Deploying Bomgar JumpClient to Macs using Casper

rldehaven
New Contributor

Hey All,

It took me a while to figure out how best to do this, but thought I would share it for everyone here just incase someone else uses Bomgar to support their Org. I am somewhat novice when working with Policies and Casper Admin, but the Bomgar client did not make it easy to just 'install'...

  1. Create a JumpClient Deployment Package in the Bomgar WebUI
  2. Download the bomgar-scc-SERIALIZEDNUMBER.dmg
  3. Upload that dmg to your Distribution Point
  4. Create and upload a script installBomgarJump.sh (Mark as 'After' in Casper Admin)
  5. ```

    !/bin/sh

Attach the Cached DMG from the Waiting Room

hdiutil attach /Library/Application Support/JAMF/Waiting Room/bomgar-scc-SERIALIZEDNUMBER.dmg

Install the client from the standard mount location for the bomgar-scc client installer.

/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust&
```
1. Create Policy
1. On the General tab, set the trigger to "None (Self Service only)" and the execution frequency to "Ongoing".
1. On the Packages tab, add the DMG as CACHE, and ensure that the FUT and FEU options are deselected.
1. On the Scripts tab, add your script as 'After'.

I will probably continue playing with this and automating it so it can just get pushed out. But for now, having users be able to Pin themselves to our Bomgar appliance is a great help with remote support.

*Part of the Bomgar deploy script 'sdcust' un-mounts and delete's the original DMG when it is done deploying, it also requires the original DMG to be mounted so far as I can tell in testing. *My JumpClient is not configured to install with Elevated privileges, this allows the client to be pinned without prompting for user password.
*I am on Casper 8

48 REPLIES 48

cwaldrip
Valued Contributor

I'm just now looking into deploying Casper for our org. have you found a way to deploy with elevated privileges? Any other tips or updates? :-)

denmoff
Contributor III

Thanks for sharing.

wyip
Contributor

We're in the process of consolidating IT support and several departments are still on ARD, so in order to get them on board with this I used Composer to repackage the Jump Client installer (sort of).

Instead of using a Casper policy to cache the DMG, I use an installer pkg to drop the DMG file under /tmp. Then, I added a post-install script to the pkg that runs the same two commands as your script. Works like a charm and the added benefit is it is a self-contained pkg that our departmental IT admins can push out with ARD.

Thanks for posting your script, it was very helpful!

denmoff
Contributor III

@wyip][/url I'm having trouble doing what you've done and using Casper to deploy it. It appears to complete in the Casper logs, but looking at system.log, it has a com.apple.launchd error that says "System: This API can only be used by a process running within an Aqua session."

Any advice on deploying this with Casper?

Edit: Running from Self Service, i receive an error window that says "No suitable location could be found to run the application."

denmoff
Contributor III

@rldehaven @wyip Trying this using rldehave's technique. It works if set as recurring checkin policy, but only when run from terminal using sudo jamf policy. Nothing in the logs shows why it's failing when just letting the recurring checkin run naturally. But it does leave the dmg mounted, so i know that much is working.

wyip
Contributor

When installing by double clicking the pkg or pushing via ARD, I see the Bomgar client UI open briefly (a chat window opens and there's sort of a splash screen that looks like it is connecting to the server). I'm guessing this is the part that's failing when pushing the pkg through Casper. I think we would need to figure out a way to make the install completely silent.

denmoff
Contributor III

Oddly enough, i got it to work by removing the '&' at the end of the sdcust command.

wmateo
Contributor

@rldehaven

did you do this as part of imaging? I want to deploy this via policy to all my users. Thanks for posting this.

chrisbju
New Contributor III

@wmateo

I deployed using a policy with recurring check in.

First create your Passive Jump installer in the admin site on Bomgar and upload in Casper Admin.

Create a script to set after:

!/bin/sh

Attach the Cached DMG from the Waiting Room

hdiutil attach /Library/Application Support/JAMF/Waiting Room/bomgar-scc-CHANGETHISWITHTHESERIALFROMTHEINSTALLER.dmg

Install the client from the standard mount location for the bomgar-scc client installer.

/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust

And that should be it.

wmateo
