Help

Is it possible to have the last step of a no-touch enrollment be "Remove Casper"?

duffcalifornia
Contributor

Posted on ‎03-30-2016 02:49 PM

My organization is purchasing computers on behalf of students for the upcoming academic year. The devices will be student owned, organization supported. The powers that be do not want any sort of monitoring software of any kind on there, and we do not want the students to think our IT department has any way to see what's going on on their computer.

We want to use Casper to allow no-touch enrollment and software downloads so each student laptop has the same base image. Is it possible to have the last step of the enrollment on these specific machines be "Remove Capser MDM Profile" so it's done automatically?

If so, how would we accomplish this?

Labels:
0 Kudos
5 REPLIES 5

chad_fox
Contributor II

Posted on ‎03-30-2016 03:42 PM

You could use a script that removes "MDM Profile" and set the trigger to "Enrollment Complete".

I would probably include a removeFramework also just for good measure. That can be added in files and processes.

(Got the script on JAMF Nation, forgot from who)

!/bin/bash

Get UUID of requested MDM Profile

MDMUUID=profiles -Lv | grep "name: $4" -4 | awk -F": " '/attribute: profileIdentifier/{print $NF}'

Remove said profile, identified by UUID

if [[ $MDMUUID ]]; then profiles -R -p $MDMUUID
else echo "No Profile Found"
fi

sleep 5

0 Kudos

duffcalifornia
Contributor

Posted on ‎03-31-2016 10:49 AM

@chad.fox

So, nobody on my team is a scripter. Where exactly would we use this script?

Apologies ahead of time for my ignorance.

0 Kudos

bpavlov
Honored Contributor

Posted on ‎03-31-2016 10:59 AM

Download and open up a text editor like TextWrangler
Copy the contents of the script:

#!/bin/bash
#Get UUID of requested MDM Profile
MDMUUID=profiles -Lv | grep "name: $4" -4 | awk -F": " '/attribute: profileIdentifier/{print $NF}'

#Remove said profile, identified by UUID
if [[ $MDMUUID ]]; then profiles -R -p $MDMUUID
else echo "No Profile Found"
fi

sleep 5

Then save it with whatever name you want but make sure to append .sh at the end (e.g. MyScript.sh)
Upload it to the JSS using Casper Admin
Then in the JSS create a policy and use the "Scripts" payload.

Note: I cannot vouch for the script above and whether it will accomplish what you're looking to do.

Another idea just to throw it out, use something like DeployStudio which does not enroll the computer to the JSS.

0 Kudos

andrewrose
New Contributor II

Posted on ‎03-31-2016 03:34 PM

You would need to remove the framework entirely for there to be no monitoring going on.

This is a scenario where DeployStudio is probably a better solution. It can easily install a series of packages and then reboot to the setup assistant for users to go through to get set up. It's entirely designed around the idea of bootstrapping Macs before handing them off. Price is right, too.

0 Kudos

mscottblake
Valued Contributor

Posted on ‎03-31-2016 08:03 PM

@duffcalifornia

Check out this post. Sounds like it's what you're looking for.

Copy the posted script into the scripts section of your JSS, name it something like zzzRemoveFramework.sh (to make sure it runs last), and then set it to run At Reboot. Add that script to your imaging workflow and you should be set.

Note: I haven't tested this running this as part of imaging (only within a policy), so make sure you test it thoroughly, then when you think it's ready, test it again.

0 Kudos