BeyondTrust is telling us that the only way the "support deployment is through ARD." We are not huge fans of ARD. Has anyone been able to deploy with Jamf and the provided DMG? If so do you mind sharing how.
@JYDP1
I'd created a package with the Preinstall and Postinstall scripts from Franton (Richard Purves)
Created a MacOS (for Programmatic Installation) from you BEYONDTRUST Admin
On Composer
- Created a temp folder in your favorite location (mine is /tmp)
- Copy the BeyondTrust Jump Client DMG into the Temp folder
- Copy franton_s_bomgar_postinstall.sh in the Temp folder
- Launch Composer
- Create a new package with no changes
- Import the Temp folder into the package - should look like Image 1
- Expand the package to right click the Scripts option
- Select Add Shell Script > Preinstall
- Copy and paste franton’s Bomgar preinstall.sh into the preinstall.sh – should look like Image 2. This will remove all previous versions of BeyondTrust / Bomgar jump client so you won’t have multiple copies of jump clients)
- Select Add Shell Script > Postinstall
- Enter the execute command to run the Temp folder/franton_s_bomgar_postinstall.sh – should look like image 3
- Package it up in a PKG file and add to Jamf Admin
On Jamf Console
- Create a Policy with the new package and deploy – should look like Image 4
Always do alpha then beta testing before deploying globally
Note, franton_xxxx.sh scripts are the original and SMG_xxxx.sh are frantons with my tweaks to make work on my system
#!/bin/bash
# Preinstall script for Bomgar Jump Client
# Author - Richard Purves
# Find any existing Bomgar pkg install receipts and forget them
pkgutil --forget "$( pkgutil --pkgs | grep com.therealreal.pkg.BomgarClient )"
# Find the existing Bomgar install in /Users then run the uninstall command
sd=$( find /Users/Shared /Applications -iname "sdcust" -type f -maxdepth 5 )
[ -f "$sd" ] && "$sd" -uninstall silent
# This is the manual cleanup process in case the previous command didn't work
# Are there any LaunchAgents from a previous install?
test=$( /usr/bin/find /Library/LaunchAgents -iname "com.bomgar.bomgar*.plist" | wc -l | awk '{ print $1 }' )
# More than zero means we have work to do
if [ "$test" -gt 0 ];
then
# Attempt to unload all the launchd agents and daemons
/usr/bin/find /Library/LaunchAgents -iname "com.bomgar*.plist" -type f -exec bash -c '/bin/launchctl unload $@' _ {} +
/usr/bin/find /Library/LaunchDaemons -iname "com.bomgar*.plist" -type f -exec bash -c '/bin/launchctl unload $@' _ {} +
# Remove all the launchd agents and daemons
/usr/bin/find /Library/LaunchAgents -iname "com.bomgar*.plist" -exec rm -rf {} \\;
/usr/bin/find /Library/LaunchDaemons -iname "com.bomgar*.plist" -exec rm -rf {} \\;
# Remove any existing install folders
rm -rf /Users/Shared/bomgar-scc*
rm -rf /Applications/.com.bomgar*
# Finally kill any running processes
/bin/ps -ax | /usr/bin/grep 'bomg*' | /usr/bin/grep -v grep | /usr/bin/awk '{ print $1 }' | /usr/bin/xargs kill
fi
# Ready to proceed
exit 0#!/bin/bash
# Postinstall script for Bomgar Jump Client
# Author - Richard Purves
# Work out what folder we're operating from
installdir=$( /usr/bin/dirname $0 )
# Find the dmg we're going to process. We're set up only to do one diskimage in this script.
diskimage=$( /usr/bin/find "$installdir" -iname "*.dmg" -type f -maxdepth 1 -print -quit )
# Create a temporary folder to mount the dmg to.
tmpmnt=$( /usr/bin/mktemp -d /private/tmp/tempinstall.XXXXXX )
# Error check to see if temporary folder was created. Fail out if not. Unlikely.
if [ $? -ne 0 ];
then
echo "$0: Cannot create temporary folder. Exiting."
exit 1
fi
# Mount the dmg into the temporary folder we just created. Make sure it doesn't annoy the user by hiding what it's doing.
