Posted on 03-10-2015 08:09 PM
We have a challenge in our environment where we have multiple sites across our campus. We have techs that go to these locations and install the quick add package (this is one way enrollment is getting done). The challenge is you have to create a separate quick add package for each site. That's a lot of overhead and management of the quick add packages.
Our solution was to create an AppleScript application that lets the techs choose a site during the "quick add" package installation. I'm reaching out to see if people would be interested in this script/application. I can remove the bits that are specific for our campus and make it more general for other people to modify slightly and use in their environment (change the jss address, etc...)
The way this application works is that it utilizes invitation ID's in a bundled text file. You would have to create these invitations in your JSS and copy and paste them into the text file. You basically have the site name listed with the invitation ID listed below it. The script only shows the site name when the application is launched to limit confusion. This does mean that the text file has to be managed but the way we see it, it's far less overhead than managing separate quick add installer packages. Also, once you populate the text file, you won't really have to touch it much unless new sites are added to our JSS.
Anyways, if anyone is interested, please respond and I'll get our script distributed to the nation. Wanted to reach out first to see if there is any interest before putting in work to generalize our script for the masses to use.
I've attached a few screen shots of how the UI looks like to the end user/admin. This was created in Script Editor. I'm sure there's way to make this cleaner in Xcode but we really need a quick way to get this done that could be edited easily by anyone if needed.
Posted on 03-10-2015 08:14 PM
And I just realized the text for the site selection should read more like "Choose a site to enroll to". Oops! Typo on my part. Easily fixable.
Posted on 03-10-2015 08:27 PM
@dilan Yes very interested in this as we have a similar issue, but we have a site across multiple campuses.
Posted on 03-10-2015 09:16 PM
@dmw3 Is it one site across multiple campuses? Does the built-in quick add package not do the trick? Or do you have multiple sites across multiple campuses?
Posted on 03-10-2015 09:27 PM
@dilan Multiple sites across multiple campuses across multiple states, but the same University.
One of the reasons why I put in a feature request to have the ability to have policies across multiple sites by using checkboxes to nominate the sites needed.
Posted on 03-10-2015 09:32 PM
@dmw3 Gotcha. I'll generalize the script and post it up.
Posted on 03-10-2015 09:34 PM
@dmw3 one last question, do all your managed machines point to the same JSS URL? The script currently does not support manual entry of a JSS URL but can be easily added.
Posted on 03-10-2015 09:37 PM
@dilan Yes all point to one JSS at the moment as our network bandwidth is very good, but we use multiple JDS, one in each remote location.
Posted on 03-11-2015 06:59 AM
@dilan I am very interested in this as we have 140 sites worldwide!
Posted on 03-11-2015 05:27 PM
Just out of curiosity, how are you all currently handling enrolling your machines?
Making some final tweaks with the script.
Posted on 03-11-2015 05:34 PM
@dilan Most are done with Recon as these are mainly at remote sites but with known IP's.
Posted on 03-15-2015 09:51 AM
Hey everyone interested in the script, I just finished up generalizing the script. We will be running a few tests with it tomorrow. I'll then post a link here so you all can obtain it. It will include a very simple "manual" to help you customize it to your needs.
Posted on 03-18-2015 02:10 PM
Hey guys,
Sorry for the delay. Here's a link to grab the script and manual. Please ask questions if you have any!
https://www.dropbox.com/sh/d27xlzz7leu4mho/AADPXfAmsbhvp_kHZW_hhPmqa?dl=0
Enjoy!
Posted on 03-18-2015 03:38 PM
Hi Everyone,
Automating multiple site enrollment can be something that is hard to tackle. There are many ways to accomplish the task at hand as well. One method I have used is the email invitation codes. You need to setup SMTP on your JSS and then create a computer enrollment. During this process you go through a setup assistant, and you can choose options like expiration date (and set it to 10 years from now or something very long) and select the box for multiple uses as well as the site you want the code tied to. Email the code to yourself and you should see a URL with the invitation code at the end. Which is a long string of digits.
