Deploy BeyondTrust with Jamf

IndianaChris
New Contributor II

BeyondTrust is telling us that the only way the "support deployment is through ARD." We are not huge fans of ARD. Has anyone been able to deploy with Jamf and the provided DMG? If so do you mind sharing how.

50 REPLIES 50

JYDP1
New Contributor III

It is very important that in the policy, the action for the package is "cached". if not, the hdiutil will fail mounting the DMG.

Mr_Suaz
New Contributor II

Line of code isn't right or matching.....

@Captainamerica 

# Run the installer

/Volumes/bomgar-scc/Double-Click\ To\ Start\ Support\ Session.app/Contents/MacOS/sdcust
@dwynn 

# Run sdcust to install Jump Client
sudo /Volumes/bomgar-scc/Double\-Click\ To\ Start\ Support\ Session.app/Contents/MacOS/sdcust --silent

------

The issue might be where it says "Double Click" and/or sudo? -- try changing it to one or the other above and it could possibly work.

Captainamerica
Contributor II

Just tried in my script only to mount the dmg - and this fails - so something is wrong in the DMG. However, I can mount it manual in terminal, but jamf script does not manage

Mr_Suaz
New Contributor II

I tried on a test machine and I get the same outputs as above. Once I restart the machine the client does load and it appears on the toolbar. 

JYDP1
New Contributor III

In your policy, in the package entity, you must cache the installer like this

               Cache          

NicolasB1
New Contributor

Hi all, re-activating an old thread

I succeeded installing the beyondtrust jump client with the script mentioned earlier.

What I'm not able to do now is to deploy a working PPPC in Jamf for it.

As Code requirement I used the output from the command: codesign -display -r - /Applications/NameOfTheApp.app/

The output looks like this and starts with :  identifier "com.bomgar.bomgar-scc" and anchor apple generic .....

pasted the output in the policy and allowed this for screenrecording, accessibility and disk access

When the policy deploys to the clients, it errors like this : In the payload (UUID: 5CD9A9CE-F23C-4C64-98CF-EA89DA74A51A), the key 'CodeRequirement' has an invalid value

 

Anyone?

jtrant
Valued Contributor

You cannot safelist Screen Recording on macOS, only deny it. This is probably why your configuration profile is failing to deploy.

Here's how I configured it:


Identifier: com.bomgar.bomgar-scc
Identifier Type: Bundle ID
Code Requirement: identifier "com.bomgar.bomgar-scc" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = B65TM49E24

 

Yeah, I found out by reading a bit more that is option is not possible with recent macos

IT would have been nice to see a small notification in the jamf console about his , Jamf product group....if you read this...

I removed the screen recording and it still throw the same error. The code is the same yours....

sgiesbrecht
Contributor III

I've have done where you cache the dmg.  On some machines, they work but others fail.  

Script result: expected   CRC32 $B7FD6850
hdiutil: attach failed - no mountable file systems
/Library/Application Support/JAMF/tmp/[Utility] BeyondTrust Client Install 2022.07.07: line 10: /Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust: No such file or directory

Does not mount the DMG. 
Any one with an idea why not

NM, issue found

janthenat
New Contributor III

First, in case you're interested there is a separate discussion about the PPPC for BeyondTrust Jump Client.

I'll offer my method for deployment via Jamf, which includes uninstalling a previous version of the Jump Client.  My process includes 6+ pieces... 3 Config Profiles, 1 Policy, 2 Scripts (and some smart computer groups).

Here's the nitty gritty:

  • Config Profile to power on at 12:01am daily (Scoped to all our non-laptop Macs)
  • Config Profile for PPPC settings for macOS 10.14 & 10.15 clients providing Accessibility, SystemPolicyAllFiles, SystemPolicySysAdminFiles (Scoped to all but macOS 11+)
  • Config Profile for PPPC settings for macOS 11+ clients providing Accessibility, SystemPolicyAllFiles, SystemPolicySysAdminFiles, ScreenCapture (Scoped to macOS 11+)
  • Policy to uninstall the previous version and install the new version of the jump client (Scoped to smart group of computers where the PPPC config profiles have been installed)
  • Script for installation of the Jump Client
  • Script for uninstall of our previously installed Jump Client

I'll leave it at that for today and come back to provide some more details, like the uninstall script, etc.