Posted on 07-21-2016 08:44 AM
Setting up CrashPlan here in an environment where all of our users have AD setup.
I have been tasked with setting up and deploying CrashPlan to all of the MacBooks via Casper, and would ideally want everything to be silent and triggered without any user interaction whatsoever.
What's the best setup or method to achieve this?
I have already followed the useful JAMF guide to this at: http://docs.jamfsoftware.com/technical-papers/casper-suite/crashplan/9.0/Deploying_the_Code42_CrashPlan_App.html
So I have got the custom installer all done and it installs no problem. But when a user logs in on a Mac, CrashPlan can't log in as the user is not yet listed within the CrashPlan's own list of users. I have come across the 'Add Users' section of the Code42 console, where a mass list of users in a text file can be uploaded to Code42 server. But I would much rather not do it this way. Instead I would prefer either a script to add the user to CrashPlan (e.g. postflight of setting up a MacBook) or if the Code42 server itself can be configured to automatically setup the necessary CrashPlan user profile whenever a new AD account attempts to log in for the first time.
Would be great to hear from others who have got their CrashPlan running in an automated setup.
Posted on 07-21-2016 08:57 AM
@techgeek I have this running here in our environment following the same guide and some information from other posts here on JAMF Nation. I wrote it up on my blog here: Custom CrashPlan Install with Casper. I also utilized this support article from Code42:
Integrating LDAP for User Authentication
As that support article states, as long as your CrashPlan server is integrated with LDAP, and you've created the custom installer properly, the account should create in AD automatically.
I deploy CrashPlan via Self Service for all of my new users. During our on-boarding process, I walk them through Self Service and have them run the install from Self Service. Once complete, I have them fire up CrashPlan and log in. I haven't had an issue yet with them not being a part of CP already.
Posted on 07-21-2016 09:28 AM
Something else that you might look into is SSO. We've just deployed CPP to approx. 10000 users and it logs them right in after it starts up.
Posted on 07-21-2016 10:48 AM
Our code 42 team set it all up for us..... so you might reach out to them... : )
Their support is very very good!!!!
C
Posted on 07-21-2016 10:54 AM
I've actually been doing this for years. However, I've found I still usually want the user to open CrashPlan post setup just to double check everything is working and backing up. For unknown reasons sometimes it doesn't. Usually, it's due to the user not synchronized in CrashPlan or if we're migrating from 1 computer to another.
I remember years ago finding information about deploying custom crashplan installations. This was 3-4 years go so I don't remember where it came from and it's been working perfect since so I haven't touched any of these scripts. So I apologize for partial information.
So here's my workflow
Policy runs at First Login or via Self Service set to Run Once
1. Policy installs a DMG that drops some files in /Library/Application Support/CrashPlan/custom and .custom as the same thing. I can't remember why because it's been so long but for some reason 1 didn't work and other didn't work but doing both did. Maybe it's changed. Anyway you want to edit custom.properties. This DMG also drops into /var/tmp a script I called crashplanOpenClose.sh.
2.Next a script runs that downloads the newest CrashPlan from our CrashPlan ProE local server. I'd imagine if you don't have a local CrashPlan server you could probably find a URL that works similar from your Cloud hosted server.
#!/bin/sh
curl http://ADDRESS OF LOCAL CRASHPLAN SERVER:4280/download/CrashPlanPROe_Mac.dmg > /var/tmp/CP.dmg
hdiutil attach /var/tmp/CP.dmg
installer -pkg /Volumes/CrashPlanPROe/Install CrashPlanPROe.pkg -target /
hdiutil detach /Volumes/CrashPlanPROe/
rm -rf /var/tmp/CP.dmg
3. The final 3rd step is under Files And Processes and I execute the command "sh /var/tmp/crashplanOpenClose.sh". That script does exactly what it says, it launches CP and hides it, keeps it open long enough for it to establish its connection and then quits it.
#!/bin/sh
osascript -e 'tell application "CrashPlan" to activate
tell application "Finder" to set visible of process "CrashPlan" to false
delay 12
tell application "CrashPlan" to quit'
open "/Applications/CrashPlan.app/Contents/Resources/CrashPlan menu bar.app"
Hopefully this helps...let me know if you need anything explained further and I'll try to.
Posted on 07-22-2016 08:38 AM
Wow, thanks @stevewood, @nwiseman, @gachowski, and @boberito. I wasn't expecting responses this quick.
Had a support call with Code42 this afternoon, and they reckon that we don't actually need SSO for our setup. The fact that we are already have setup our LDAP to our Code42 server, should be enough apparently. We also discovered that the registration key being used during the Custom.sh (custom installer) was actually incorrect and this is why the automatic Code42 logging in part wasn't working for users.
I am gonna do some more testing on Monday to check that it is working 100% and to also test using a fresh new AD account that hasn't been used with the Code42 server yet.
Btw - do any of you guys know how to remove an account from CrashPlan console? Basically I am using an AD account for testing purposes, and because I have used it already on a Mac with CrashPlan install - it is already listed within the Code42 -> Users section of the server console. But there doesn't seem to be any way of deleting that user from CrashPlan, so that when that user next logs in it will be treated a fresh new user again (re-setting up the CrashPlan profile). I can only seem to Deactivate or Block a user. Surely there must be a way of deleting the user's profile from CrashPlan end?
Nice blog @stevewood with the outline of what you did for CrashPlan. We will go via the same route as you of using Self Service if I can't get it to be 100% automated. I have been tasked with finding a way of deploying and running CrashPlan without any user interaction whatsoever (so that it performs backups even for those users who "believe they don't need it").
Cheers @boberito for sharing that script you use to get CrashPlan established and running. Will use that, as I noticed that it didn't run originally the first time until CrashPlan was loaded.
Thanks guys, I will post on here my next update for future reference and anybody else referring to this page in the future.
Have a great weekend!
Posted on 07-22-2016 08:56 AM
@techgeek if you deploy at login time, CrashPlan should start working immediately for that end user. I know that when I deploy via Self Service, without logging into CrashPlan it is already backing up automatically. Logging in just confirms that the user can get in. You can use the method @boberito had in his post above (or in this previous discussion ).