Contributor

@chrisbju Thanks I will try this.

wmateo
Contributor

@chrisbju What I am trying go accomplish is to make this part of our imaging workflow. So that every machine that is imaged has this application. It becomes challenging to ask a user to download this, and install without any admin rights.

I also plan to deploy this to all my current users via policy.

chrisbju
New Contributor III

@wmateo

I haven't tried that yet. I'm currently testing myself.

Set it as -Install on reboot?

cwaldrip
Valued Contributor

ignore this post

hdsst3
New Contributor

anyone figure the bomgar stuff out.

I don't want self service

cwaldrip
Valued Contributor

@chrisbju's method is working for me.

To recap as his explanation may not be clear for everyone.

  1. Create and download a Jump Client installer through the Bomgar administration web interface with the settings you want the client to use on the remote machines.
  2. In the zip file you download there is a hidden directory called ".dmg" (that's a period in front of the directory name). Use Terminal or Go to Folder (Shift-cmd-G) and navigate to that folder. There you'll find a disk image called something like "bomgar-scc-wodc5oj8g63w7jy5hdy1gejz7w6gwjgj8jf7iic40jc90.dmg".
  3. I used Composer to create a PKG installer that places that DMG file in a temporary location (/tmp or in my case the Casper Waiting Room directory).
  4. Upload the PKG to Casper.
  5. Create a script to run the installer...
!/bin/sh
#Attach the Cached DMG from the Waiting Room
hdiutil attach /Library/Application Support/JAMF/Waiting Room/bomgar-scc-<whatever.the.string.is.from.your.diskimage>.dmg

#Install the client from the standard mount location for the bomgar-scc client installer.
/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust
  1. Now to push this out to a machine you can create a policy that run the PKG installer putting the disk image in the temporary directory and then runs the script you created for self service or an automated deployment.

  2. If you want it to run at imaging time then add the PKG installer to your configuration. And add the script so that it runs at reboot.

chrisbju
New Contributor III

Anyone having issues with the firewall exception? I get prompted at every login if i want to accept incoming network connections.
feefb611aae54fcea40ccaec2a479eb3

htbalpha
New Contributor

Hi folks

I'm struggling getting the Bomgar Jump Client onto machines using the suggestions above. The problems I'm running into are as follows:

1) Download the DMG, upload via Casper Admin, push as a package
This method installs the DMG to the machine, but automatically gets the .app out and sticks it in the root of the system drive. That's all well and good, but if you try to actually run it (experimentally in terminal directly on the target Mac, using the

/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust

command), it tells you the disk image doesn't exist any more. This is correct - it deleted itself!

2) Download the DMG, zip it, stick the zip file in a package, upload via Casper Admin, push as a package
This method uses a pkg to stick a package containing a zip file where I want it put (/private/tmp). But the .zip automatically unzips... then automatically mounts the DMG... and tries to revert back to option (1).

3) Download the DMG, copy the .app, stick that in a package, upload via Casper Admin, push as a package
Same result as (1)

4) Use ARD to manually copy the DMG or zip file created in (1) or (2), then run the sdcust via Send UNIX Command
This works a treat, but doesn't use Casper.

So basically the self-automation of the disk image looks to be causing me problems. I cannot even get to the point where I'm in a position to mount the disk image as described in earlier responses, because the disk image keeps deleting itself before any automation can take over. Being relatively new to Casper Suite, I'm struggling to find a sensible way around this.

Any ideas?

htbalpha
New Contributor

I think I've fixed my own problem, but in case it helps anyone else out there, this is what I did. The solution is an amalgamation of all the previous answers, so thanks to those who have contributed!

This is an even more verbose solution for those, like us, who are new to Casper.

Step 1
Download the DMG, make sure it's valid for 1 year, and make sure it downloads the DMG, rather than automatically extracting the app. For the purposes of this post, the filename of the DMG is bomgar-scc-w0idc30jfd5661jwzj8i7we1z1gzeg868f15hw1c40jc90.dmg

Step 2
Disable internet-enable on the image. This prevents the annoying auto-mount and extract. In terminal, run this command, replacing the path to the DMG with your own:

