Is it possible to select a Configuration Profile with Applescript?

rblaas
Contributor II

Hi all,

I am trying to use applescript to select a specific Configuration Profile (MDM Profile) but I am unable to do (can find it how to do this) The reason is for a little help script to have users click the 'Approve' button without looking for the setting.

Any help is appreciated

12 REPLIES 12

arivera
New Contributor III

I’m not sure if what you are attempting to do exactly is just get them to Profiles in System Preferences or if you’re trying to get them there but also select specifically the MDM profile as well. I use Jamf Helper to popup a message letting them know what is going on and when they click OK on the popup it takes them to Profiles but it wont preselect the MDM profile, since the CA certificate profile is first that will be preselected. Here is the shell script I use. Let me know if its of any help.

#!/bin/bash

consoleuser=`/bin/ls -la /dev/console | /usr/bin/cut -d " " -f 4`

sudo pkill -1 'System Preferences'

/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "NameOfMyComapny" -description "Due to new Apple security features you will be required to approve a profile on the following window.  You will only have to approve this profile once.

After clicking OK a window will popup, on this new window click on MDM Profile on the left pane, then click on the Approve button and you will be asked to confirm to Approve once more, click Approve to complete the process." -icon /private/tmp/companylogo.png -button1 "OK" && sudo -u $consoleuser open /System/Library/PreferencePanes/Profiles.prefPane && sleep 120

exit 0

rblaas
Contributor II

Thanks for the reply. I can open the system Preferences and even open Configuration Profiles. But I want to select the MDM Profile (yes my users are not that smart) That's the thing I want to accomplish. the user will only have to press the approve button there..

arivera
New Contributor III

I will dig into this later today in a virtual machine and see if there is any way to get this done. It’s very early here where I am. I will reply to you with my findings. The idea does sound interesting.

xian
New Contributor II

@rblaas @arivera I'm in the same situation; curious to know if a solution was found. Thanks.

arivera
New Contributor III

As far as I’ve tried many things I haven’t found a way to do this unfortunately.

leslie
Contributor II
Contributor II

Tried this?
https://jerbecause.wordpress.com/2018/02/18/remotely-approving-uamdm/

arivera
New Contributor III

Only one problem. This method will not work on Mojave and above.

leslie
Contributor II
Contributor II

Technically it still works, but I think the manual effort to enable all the permissions isn't worth it.
Below is a quick video
https://streamable.com/3aaoc8

arivera
New Contributor III

I probably should’ve clarified and not assumed that if you are going to manually set up the issues you are going to run into because of PPPC on Mojave you might as well just click approve yourself.

rblaas
Contributor II

To clarify my question,

It is not about auto approving.. But display the MDM profile. (not just all profiles, but really select the mdm profile so the user can just click approve)

arivera
New Contributor III

@rblaas I do understand what you mean, I believe I tried many ways to do this before but never got to it. I get it that you are trying to make it as simple as possible for the users so that there is no excuse or confusion of where they need to go. Hopefully someone can chime in and provide some solution.

rblaas
Contributor II

@arivera thanks :) Although I kinda have given up hope :)

And it is not that bad because most computers are now under DEP .