Jamf Nation Community

Great question, we are using the Secure Remote Access Jump Client.

Hi @IndianaChris,
If you are referring to installing the remote support client (previously called Bomgar), you can take a look at this thread Deploying Bomgar JumpClient to Macs using Casper

I checked BeyondTrust's web site and they still only list the their old Bomgar documentation about using Automator and ARD to mount a DMG, etc. However the installer is no longer ON a disk image. It's a standalone app (yes, an app... sigh). I'm looking into this too, but it MIGHT be as simple as installing it in /var/tmp/ and using open /var/tmp/Open To Deploy Jump Client.app. You'll probably need a user environment to run it in though.

Edit: Even with running this as root (sudo), there's still a prompt for local credentials to make changes.

@IndianaChris We're using @mm2270's App Packager for the bomgar-rep-installer.dmg.

Sigh, update. I missed the 'programmatic' download option, which contains sdcust in the applications...

If I run the install manually from the command line...
sudo hdiutil attach /private/var/tmp/bomgar-scc*.dmg
sudo /Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust
...it installs fine.

If I do the same thing in a post-install script as part of a package that puts the dmg in the same place, the splash screen comes up for a while, and it eventually goes away without anything being installed.

I don't understand why and I can't find any type of reference in a log anywhere (looked in console for sdcust, Bomgar, beyond trust, etc).

Interesting. We use Bomgar/Beyond Trust in our environment for remote support. We don't install any agents -- just a config profile on all machines that will allow the app to do it's thing. We have the use go to a website and click on the technicians name and it will initiate a remote session where the client will download and run a quick package. Allow screen recording and accept the connection. Done.

@david.maestre but you're not installing the jump client to remote into the machine when a user isn't there. I've got the PPPC setup for most of it, but in 10.15 it prompts to allow screen recording, which I'd think happens even with user-initiated sessions...

@cwaldrip This is correct we've tried remote portal and it does prompt to allow screen recording which then requires the user to restart the remote session before control can be had. We have upgraded our base to 6.1 and jump agents to 20.1.1. We now see the .app and have tried multiple ways to deploy and run a post script to install the .app installer without success. Has anyone figured this out as I have an open case with Bomgar with no pathway to success yet.

Is the issue you're experiencing around the screen recording prompt, or getting the jump client installer to work?

If the former, this is a macOS restriction in Catalina and above, and I'm not aware of a workaround. If the latter, I'd be happy to share my postinstall script. It did take a bit of trial and error to get it working, main thing is to make your installers valid for a year (the maximum) or you'll find yourself re-packaging it a lot.

@IndianaChris Look at this script to deploy this.

Steps:
1. Create the jump client dmg from the Bomgar console
2. Create policy in Jamf to Cache the dmg and run this script after.
3. Scope and deploy.

#!/bin/sh

# The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...

if [ -a "/Library/Application Support/JAMF/Waiting Room/bomgar-scc-"*".dmg" ]; then

# Attach the Disk Image
    hdiutil attach /Library/Application Support/JAMF/Waiting Room/bomgar-scc-*.dmg

# Run the installer
    /Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust

# Wait a minute for it to finish up
    sleep 90

# Unmount the disk image
    hdiutil detach /Volumes/bomgar-scc

# Wait for the unmount to complete
    sleep 25

# Delete the disk image
    rm -R /Library/Application Support/JAMF/Waiting Room/bomgar-scc-*.dmg


else

echo "Bomgar NOT Present"
exit 1

fi
exit 0

@kericson when I use that script the jump client installs correctly but the the security/privacy preferences aren't set. Was wondering what would be the best way to set those item when installing the actual jump client using that script?

Here is the script I'm running:

#!/bin/bash

BOMGAR_URL='https://it-fileshare-files-179wwtfhkyps2.s3-us-west-2.amazonaws.com/IT/Mac/BomgarProgrammatic.dmg'
DMG_PATH='/tmp/BomgarProgrammatic.dmg'

/usr/bin/curl --silent "${BOMGAR_URL}" --output "${DMG_PATH}"

# The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...

if [ -a "${DMG_PATH}" ]; then

# Attach the Disk Image
    hdiutil attach "${DMG_PATH}"

# # Run the installer
    /Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust --silent

# # Wait a minute for it to finish up
#     sleep 60

# # Unmount the disk image
#     hdiutil detach /Volumes/bomgar-scc

# # Wait for the unmount to complete
#     sleep 15

# # Delete the disk image
   # rm -R "${DMG_PATH}"


else

echo "Bomgar NOT Present"

fi

I'm then receiving this error output:

