I have created the CyberArk config profile with below info and it got installed successfully.
1) Approved kernel extension with bundle id: DF8U2CCCD8
2) PPPC with the following: Identifier: com.cyberark.CyberArkEPMEndpointSecurityExtension
anchor apple generic and identifier "com.cyberark.CyberArkEPMEndpointSecurityExtension" and (certificate leaf[field.1.2.840.113618.104.22.168.9] / exists / or certificate 1[field.1.2.840.113622.214.171.124.6] / exists / and certificate leaf[field.1.2.840.1136126.96.36.199.13] / exists / and certificate leaf[subject.OU] = DF8U2CCCD8)
SystemPolicyAllFiles = Allow
3) System Extensions:
It will not work with the Team ID only. In my testing you must add the system extension for this to work.
Team ID: DF8U2CCCD8
Allowed System Ext: com.cyberark.CyberArkEPMEndpointSecurityExtension
I was executing the installer via below cmd as a script:
sudo /private/tmp/Install CyberArk EPM.app/Contents/MacOS/CyberArkEPMInstaller -configuration /private/tmp/CyberArkEPMConfiguration.json -installationKey XXXXXXXX -adminUser XYZ -adminPassword XYZ -nonAdminEPMUser
But the policy got failed and received below error in logs:
Script result: Could not complete installation on this computer: ExecutionError(executablePath: "/usr/sbin/installer", arguments: Optional(["-pkg", "/private/tmp/Install CyberArk EPM.app/Contents/Resources/CyberArkEPM.pkg", "-target", "LocalSystem"]), terminationStatus: 1, errorMessage: Optional(""))
Remove Endpoint Security extensions Remove launchd agents Remove launchd daemons Remove kext Remove authorization rights Failed to restore authorization right 'com.apple.system-extensions.admin': SecurityError(status: -60005 ("The authorization was denied."), additionalInfo: ("")) Remove PAM modules Remove sudoers settings Remove files and directories Remove users and groups
Can anyone please suggest to sort out this issue?
@Kapil did you ever get this sorted? I will be needing to do this as well...the only thing I can think of with your question at the end there is to push the PKG via JAMF vs a script. you could try building the pkg in composer and inserting the scripting commands into the pkg as pre/post flights.
Npotter229 Sorry about late reply, Yes I found the fix and deployed successfully to all users (Big Sur and Catalina OS) from JAMF. I just did a same way above, Packaged the Cyberark and CyberArkEPMConfiguration.json file in a private/temp folder and then added a separate script in policy as below
sudo /private/tmp/Install\ CyberArk\ EPM.app/Contents/MacOS/CyberArkEPMInstaller -configuration /private/tmp/CyberArkEPMConfiguration.json -k (installationKey) -withoutPwdRotation
Try this and it will work fine without any issues. Thanks