hdiutil internet-enable -no /Users/user/Downloads/bomgar-scc-w0idc30jfd5661jwzj8i7we1z1gzeg868f15hw1c40jc90.dmg

Step 3
Upload the DMG using Casper Admin.

Step 4
In the Casper web interface, create a script to execute the install. This script mounts the image, runs the installer, unmounts the image and deletes the disk image. Here's my script:

#!/bin/bash

# The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...

if [ -a "/Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0idc30jfd5661jwzj8i7we1z1gzeg868f15hw1c40jc90.dmg" ]; then

# Attach the Disk Image
    hdiutil attach /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0idc30jfd5661jwzj8i7we1z1gzeg868f15hw1c40jc90.dmg

# Run the installer
    /Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust

# Wait a minute for it to finish up
    sleep 60

# Unmount the disk image
    hdiutil detach /Volumes/bomgar-scc

# Wait for the unmount to complete
    sleep 15

# Delete the disk image
    rm -R /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0idc30jfd5661jwzj8i7we1z1gzeg868f15hw1c40jc90.dmg


else

echo "Bomgar NOT Present"

fi

Step 5
Create a policy to deploy the image and run the script:

  • Deploy the bomgar-scc-w0idc30jfd5661jwzj8i7we1z1gzeg868f15hw1c40jc90.dmg image. Important! - under Action, select Cached. This means instead of executing, Casper copies the DMG file to /Library/Application Support/JAMF/Waiting Room

  • Run the script in step 4

  • I also run a maintenance task to update inventory.

Step 6
Create an extension attribute that figures out whether Bomgar is installed or not. To do this, it relies on the fact that Bomgar creates two launch agents (no launch agents means it won't automatically start - which is what we want). Here's the script:

#!/bin/bash

bomgarLaunchAgent=`ls /Library/LaunchAgents/ | grep com.bomgar.bomgar-scc`

if [[ $bomgarLaunchAgent != '' ]]; then

    echo "<result>Bomgar LaunchAgent exists</result>"

else

    echo "<result>Bomgar LaunchAgent does NOT exist</result>"

fi

Step 7
Create a Smart Computer Group that uses the extension attribute created in step 6 to figure out which machines need Bomgar. Then use this Smart Computer Group to inform the policy created in step 5.

Bhughes
Contributor

Thanks @htbalpha this worked, however I am now seeing the message that @chrisbju reports above. I assume this has something to do with signing? Did you ever get a resolution for this?

chrisbju
New Contributor III

@Bhughes I contacted Bomgar Support and they redirected me to this forum post: https://discussions.apple.com/thread/6831502?start=0&tstart=0

Make sure “Set access for specific services and applications” is selected.
Select the top application in the list.
Click the “-” button to delete it. Repeat until there are no applications in the list.
Select “Allow all incoming connections”.
Re-select “Set access for specific services and applications”, and quit.

I've tried a couple of times to get them to realize it was not working.... Still no luck.

I also see a problem with the letter O not working when in the Login Window to enter username/password. Are you also seeing this?

Bhughes
Contributor

@chrisbju We talked with Bomgar support too. This is an issue with Bomgar and Gatekeeper. They have received many requests for a fix, we're having them check the roadmap for us to see when a fix will be implemented.

sedwards00
New Contributor

How do you handle deploying updated jump clients? My experience is that it will leave multiple versions on the mac, which we need to avoid.

cwaldrip
Valued Contributor

Our Bomgar system automatically updates the clients, in most cases. We still have as self-service policy to let users update if their machine falls within a smart group with an outdated version. Yes, it leaves older Jump Clients behind, but it's not that big a deal. You could create a smart group to find machines with the newest version of the jump client and an older version, and then run a script on those machines to delete the older jump client(s).

txbagman00
New Contributor

We ran into a problem if the user uninstalls or disables the client. Casper installs the client the first time and it works very well. If the user uninstalls or disables the client we have to do a screen sharing session the manual way to get it reset or reinstalled. Has anyone found a way to prevent the user from uninstalling or deleting the client? We are thinking that Casper should reinstall the client if it has been deleted. Any help would be appreciated.

cwaldrip
Valued Contributor

I've used this script to uninstall Bomgar...

#!/bin/bash