Script result: Checksumming Protective Master Boot Record (MBR : 0)…
Protective Master Boot Record (MBR :: verified   CRC32 $E2F8D74C
Checksumming GPT Header (Primary GPT Header : 1)…
 GPT Header (Primary GPT Header : 1): verified   CRC32 $6E0A0204
Checksumming GPT Partition Data (Primary GPT Table : 2)…
GPT Partition Data (Primary GPT Tabl: verified   CRC32 $E4C3873D
Checksumming  (Apple_Free : 3)…
                    (Apple_Free : 3): verified   CRC32 $00000000
Checksumming disk image (Apple_HFS : 4)…
          disk image (Apple_HFS : 4): verified   CRC32 $F182C998
Checksumming  (Apple_Free : 5)…
                    (Apple_Free : 5): verified   CRC32 $00000000
Checksumming GPT Partition Data (Backup GPT Table : 6)…
GPT Partition Data (Backup GPT Table: verified   CRC32 $E4C3873D
Checksumming GPT Header (Backup GPT Header : 7)…
  GPT Header (Backup GPT Header : 7): verified   CRC32 $1AECF169
verified   CRC32 $FF3EC199
/dev/disk2              GUID_partition_scheme           
/dev/disk2s1            Apple_HFS                       /Volumes/bomgar-scc
20201202 18:43:32 999999 19811:main(19affdc0) UTIL:INFO>license file: '/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/Resources/server.lic'

Let me know if anyone has any insights

@jimmychi Which script are you using? The security/privacy preferences can't only be set with a PPPC profile and one part the user has to approve no way to automate per Apple.

@kericson I'm using the following script:

#!/bin/bash

BOMGAR_URL='https://it-fileshare-files-179wwtfhkyps2.s3-us-west-2.amazonaws.com/IT/Mac/BomgarProgrammatic.dmg'
DMG_PATH='/tmp/BomgarProgrammatic.dmg'

/usr/bin/curl --silent "${BOMGAR_URL}" --output "${DMG_PATH}"

# The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...

if [ -a "${DMG_PATH}" ]; then

# Attach the Disk Image
    hdiutil attach "${DMG_PATH}"

# # Run the installer
    /Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust --silent

# # Wait a minute for it to finish up
#     sleep 60

# # Unmount the disk image
#     hdiutil detach /Volumes/bomgar-scc

# # Wait for the unmount to complete
#     sleep 15

# # Delete the disk image
   # rm -R "${DMG_PATH}"


else

echo "Bomgar NOT Present"

fi

Previously that script worked for us and we didn't have to set any security/privacy preferences so was trying to fix it but to no success. Was wondering how we would set the PPPC profile for screen recording and to allow the bomgar jump client?

@jimmychi You can't pre-authorize screen recording for any app. The use MUST authorize screen recording. Hard limit from Apple.

BTW, I managed to deploy Remote support button through Self Service, but it seems to fail with the same kind of error when mass deploying the Remote support button, because the install is done in root context when there is no session opened. Bummer.

Our script, similar to the above, used to work fine for installing the Jump Client - and still does - just not for Big Sur.

During installation on Big Sur the user runs into the dialog:

"Double-Click To Start Support Session" can't be opened because Apple cannot check it for malicious software. This software needs to be updated. Contact the developer for more information.

Really? They posted Big Sur support in the release notes but gave us no way to install via MDM? Is there any way around this via Jamf?

Allow me to answer my own question. The app can be pulled out of quarantine manually.

Added to the script - copy the app to /tmp/ and remove it from quarantine and then run it from there instead of the volume.

cp -R '/Volumes/foobar/Double-Click To Start Support Session.app' '/tmp/Double-Click To Start Support Session.app'
xattr -d com.apple.quarantine '/tmp/Double-Click To Start Support Session.app'

If you're on the MacAdmins Slack, join the Bomgar channel. A BeyondTrust employee posted a PDF that will eventually replace the KB article on the BeyondTrust site for mass deployment.

Here's a direct link: https://macadmins.slack.com/archives/CEH9Y26D6/p1606838240060700

@patgmac I don't have an acct to that slack workspace. Can you copy the PDF here please

@sgiesbrecht there is no way to attach files here. It's free to sign up for that Slack and it's a great place to hang out and get help.

Can't access the direct link for Slack.

Any more hints for this problem ?

