Does the DEP process raise any special triggers?

mfcfadmin
Contributor II

We want to trigger scripts and package installations after the DEP process has succeeded.

Thanks for any pointers.

7 REPLIES 7

Hugonaut
Valued Contributor II

You can flag policies for enrollment, or include them in Prestage with 10.9. A lot of tools are available as well. IBM went open source, Splashbuddy, DEP-Notify, etc

Check out DEP Notify - https://gitlab.com/Mactroll/DEPNotify

JAMF DEP Script - https://github.com/jamf/DEPNotify-Starter

Video of how it looks once configured - https://www.youtube.com/watch?v=z-5EIY2yOU0

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

chriscollins
Valued Contributor

@mfcfadmin a common way to do the initial kickoff is an “on enrollment” trigger scoped to a smart group that has a criteria of enrollment method set to the name of the prestage user for enrollment.

mfcfadmin
Contributor II

So I decided to try DEPNotify but I don't see any instructions on how to configure
it to end up on the machines. I don't see anything obvious under PreStage Enrollments.

Does it just do notifications or does it actually trigger the work?

I don't want to use a trigger that is generic like enrollment since I don't want to have a
load of packages being installed if I have to re-enroll something ... only if it is going through DEP.

We're holding back on 10.9 until after the holidays since it may take hours.

Hugonaut
Valued Contributor II

@mfcfadmin To deploy DEP Notify you must do a few things. - This is the way I do it, you can skin this cat anyway you want or however it best suits you but hopefully this gets you started so you can learn and play with it as it is a great tool.

  1. Create Policy #1

    • Policy #1 Contains DEPNotify Package Installer https://marketplace.jamf.com/details/depnotify/

    • Policy #1 Contains Self Made package installer containing the following

    • deploying a LaunchAgent Plist (This calls a Shell Script that Calls AppleScript Applet at Login of Specific User)

PLIST

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
<plist version="1.0">
<dict> 
     <key>Label</key>
          <string>org.yourorgdepnotify</string>
     <key>Program</key>
          <string>/folderpath/toscript/depNotify.sh</string> 
     <key>RunAtLoad</key> 
     <true/> 
</dict> 
</plist>

SHELLSCRIPT CALLED
(/folderpath/toscript/depNotify.sh does the following)

#!/bin/sh

open -a '/folderpath/toselfmadeAppleScriptAppletl/DEPnotify.app'

- Policy #1 Contains Self Made package installer containing the following AppleScript Applet that does a "sudo jamf policy -event triggername" (This calls Policy#2 & it's done this way because Launchagents are user level) (This also gives a visual on the machine and an application appears in the dock while the DEPNotify Script form the JSS is Running

-- Set Ad Privvies
set UNAME to "admin"
set PASSW to "password"

try
    do shell script "sudo /usr/local/bin/jamf policy -event initiatedepnotify" user name UNAME password PASSW with administrator privileges
end try

This will then, when scoped to and @ enrollment during the DEP Configuration during first boot run the Policy #1 & then when you log into that computer for this first time, the launch agent then calls on Policy#2

The Script in Policy #2 will then configure the computer as you see fit with policies, configuration profiles, etc scoped to department, building & general packages for all computers in org.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

mfcfadmin
Contributor II

Thanks. I will have to modify since the password in clear text won't fly.

Hugonaut
Valued Contributor II

@mfcfadmin check out rot13 for applescript to encode the username and password in the applet

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

mfcfadmin
Contributor II

Eventually decided against DEPNotify since we do the package installations and we've got monitoring already.
Since there isn't a special trigger, we install the packages and then touch a file so if the machine gets re-enrolled, it notices the file and doesn't re-install the packages. We use "jamf policy -event YourNameHere" to re-install the packages when needed.