor II

Thanks again Yan. 

I followed the instruction , this step is not clear to me . can you please help me out . 

1. creating a sign certificate using jamf pro build in CA ( done )

2. installing the certificate to use for sign purposes - done

I have build the pkg with the same background and logo name with updated pictures just built from composer, we have policy and also have configuration setup ,  do you know if i should run both command with the package before upload them to the jamf pro ? 

for configuration profiles 

/usr/bin/security cms -S -N "JamfSign" -i ~/Desktop/Custom.mobileconfig -o ~/Desktop/Custom-signed.mobileconfig

for policy:

/usr/bin/productsign --sign "JamfSign" ~/Desktop/CustomPackage.pkg ~/Desktop/CustomPackage-signed.pkg

 

for the prestage enrollment , i saw we have few configuration profiles assigned and one jamf connect .pkg assigned. 

 

one more question , with the very 2nd screenshot , when did you access from ? i trying to look for it, but does not find jamf application

 

YanW
Contributor III

You don't need to run the command. Just go to the Pre-Stage Enrollment and replace the graphic .pkg under Enrollment Packages GUIDE

We don't use policy for Jamf Connect, I can't help you with that. Maybe someone else knows more.

Screenshot 2022-05-12 224815.png

Jamf Connect Update Guide

Laura7878
New Contributor II

yes, this look similar to our end as well. i updated the logo and background (same name as P-list) , thought i need to do this step , but not sure "a valid cert where to add or do i need add if i just update the log and background of jamconnect-grahic.pkg ? 

===================================

Requirements

=============================

YanW
Contributor III

Your previous post said you already done it, "

1. creating a sign certificate using jamf pro build in CA ( done )

2. installing the certificate to use for sign purposes - done"

Laura7878
New Contributor II

yes , on one indivudial system. 

was thinking do i need to post that cert /.pem file to somewhere in jamf pro in order for any new system to getting the logo and background ? or did the cert need to add when i using composer to building package ? 

YanW
Contributor III

No. If you have installed the certificate to the Keychain, you're Gucci now. Make sure you have selected that when creating packages to use in Pre-Stage Enrollment packages. In Composer > Preferences > Packaging > Check "Sign With" and select the certificate from your Keychain. That's how you sign the package. You could've stopped at "Signing a Custom Configuration Profile with the Installed Certificate" section or anything beyond that because they don't apply to you.  You've "knighted" that computer sort of speak🙄

Again, any packages to use in policies, you can use any computer with Composer. Just use the "knighted" computer for any Pre-Stage Enrollment packages. 

Laura7878
New Contributor II

thank you so much to helping out for all of my questions!! Yan