@JYDP1 
I'd created a package with the Preinstall and Postinstall scripts from Franton (Richard Purves)

Created a MacOS (for Programmatic Installation) from you BEYONDTRUST Admin

On Composer

1. Created a temp folder in your favorite location (mine is /tmp)
2. Copy the BeyondTrust Jump Client DMG into the Temp folder
3. Copy franton_s_bomgar_postinstall.sh in the Temp folder
4. Launch Composer
5. Create a new package with no changes
6. Import the Temp folder into the package - should look like Image 1
7. Expand the package to right click the Scripts option
8. Select Add Shell Script > Preinstall
9. Copy and paste franton’s Bomgar preinstall.sh into the preinstall.sh – should look like Image 2.  This will remove all previous versions of BeyondTrust / Bomgar jump client so you won’t have multiple copies of jump clients)
10. Select Add Shell Script > Postinstall
11. Enter the execute command to run the Temp folder/franton_s_bomgar_postinstall.sh – should look like image 3
12. Package it up in a PKG file and add to Jamf Admin

On Jamf Console

1. Create a Policy with the new package and deploy – should look like Image 4

Always do alpha then beta testing before deploying globally

Note, franton_xxxx.sh scripts are the original and SMG_xxxx.sh are frantons with my tweaks to make work on my system

#!/bin/bash

# Preinstall script for Bomgar Jump Client
# Author - Richard Purves

# Find any existing Bomgar pkg install receipts and forget them
pkgutil --forget "$( pkgutil --pkgs | grep com.therealreal.pkg.BomgarClient )"

# Find the existing Bomgar install in /Users then run the uninstall command
sd=$( find /Users/Shared /Applications -iname "sdcust" -type f -maxdepth 5 )
[ -f "$sd" ] && "$sd" -uninstall silent

# This is the manual cleanup process in case the previous command didn't work

# Are there any LaunchAgents from a previous install?
test=$( /usr/bin/find /Library/LaunchAgents -iname "com.bomgar.bomgar*.plist" | wc -l | awk '{ print $1 }' )

# More than zero means we have work to do
if [ "$test" -gt 0 ];
then

	# Attempt to unload all the launchd agents and daemons
	/usr/bin/find /Library/LaunchAgents -iname "com.bomgar*.plist" -type f -exec bash -c '/bin/launchctl unload $@' _ {} +
	/usr/bin/find /Library/LaunchDaemons -iname "com.bomgar*.plist" -type f -exec bash -c '/bin/launchctl unload $@' _ {} +

	# Remove all the launchd agents and daemons
	/usr/bin/find /Library/LaunchAgents -iname "com.bomgar*.plist" -exec rm -rf {} \;
	/usr/bin/find /Library/LaunchDaemons -iname "com.bomgar*.plist" -exec rm -rf {} \;
	
	# Remove any existing install folders
	rm -rf /Users/Shared/bomgar-scc*
	rm -rf /Applications/.com.bomgar*
	
	# Finally kill any running processes
	/bin/ps -ax | /usr/bin/grep 'bomg*' | /usr/bin/grep -v grep | /usr/bin/awk '{ print $1 }' | /usr/bin/xargs kill
fi

# Ready to proceed
exit 0

#!/bin/bash

# Postinstall script for Bomgar Jump Client
# Author - Richard Purves

# Work out what folder we're operating from
installdir=$( /usr/bin/dirname $0 )

# Find the dmg we're going to process. We're set up only to do one diskimage in this script.
diskimage=$( /usr/bin/find "$installdir" -iname "*.dmg" -type f -maxdepth 1 -print -quit )

# Create a temporary folder to mount the dmg to.
tmpmnt=$( /usr/bin/mktemp -d /private/tmp/tempinstall.XXXXXX )

# Error check to see if temporary folder was created. Fail out if not. Unlikely.
if [ $? -ne 0 ];
then
	echo "$0: Cannot create temporary folder. Exiting."
	exit 1
fi

# Mount the dmg into the temporary folder we just created. Make sure it doesn't annoy the user by hiding what it's doing.
/usr/bin/hdiutil attach "$diskimage" -mountpoint "$tmpmnt" -nobrowse -noverify -noautoopen

# Find the path of the binary we're looking for
sdc=$( /usr/bin/find "$tmpmnt" -iname "sdcust" -type f )

# Run the install binary
"$sdc" --silent
sleep 60

# Unmount the disk image
/usr/bin/hdiutil detach "$tmpmnt"

# Remove the temporary mount point. It should be automatic but this will catch if it's not.
rm -rf "$tmpmnt"

exit

#!/bin/bash
## postinstall
## SMG_postinstall.sh 

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

/tmp/BTInstall/postinstall.sh /tmp/BTInstall.log
rm -rf /tmp/BTInstall

exit 0		## Success
exit 1		## Failure

#!/bin/bash
## preinstall
## SMG_Preinstall.sh

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

# Preinstall script for Bomgar Jump Client
# Author - Richard Purves

# Find any existing Bomgar pkg install receipts and forget them
# Updated package search for beyondtrust - SMG - 2021-11-29
BTpkg=$( pkgutil --pkgs | grep beyondtrust )
pkgutil --forget $BTpkg

