Jamf Nation Community

@mfcfadmin a common way to do the initial kickoff is an “on enrollment” trigger scoped to a smart group that has a criteria of enrollment method set to the name of the prestage user for enrollment.

So I decided to try DEPNotify but I don't see any instructions on how to configure
it to end up on the machines. I don't see anything obvious under PreStage Enrollments.

Does it just do notifications or does it actually trigger the work?

I don't want to use a trigger that is generic like enrollment since I don't want to have a
load of packages being installed if I have to re-enroll something ... only if it is going through DEP.

We're holding back on 10.9 until after the holidays since it may take hours.

@mfcfadmin To deploy DEP Notify you must do a few things. - This is the way I do it, you can skin this cat anyway you want or however it best suits you but hopefully this gets you started so you can learn and play with it as it is a great tool.

1. Create Policy #1

   • Policy #1 Contains DEPNotify Package Installer https://marketplace.jamf.com/details/depnotify/

   • Policy #1 Contains Self Made package installer containing the following

   • deploying a LaunchAgent Plist (This calls a Shell Script that Calls AppleScript Applet at Login of Specific User)

PLIST

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
<plist version="1.0">
<dict> 
     <key>Label</key>
          <string>org.yourorgdepnotify</string>
     <key>Program</key>
          <string>/folderpath/toscript/depNotify.sh</string> 
     <key>RunAtLoad</key> 
     <true/> 
</dict> 
</plist>

SHELLSCRIPT CALLED
(/folderpath/toscript/depNotify.sh does the following)

#!/bin/sh

open -a '/folderpath/toselfmadeAppleScriptAppletl/DEPnotify.app'

- Policy #1 Contains Self Made package installer containing the following AppleScript Applet that does a "sudo jamf policy -event triggername" (This calls Policy#2 & it's done this way because Launchagents are user level) (This also gives a visual on the machine and an application appears in the dock while the DEPNotify Script form the JSS is Running

-- Set Ad Privvies
set UNAME to "admin"
set PASSW to "password"

try
    do shell script "sudo /usr/local/bin/jamf policy -event initiatedepnotify" user name UNAME password PASSW with administrator privileges
end try

• Trigger @Enrollment & Execution Frequency, Ongoing

  1. Create Policy #2
• Policy #2 Contains the DEPNotify Script in your JSS
• this Script (modified for your organization in your JSS - https://github.com/jamf/DEPNotify-Starter/blob/master/depNotify.sh
• Trigger is Custom Event @initiatedepnotify & Execution Frequency, Ongoing

This will then, when scoped to and @ enrollment during the DEP Configuration during first boot run the Policy #1 & then when you log into that computer for this first time, the launch agent then calls on Policy#2

The Script in Policy #2 will then configure the computer as you see fit with policies, configuration profiles, etc scoped to department, building & general packages for all computers in org.

Thanks. I will have to modify since the password in clear text won't fly.

@mfcfadmin check out rot13 for applescript to encode the username and password in the applet

Eventually decided against DEPNotify since we do the package installations and we've got monitoring already.
Since there isn't a special trigger, we install the packages and then touch a file so if the machine gets re-enrolled, it notices the file and doesn't re-install the packages. We use "jamf policy -event YourNameHere" to re-install the packages when needed.