/usr/bin/hdiutil attach "$diskimage" -mountpoint "$tmpmnt" -nobrowse -noverify -noautoopen
# Find the path of the binary we're looking for
sdc=$( /usr/bin/find "$tmpmnt" -iname "sdcust" -type f )
# Run the install binary
"$sdc" --silent
sleep 60
# Unmount the disk image
/usr/bin/hdiutil detach "$tmpmnt"
# Remove the temporary mount point. It should be automatic but this will catch if it's not.
rm -rf "$tmpmnt"
exit#!/bin/bash
## postinstall
## SMG_postinstall.sh
pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3
/tmp/BTInstall/postinstall.sh /tmp/BTInstall.log
rm -rf /tmp/BTInstall
exit 0 ## Success
exit 1 ## Failure#!/bin/bash
## preinstall
## SMG_Preinstall.sh
pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3
# Preinstall script for Bomgar Jump Client
# Author - Richard Purves
# Find any existing Bomgar pkg install receipts and forget them
# Updated package search for beyondtrust - SMG - 2021-11-29
BTpkg=$( pkgutil --pkgs | grep beyondtrust )
pkgutil --forget $BTpkg
# Find the existing Bomgar install in /Users then run the uninstall command
sd=$( find /Users/Shared /Applications -iname "sdcust" -type f -maxdepth 5 )
[ -f "$sd" ] && "$sd" -uninstall silent
# This is the manual cleanup process in case the previous command didn't work
# Are there any LaunchAgents from a previous install?
test=$( /usr/bin/find /Library/LaunchAgents -iname "com.bomgar.bomgar*.plist" | wc -l | awk '{ print $1 }' )
# More than zero means we have work to do
if [ "$test" -gt 0 ];
then
# Attempt to unload all the launchd agents and daemons
/usr/bin/find /Library/LaunchAgents -iname "com.bomgar*.plist" -type f -exec bash -c '/bin/launchctl unload $@' _ {} +
/usr/bin/find /Library/LaunchDaemons -iname "com.bomgar*.plist" -type f -exec bash -c '/bin/launchctl unload $@' _ {} +
# Remove all the launchd agents and daemons
/usr/bin/find /Library/LaunchAgents -iname "com.bomgar*.plist" -exec rm -rf {} \\;
/usr/bin/find /Library/LaunchDaemons -iname "com.bomgar*.plist" -exec rm -rf {} \\;
# Remove any existing install folders
rm -rf /Users/Shared/bomgar-scc*
rm -rf /Applications/.com.bomgar*
# Finally kill any running processes
/bin/ps -ax | /usr/bin/grep 'bomg*' | /usr/bin/grep -v grep | /usr/bin/awk '{ print $1 }' | /usr/bin/xargs kill
fi
exit 0 ## Success
exit 1 ## Failure
+3Because Beyond Trust doesnt install to the Applications folder the conventional way, has anyone found a good solution to an extension attribute to create a Smart Group off of?
+16+3KyleEricson wrote:
Thanks for the help with this. I see where my script was lacking. Most appreciated.
+5KyleEricson wrote:
Ignore
+5patgmac wrote:
If you're on the MacAdmins Slack, join the Bomgar channel. A BeyondTrust employee posted a PDF that will eventually replace the KB article on the BeyondTrust site for mass deployment.
Here's a direct link: https://macadmins.slack.com/archives/CEH9Y26D6/p1606838240060700
There is misinformation in this document. The process is correct, however the file path specified for the DMG file is incorrect. The workflow of caching a package (or in this case a DMG file) start by downloading into "/Library/Application Support/JAMF/Downloads" and then once completed the file moves to "/Library/Application Support/JAMF/Waiting Room". The document specifies the Downloads folder, however the actual path is in the Waiting Room folder.