# Find the existing Bomgar install in /Users then run the uninstall command
sd=$( find /Users/Shared /Applications -iname "sdcust" -type f -maxdepth 5 )
[ -f "$sd" ] && "$sd" -uninstall silent

# This is the manual cleanup process in case the previous command didn't work

# Are there any LaunchAgents from a previous install?
test=$( /usr/bin/find /Library/LaunchAgents -iname "com.bomgar.bomgar*.plist" | wc -l | awk '{ print $1 }' )

# More than zero means we have work to do
if [ "$test" -gt 0 ];
then

	# Attempt to unload all the launchd agents and daemons
	/usr/bin/find /Library/LaunchAgents -iname "com.bomgar*.plist" -type f -exec bash -c '/bin/launchctl unload $@' _ {} +
	/usr/bin/find /Library/LaunchDaemons -iname "com.bomgar*.plist" -type f -exec bash -c '/bin/launchctl unload $@' _ {} +

	# Remove all the launchd agents and daemons
	/usr/bin/find /Library/LaunchAgents -iname "com.bomgar*.plist" -exec rm -rf {} \;
	/usr/bin/find /Library/LaunchDaemons -iname "com.bomgar*.plist" -exec rm -rf {} \;
	
	# Remove any existing install folders
	rm -rf /Users/Shared/bomgar-scc*
	rm -rf /Applications/.com.bomgar*
	
	# Finally kill any running processes
	/bin/ps -ax | /usr/bin/grep 'bomg*' | /usr/bin/grep -v grep | /usr/bin/awk '{ print $1 }' | /usr/bin/xargs kill
fi

exit 0		## Success
exit 1		## Failure

Because Beyond Trust doesnt install to the Applications folder the conventional way, has anyone found a good solution to an extension attribute to create a Smart Group off of?

Use this @Artoom1213 
https://github.com/kylejericson/JAMF/blob/master/Computer%20Extension%20Attributes/Bomgar%20Jump%20C...

I spent a lot of time trying to create a policy to deploy BeyondTrust Remote using the above methods. Here is what worked for me. Thank you to the #bomgar Slack channel. Page 21

Deploying the Jump Client

Here is the script I use. Make sure the .pkg in the Packages payload is set to cache in the policy.

#!/bin/zsh

# Mount Remote Support DMG
hdiutil attach /Library/Application\ Support/JAMF/Waiting\ Room/bomgar-scc-(serial).dmg

# Run sdcust to install Jump Client
sudo /Volumes/bomgar-scc/Double\-Click\ To\ Start\ Support\ Session.app/Contents/MacOS/sdcust --silent

# optional sleep to ensure DMG unmounted and install process complete
sleep 15

Anyone managed to get beyond trust jump client working ?- Beyondtrust support reply is they have no documentation for jamf but only for ARD - not very modern approach.

So what I tried the following script, where I first cache the DMG

#!/bin/bash

# The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...

# Attach the Disk Image
    
    hdiutil attach /Library/Application\ Support/JAMF/Waiting\ Room/bomgar-scc-w0eec30d5xxxxxxxxxxxx.dmg

# Run the installer
    /Volumes/bomgar-scc/Double-Click\ To\ Start\ Support\ Session.app/Contents/MacOS/sdcust

# Wait a minute for it to finish up
    sleep 120

# Unmount the disk image
#    hdiutil detach /Volumes/bomgar-scc

# Wait for the unmount to complete
#    sleep 15

Jamf policy completes without any errors - but when looking in the policy it looks like this

Here is what works for me.

#!/bin/zsh

# Mount Remote Support DMG
hdiutil attach /Library/Application\ Support/JAMF/Waiting\ Room/bomgar-scc-xxxxxxxxxxxx.dmg

# Run sdcust to install Jump Client
sudo /Volumes/bomgar-scc/Double\-Click\ To\ Start\ Support\ Session.app/Contents/MacOS/sdcust --silent

# optional sleep to ensure DMG unmounted and install process complete
sleep 15

yes - the exact same as mine.

How does you jamf policy looks when this has been executed - just wondering why I get the "attach failed" and it works fine when I do it manually

And the dmg file is that the one you got direct from the download from beyondtrust portal or something you re-packed on your own