Jamf Automation

kadams
Contributor

I spend a lot of time provisioning computers here at the company I work for. The process is extremely time consuming. Time wasted that I could be using for learning, or doing other things. Does anyone have a guide for automating computer setups. Right now i download quickadd packages from the JSS. Once that installs, I run a sudo jamf policy in terminal. That installs all of the policies and configs we have set up in JSS. There has to be some sort of way to script out this process. I may not know how to right the scripts on my own, but I can apply them.

6 REPLIES 6

ronb
New Contributor II

For us, we build install or update packages designed for "Caching" in our policies. So we cache every package we can (pretty much the only exceptions are things that have to be run within the user space). We then have a policy that runs only on Mondays and Wednesdays that "caches" all Apple Software updates. Then we have an update policy that runs every Thursday after 11am that is a logout policy (so they can get this done at lunch, or end of day) that performs the following -
1. Installs all cache (jamf) packages
2. installs all Apple updates (that had been cached earlier in the week)
3. Runs a script that runs Adobes command-line updater (RemoteUpdateManager) that downloads and installs the latest Adobe delta updates)
4. Runs all the maintenance routines under "Maintenance" in the policy
5. Restarts the computer
We also have a separate (for now) policy that runs the new Microsoft AutoUpdater command line function that downloads and installs all Microsoft Office delta updates. they have done a really good job with this (better than what our Windows users deal with) as, it prompts a user to quit the app if they want the update now, or if they press "Later", it will install when it finds the application not running (even if it just at a logout, restart, or shutdown). As in all the items above, we'll have to build a trust up so as to start taking all updates regularly.

This has worked well for us as it is the least disruptive technique we have found for the users thru the years.

mschroder
Valued Contributor

What about configuring user initiated enrollment, and have your policies run right after enrollment?

esembly4
New Contributor III

Are you trying to automate the build, update or maintenance process? Or all of them? Are you leveraging DEP and the enrollment complete trigger to automate some of your processes. Let me know if I can help you with setting up some of these policies.

kadams
Contributor

@esembly4 , Yeah I just want to run a script that will automatically download the quick add package on run the policies etc on any machine i send it out to. The advanced guys on my team mentioned something about ansible. Im not on that level as of yet. Manually visiting a site to enroll the device and running sudo jamf policy on several machines is becoming a chore.

ronb
New Contributor II

We have an initial enrollment policy that does install all standard apps, most often scoped by department. The rest of our policies are for specific apps that are requested after the fact, or updates.

esembly4
New Contributor III

@ronb Sorry I have not responded to this. Did you get your answer, or do you still need help solving this?