+5I spent a lot of time trying to create a policy to deploy BeyondTrust Remote using the above methods. Here is what worked for me. Thank you to the #bomgar Slack channel. Page 21
+4dwynn wrote:
I spent a lot of time trying to create a policy to deploy BeyondTrust Remote using the above methods. Here is what worked for me. Thank you to the #bomgar Slack channel. Page 21
Hey, been testing your script, but, the DMG file appears in the Downloads folder in Library/JAMF
Then disappears.
There is no Waiting Room subfolder in this folder. So Hdiutil fails, and so on
+5Here is the script I use. Make sure the .pkg in the Packages payload is set to cache in the policy.
#!/bin/zsh
# Mount Remote Support DMG
hdiutil attach /Library/Application\\ Support/JAMF/Waiting\\ Room/bomgar-scc-(serial).dmg
# Run sdcust to install Jump Client
sudo /Volumes/bomgar-scc/Double\\-Click\\ To\\ Start\\ Support\\ Session.app/Contents/MacOS/sdcust --silent
# optional sleep to ensure DMG unmounted and install process complete
sleep 15
+8Anyone managed to get beyond trust jump client working ?- Beyondtrust support reply is they have no documentation for jamf but only for ARD - not very modern approach.
So what I tried the following script, where I first cache the DMG
#!/bin/bash
# The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...
# Attach the Disk Image
hdiutil attach /Library/Application\\ Support/JAMF/Waiting\\ Room/bomgar-scc-w0eec30d5xxxxxxxxxxxx.dmg
# Run the installer
/Volumes/bomgar-scc/Double-Click\\ To\\ Start\\ Support\\ Session.app/Contents/MacOS/sdcust
# Wait a minute for it to finish up
sleep 120
# Unmount the disk image
# hdiutil detach /Volumes/bomgar-scc
# Wait for the unmount to complete
# sleep 15
Jamf policy completes without any errors - but when looking in the policy it looks like this
+5Here is what works for me.
#!/bin/zsh
# Mount Remote Support DMG
hdiutil attach /Library/Application\\ Support/JAMF/Waiting\\ Room/bomgar-scc-xxxxxxxxxxxx.dmg
# Run sdcust to install Jump Client
sudo /Volumes/bomgar-scc/Double\\-Click\\ To\\ Start\\ Support\\ Session.app/Contents/MacOS/sdcust --silent
# optional sleep to ensure DMG unmounted and install process complete
sleep 15
+8yes - the exact same as mine.
How does you jamf policy looks when this has been executed - just wondering why I get the "attach failed" and it works fine when I do it manually
+8And the dmg file is that the one you got direct from the download from beyondtrust portal or something you re-packed on your own
+4It is very important that in the policy, the action for the package is "cached". if not, the hdiutil will fail mounting the DMG.
+3Line of code isn't right or matching.....
# Run the installer
/Volumes/bomgar-scc/Double-Click\\ To\\ Start\\ Support\\ Session.app/Contents/MacOS/sdcust
@dwynn
# Run sdcust to install Jump Client
sudo /Volumes/bomgar-scc/Double\\-Click\\ To\\ Start\\ Support\\ Session.app/Contents/MacOS/sdcust --silent
------
The issue might be where it says "Double Click" and/or sudo? -- try changing it to one or the other above and it could possibly work.
+8Just tried in my script only to mount the dmg - and this fails - so something is wrong in the DMG. However, I can mount it manual in terminal, but jamf script does not manage
+3I tried on a test machine and I get the same outputs as above. Once I restart the machine the client does load and it appears on the toolbar.
+1Hi all, re-activating an old thread
I succeeded installing the beyondtrust jump client with the script mentioned earlier.
What I'm not able to do now is to deploy a working PPPC in Jamf for it.
As Code requirement I used the output from the command: codesign -display -r - /Applications/NameOfTheApp.app/
The output looks like this and starts with : identifier "com.bomgar.bomgar-scc" and anchor apple generic .....
pasted the output in the policy and allowed this for screenrecording, accessibility and disk access
When the policy deploys to the clients, it errors like this : In the payload (UUID: 5CD9A9CE-F23C-4C64-98CF-EA89DA74A51A), the key 'CodeRequirement' has an invalid value
Anyone?