You can take that code and edit your quick add package to have all the sites and codes in one package. Looking at the example @dilan posted you could even insert an Applescript into your post flight that could select multiple codes then enroll a device in one quickadd package. This would at least mitigate the process of manually creating tons of quickadd packages. It also gives you more control over the expiration date, so maybe you only allow the code to be valid with in a specific time/date span.
Some code example that maybe you all could greatly improve would be:
#!/bin/bash
# set multiple site enrollment via one quick add package
getSite() {
theSite=$(osascript <<AppleScript
set mySites to {"Minneapolis", "Cupertino", "New York", "Hong Kong", "Amsterdam", "Eau Claire"}
set selectedSite to {choose from list mySites}
AppleScript
echo "${theSite}"
)
}
getSite
echo "${theSite}"
# now select invitation codes
# put site names with spaces in single quotes
case ${theSite} in
Minneapolis)
invCode='1234567890';;
Cupertino)
invCode='0987654321';;
'New York')
invCode='6789012345';;
'Hong Kong')
invCode='8901234567';;
Amsterdam)
invCode='3456789012';;
'Eau Claire')
invCode='4567890123';;
esac
echo "put your enrollment command here with code ${invCode}"
exit 0
I wrote this in like 5 minutes, so please test this out and I am sure my code could use a lot of cleaning up and many of you out there could write it better than me. So feel free to reuse this, recycle it, share it, etc.
Here goes a great link on editing quickadd packages:
Getting more out of Quickadd Packages
Thanks,
Tom
Posted on 03-18-2015 04:54 PM
@tlarkin Hey dude... thanks for posting another possible solution. However, it looks like we're doing the same thing. My Applescript bundle lets you add all the invitation codes into an embedded text file and pulls the info from that text file and displays a list of sites to choose/enroll from. You obtain these codes through the e-mail invitation functionality in Casper, as you mentioned. If you have a few, take a look at the manual included with my script and I think you'll notice we are doing the same thing.
Instead of tearing through the manual, here's a snippet from the manual of what the script does:
Behavior of the script: This script will do the following in order: 1.) Checks to see if a previous JAMF framework has been installed (JAMF binary, JAMF conf file, etc...) a.) If JAMF files were previously installed, the script will remove all files. b.) If JAMF files have not been installed, the script will move on to the next step. 2.) The JAMF binary package you built with composer will install. This will simply install the jamf binary into /usr/sbin 3.) The JAMF conf file will be created based on your JSS address. This file is needed for the jamf binary to properly enroll the machine. 4.) SSH will be enabled. 5.) Lets user choose site to enroll to based on information from the sitelist.txt file. 6.) Enrolls machine to site chosen in step "5" a.) A status window will flash every second. The reason for this annoyance is because the script is looking for the process "jamf -policy enrollmentComplete". Once this process is detected, enrollment will be complete and the script will release. This makes it possible for policies to be deployed without holding the script hostage (you don't have to wait around). 7.) The script ensures proper enrollment by running the jamf manage command. If the machine enrolled properly, you will see a status screen stating what site the machine has enrolled to. If there was an issue, you'll see an error status message.
Posted on 03-18-2015 05:02 PM
Yup there really is no original code these days, everything has been done. I did not look too deep into your solution but I like it. Keep up the good work!
The one thing I thought of in hindsight after hacking together that example code is to build logic into the script to only allow users to enroll in sites they are supposed to. Maybe read the IP address or DNS entries or something to identify where the device is physically, then either auto select the site for them, or only allow them to choose what sites are applicable. This would assume different sites are on specific different subnets, or something that is unique to that site. You could even incorporate it into some of the auto-enroll workflows that have been floating around past couple years.
Your workflow is definitely more in-depth than what I just whipped up so thanks for sharing with everyone.
Cheers,
Tom
Posted on 03-18-2015 05:58 PM
@tlarkin thumbs up The extra stuff you mentioned could definitely be beneficial. For our techs (they are all granted access to our Casper environment), I think this was as far as I was willing to go. We were just trying to solve the issue of having to manage so many quick add packages and to make the enroll process include the least amount of "clicks" for our techs. Sounds silly but we needed to make this as easy and straight forward as possible. If anyone wants to take my code and add to it, have at it!