if ls /Library/LaunchAgents/com.bomgar.bomgar-scc* 1> /dev/null 2>&1
then
    kill $(ps aux | grep 'bomgar' | grep -v grep | awk '{print $2}')
    launchctl unload /Library/LaunchAgents/com.bomgar.bomgar-scc*
    rm -rf /Users/Shared/bomgar-scc*
    rm -rf /Library/LaunchAgents/com.bomgar.bomgar-scc*
    rm -rf /Library/LaunchDaemons/com.bomgar.bomgar-ps*
    exit 0
fi

txbagman00
New Contributor

We need to prevent the user from uninstalling the client. So far, I have not found a reliable way to do this It is easily doable on Windows systems..

daniel_behan
Contributor III

I was able to download the Double-Click To Deploy Pinned Client.app from the Bomgar Web GUI. I put that in /private/var/tmp and used Composer to build a non-flat package with a a postflight script. The contents of the postflight script is:

"#!/bin/sh
cd /private/var/tmp/Bomgar/Double-Click To Deploy Pinned Client.app/Contents/MacOS/
sh ./mount_dmg_and_exec__bundle.sh"

command_prompt
New Contributor

Has any of you gentle folk tried deploying Bomgar Button, and managed to do it successfully?

macmanmk
Contributor

I think I have the jump client installation working based on a combination of what I've learned here. Thanks for everyone's input. The only problem is when I check the status in the dashboard, it is showing failures for all of the machines that the policy ran on. It appears from the log that there is a failure in the script, which I copied straight from here.

Can anyone hazard a guess what is causing the failure notice? When I check /Library/Application Support/JAMF/Waiting Room/ the bomgar DMG file is indeed gone. I've anonymized some of the package and token info below, but this is the output on one of the installs that shows the install failed.

Executing Policy Install Bomgar Jump Client Caching package bomgar-scc-w0idc30w6xyzab9e6jzz5ij66h93efi8zwhjwi6c40jc90.dmg... Downloading https://ccm.jamfcloud.com/download/9e5af8f609cj4be881857481140e612c/bomgar-scc-w0idc30w6xyzab9e6jzz5ij66h93efi8zwhjwi6c40jc90.dmg?token=6e7ee14ae81548aa9566d04229f53c45a67jf4ojn2xwn4wchih1vfdpljzc28rq... Verifying DMG... Running script Deploy Bomgar Jump Client... Script exit code: 1 Script result: expected CRC32 $F98C9DFA /dev/disk3 GUID_partition_scheme /dev/disk3s1 Apple_HFS /Volumes/bomgar-scc hdiutil: detach failed - No such file or directory rm: /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0idc30w6xyzab9e6jzz5ij66h93efi8zwhjwi6c40jc90.dmg: No such file or directory Error running script: return code was 1. Running Recon... Retrieving inventory preferences from https://chapman.jamfcloud.com/... Locating accounts... Locating package receipts... Searching path: /Applications Locating software updates... Locating plugins... Locating printers... Gathering application usage information...

jmig
New Contributor II

@macmanmk

I just had this same issue, and noticed that it was installing and working just fine from my Bomgar Console. I simply commented out the following:

#    hdiutil detach /Volumes/bomgar-scc

#    sleep 15

#    rm -R /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0idc30jfd5661jwzj8i7we1z1gzeg868f15hw1c40jc90.dmg

I believe the volume is un-mounting automatically once the JUMP Client install completes, and the DMG is removing itself from the cache automatically as well. These steps fail when it can't find the volume or DMG.

I commented them out so I can easily switch back if needed.

Also, I added a UID variable, so I do not need to edit the paths when a new installer is created. Now my script looks like this:

#!/bin/bash

# UID for the current Bomgar DMG (Bomgar DMGs expire after a specified time, or after each update to the Bomgar server)
BOMGARUID="w0idc30jfd5661jwzj8i7we1z1gzeg868f15hw1c40jc90"

# Check that the Bomgar DMG us cached prior to running this script
if [ -a "/Library/Application Support/JAMF/Waiting Room/bomgar-scc-$BOMGARUID.dmg" ]; then

# Attach the DMG
    hdiutil attach /Library/Application Support/JAMF/Waiting Room/bomgar-scc-$BOMGARUID.dmg

# Run the installer and wait for install to complete
    /Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust
    sleep 90

# Unmount the disk image, and wait for unmount to complete
#    hdiutil detach /Volumes/bomgar-scc
#    sleep 15

# Delete the DMG
#    rm -R /Library/Application Support/JAMF/Waiting Room/bomgar-scc-$BOMGARUID.dmg

else

    echo "Bomgar NOT Present"

fi

KyleEricson
Valued Contributor II

@htabata I tried your full workflow and I get this error.

Executing Policy Bomgar Remote Install
Caching package bomgar-scc-w0edc30he7wjjeiifihyzwfz5gfzz7d81x7xzzyc40hc90.dmg...