+14You cannot safelist Screen Recording on macOS, only deny it. This is probably why your configuration profile is failing to deploy.
Here's how I configured it:
Identifier: com.bomgar.bomgar-scc
Identifier Type: Bundle ID
Code Requirement: identifier "com.bomgar.bomgar-scc" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = B65TM49E24
+1jtrant wrote:
You cannot safelist Screen Recording on macOS, only deny it. This is probably why your configuration profile is failing to deploy.
Here's how I configured it:
Identifier: com.bomgar.bomgar-scc
Identifier Type: Bundle ID
Code Requirement: identifier "com.bomgar.bomgar-scc" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = B65TM49E24
Yeah, I found out by reading a bit more that is option is not possible with recent macos
IT would have been nice to see a small notification in the jamf console about his , Jamf product group....if you read this...
I removed the screen recording and it still throw the same error. The code is the same yours....
I've have done where you cache the dmg. On some machines, they work but others fail.
Script result: expected CRC32 $B7FD6850
hdiutil: attach failed - no mountable file systems
/Library/Application Support/JAMF/tmp/[Utility] BeyondTrust Client Install 2022.07.07: line 10: /Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust: No such file or directoryDoes not mount the DMG.
Any one with an idea why not
sgiesbrecht wrote:
I've have done where you cache the dmg. On some machines, they work but others fail.
Script result: expected CRC32 $B7FD6850
hdiutil: attach failed - no mountable file systems
/Library/Application Support/JAMF/tmp/[Utility] BeyondTrust Client Install 2022.07.07: line 10: /Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust: No such file or directoryDoes not mount the DMG.
Any one with an idea why not
NM, issue found
+5First, in case you're interested there is a separate discussion about the PPPC for BeyondTrust Jump Client.
I'll offer my method for deployment via Jamf, which includes uninstalling a previous version of the Jump Client. My process includes 6+ pieces... 3 Config Profiles, 1 Policy, 2 Scripts (and some smart computer groups).
Here's the nitty gritty:
- Config Profile to power on at 12:01am daily (Scoped to all our non-laptop Macs)
- Config Profile for PPPC settings for macOS 10.14 & 10.15 clients providing Accessibility, SystemPolicyAllFiles, SystemPolicySysAdminFiles (Scoped to all but macOS 11+)
- Config Profile for PPPC settings for macOS 11+ clients providing Accessibility, SystemPolicyAllFiles, SystemPolicySysAdminFiles, ScreenCapture (Scoped to macOS 11+)
- Policy to uninstall the previous version and install the new version of the jump client (Scoped to smart group of computers where the PPPC config profiles have been installed)
- Script for installation of the Jump Client
- Script for uninstall of our previously installed Jump Client
I'll leave it at that for today and come back to provide some more details, like the uninstall script, etc.
+7abnaau wrote:
Allow me to answer my own question. The app can be pulled out of quarantine manually.
Added to the script - copy the app to /tmp/ and remove it from quarantine and then run it from there instead of the volume.
cp -R '/Volumes/foobar/Double-Click To Start Support Session.app' '/tmp/Double-Click To Start Support Session.app'
xattr -d com.apple.quarantine '/tmp/Double-Click To Start Support Session.app'
Thanks @abnaau ! This really helped us out getting BigSur/Monterey to work...
We used this script:
#Attach the Cached DMG from tmp folder
hdiutil attach /tmp/bomgar/bomgarxxxxxxx.dmg
# copy app to tmp folder
cp -R '/Volumes/bomgarxxxx/Double-Click To Start Support Session.app' '/tmp/Double-Click To Start Support Session.app'
# Allow bomgar app to open
xattr -d com.apple.quarantine '/tmp/Double-Click To Start Support Session.app'
# Run sdcust to install Jump Client
/tmp/Double-Click\\ To\\ Start\\ Support\\ Session.app/Contents/MacOS/sdcust --silent
Reply
Most helpful members this week
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.