@cbrewer thank you. When I attempt to use this. The login window will flash but re appear right away without displaying the jamf helper window. Am I missing something or is there something more I have to do?

This is a interesting idea.
Did you add any extra scripted items to your /private/tmp/splash_screen.sh ?

May give this a try, we are global, and trying to find ways to make the system inaccessible for X amount of minutes to assure a good image, and trickle down of scripts (date/time/set, cached files, etc.).

This can probably do the trick. Add my extra script commands into a .sh to run in the back ground.

@mconners were you successful in using this? or did the helper app continue not starting over the login window?

I've added some more complexity to the script above. I found that I needed to determine if a user is logged in. I also need to know if that user is _mbsetupuser. Here's what I'm currently using.

Edit: old script removed. See here for current version.

Wow! this is exactly what i'm looking for. Thanks @cbrewer

Glad it helped you out. I've pretty much entirely replaced my imaging process with this workflow and it's been pretty smooth.

@cbrewer Curious how you're deploying the ORG_Logo.png. That's a nice little touch. But not sure how to deploy it. As a package with the policy that calls the script?

@denmoff I run a Once per computer policy on Enrollment trigger that deploys a DMG package with the image and then runs this script. Just make sure the script is set to run after.

@cbrewer What part of this script actually tells the jamfhelper window to go away? I'm not seeing a kill command or unload of the launch agent in that code. How are you handling this?

@jon.mann

For my very last enrollment policy, I run a script that removes the splash_screen.sh script and the LaunchAgent. Then I reboot the machine.

#!/bin/bash

if [ -f /private/tmp/splash_screen.sh ];then
  echo "Removing /private/tmp/splash_screen.sh"
  rm /private/tmp/splash_screen.sh
fi
if [ -f /Library/LaunchAgents/ORG.computer_setup.plist ];then
  echo "Removing /Library/LaunchAgents/ORG.computer_setup.plist"
  rm /Library/LaunchAgents/ORG.computer_setup.plist
fi

Thanks @cbrewer Seeing some success doing the same but using this to kill instead of restart:

#!/bin/sh

if [ -f /private/tmp/splash_screen.sh ];then
  echo "Removing /private/tmp/splash_screen.sh"
  rm /private/tmp/splash_screen.sh
fi
if [ -f /Library/LaunchAgents/ORG.computer_setup.plist ];then
  echo "Removing /Library/LaunchAgents/ORG.computer_setup.plist"
  rm /Library/LaunchAgents/ORG.computer_setup.plist
fi

ps axco pid,command | grep jamfHelper | awk '{ print $1; }' | xargs kill -9

Any idea why the policy execution isn't showing in the logs? I put your script as a policy payload with a startup trigger. It works great but the log still says "pending", and so it runs again the next time I restart the computer. Or should I be running it a different way?

Thanks

@ktaylor25 I use this script with an enrollment trigger set to once per computer. You won't see results in the policy log until all of the enrollment policies at the bottom of script are finished. Maybe one of your other enrollment policies isn't finishing?

I've made quite a few changes to this script since I posted it in here. Notable changes are that I now wait for the _mbsetupuser account to be logged out before proceeding. I also disable the local admin account while enrollment policies are running and then re-enable it afterward. I'm also checking the OS version so I can do things different between 10.11 and 10.12+.

Edit: old script removed. See here for current version.

@cbrewer Are you running the following for your clean up script. I've tried it with a restart but the splash screen loads on the first boot

!/bin/bash

if [ -f /private/tmp/splash_screen.sh ];then echo "Removing /private/tmp/splash_screen.sh" rm /private/tmp/splash_screen.sh
fi
if [ -f /Library/LaunchAgents/ORG.computer_setup.plist ];then echo "Removing /Library/LaunchAgents/ORG.computer_setup.plist" rm /Library/LaunchAgents/ORG.computer_setup.plist
fi

@a.simmons Yes - I'm running that script as the last part of my enrollment process (jamf policy -event enrollment_20). The enrollment_20 policy runs that cleanup script and then reboots. As long as the launchagent is removed, there shouldn't be any way that the splash screen will load again.

@cbrewer what jamf version are you on? Your clean up script worked correctly once I removed the reboot script. I was using your process last week with out any issues, upgraded to 10.6 now it seems the policy with the reboot script in to keeps looping. Not sure if its linked to the upgrade

@a.simmons I'm on 10.6 as well. Are you running these policies One per Computer? It sounds like either the launchagent isnt being removed or the policy to create the launchagent is running again.

Hi @cbrewer what a you using for your reboot command? I tested 'shutdown -r now' and that makes it restart, but thats causing the policy to loop. 'jamf reboot' didn't seem like it did anything.

Hello @a.simmons you could swap out the -r for -h for halt which shuts the system down.

Hi @mconners I want it to restart and be at the login screen.

@a.simmons I'm using the restart function that Jamf makes available for policies. Just set it to Current Startup Disk, Restart Immediately, Restart Immediately.

@cbrewer That worked. Thanks a lot for your assistance.

@cbrewer Have you tried or had any luck putting the LaunchAgent piece into a package then kicking it off in the Enrollment script versus hardcoding it in?

@captam3rica I prefer creating LaunchAgents with scripts. It's easy to manage. Plus, the way I'm using it, if there is a user logged in I'm able to exit the process without creating the LaunchAgent. You could package it up if you want - personal preference.

NVM. I am dumb. I had it as a launch daemon.

If you want to use this process with macOS 10.15 (10.15.0 specifically), I've found that you need to kill the loginwindow process twice back to back in order for jamfHelper to stay present. Killing loginwindow once quickly flashes a jamfHelper screen and then it goes away.

Also, I've updated the script I'm using for this to be more versatile. I've put the LaunchAgent creation and loginwindow restarts into a function, making it easy to change the jamfHelper message if you want to.

Computer_Enrollment_LaunchAgent.sh

@cbrewer Thanks for that, I came in just to see if someone had a Catalina update available. We're going to start testing your script. Cheers!