Downloading https://ccm.jamfcloud.com//download/93da0543f694464faef3ebd721b3b123/bomgar-scc-w0edc30he7wjjeiifihyzwfz5gfzz7d81x7xzzyc40hc90.dmg?token=20d56dd340be40b6b31837370a27bf516mn2sa5t78x3mgao0rlgwehchiio7sl1...
Verifying DMG...
Running script Bomgar Install...
Script exit code: 1
Script result: expected CRC32 $145AE782
/dev/disk2 GUID_partition_scheme /dev/disk2s1 Apple_HFS /Volumes/bomgar-scc
hdiutil: detach failed - No such file or directory
rm: /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc30he7wjjeiifihyzwfz5gfzz7d81x7xzzyc40hc90.dmg: No such file or directory

Error running script: return code was 1.

Read My Blog: https://www.ericsontech.com

macmanmk
Contributor

@kericson, the advice given to me by @jmig in the post above yours was spot on. The volume is un-mounting and the DMG is being removed from cache, which causes the script failure. I commented out a few lines of my script based on his advice and I haven't had a failure since. Here's what I have been using...

#!/bin/bash

# The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...

if [ -a "/Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc308j7ghizzgz6x588zy7ei88zzegexzew6c40hc90.dmg" ]; then

# Attach the Disk Image
    hdiutil attach /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc308j7ghizzgz6x885zy7ei88zzegexzew6c40hc90.dmg

# Run the installer
    /Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust

# Wait a minute for it to finish up
    sleep 60

# Unmount the disk image
#    hdiutil detach /Volumes/bomgar-scc

# Wait for the unmount to complete
#    sleep 15

# Delete the disk image
#    rm -R /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc308j7ghizzgz6x885zy7ei88zzegexzew6c40hc90.dmg


else

echo "Bomgar NOT Present"

fi

neilmartin83
Contributor II

mikesoll
New Contributor

First, thank you to everyone contributing to this thread it's been very helpful deploying Bomgar via jamf. Once the script executes, our end users are presented with a short(approx 2-3 seconds) splash screen that looks like two computers connecting (as the bomgar service connects to our cloud instance). Has anyone found a way to make the install completely silent with no splash screen presented? Bomgar support advises to use the --silent switch however I'm unsure where to add this command during the script sequence.

Here's the script I'm currently using:

#!/bin/bash

# The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...

if [ -a "/Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc30zygihyzd71h6ydyw8e5jy5izdxegz6wfc40hc90.dmg" ]; then

# Attach the Disk Image
    hdiutil attach /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc30zygihyzd71h6ydyw8e5jy5izdxegz6wfc40hc90.dmg

# Run the installer
    /Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust

# Wait a minute for it to finish up
    sleep 60

# Unmount the disk image
    hdiutil detach /Volumes/bomgar-scc

# Wait for the unmount to complete
    sleep 15

# Delete the disk image
    rm -R /Library/Application Support/JAMF/Waiting Room/bomgar-scc-w0edc30zygihyzd71h6ydyw8e5jy5izdxegz6wfc40hc90.dmg


else

echo "Bomgar NOT Present"

fi

lkrasno
Contributor II
/Volumes/bomgar-scc/Double-Click To Start Support Session.app/Contents/MacOS/sdcust --silent

I would probably put this in Self Service vs pushing via policy, and scope to group with cached

PCSysops
New Contributor II

Thank you, this worked

FeasiblePear
New Contributor III

We just implemented Beyond Trust, and I basically did what everybody else here is doing, with some small tweaks. I don't like cacheing things. I generally create two stand-alone policies. One for a push install, and the second self service scoped to my Technicians AD Security group. Here are my steps:
1. I created a package in composer to store the Beyond Trust DMG file in /var/tmp/ - basically a copy and paste with correct permissions
2. uploaded the package into Jamf Pro :)
3. I then created the script directly in Jamf Pro, just modified to reflect the tmp directory 4. Created a new policy with the package and the script as "after"
5. Deployed as a push and to my techs

mbatchelder
New Contributor II

Has anyone been able to get around Catalina erroring the script out due to the OS not being able to scan the jump client for malicious software?

Update 12/16/19: I accomplished this by removing the quarantine attribute from the .dmg file prior to uploading it to the Jamf Server.

xattr -rd com.apple.quarantine

Jimbo
New Contributor III

@mbatchelder Could you explain in more detail what you did to fix this? I am currently running into this issue. Are you simply opening Terminal and running this command?

xattr -rd com.apple.quarantine

Thanks!