Our organization is needing to push out Panopto Recorder to 1000+ machines. The installer already has some issues that I've been able to address, but I could use some help on this last piece. Some of the problems with this installer, it can only be run while a user is logged in. I'm working around this by running a script at check-in to see if a user is logged in, and calling the install policy if someone is. This script does work on Sierra and High Sierra. My problem now is that the installer is doing some weird things that require allowing Installer to administer networking and system settings when installing manually.
With a PPPC profile that's allowing everything to installer, terminal, jamf, jamfagent, and jamf management I'm able to get the installer to run successfully, if run through Self Service or through running sudo jamf policy through a local terminal session. But no dice on letting the policy run on a natural check-in, running sudo jamf policy over an ssh session, or through Jamf Remote. I've tried giving launchd and sshd full access to see if that helped, and it hasn't. Does anyone have an idea on allowing some other process access to what it needs?
Side note: I plan to lock down the PPPC profile, and remove excess permissions, once I get working what I can. The shotgun approach is just to get myself started. The profile is also un-scoped from a machine once Panopto is installed.
Any help is appreciated.
I was wondering how you choose to solve this issue? I too have to deploy Panopto on Mojave and noticed that it wants to create the panopto_upload user. One approach to deploying this would be to use JAMF Composer and package up just the files that Panopto installs and then set the JAMF policy to install that new package to also create the needed panopto_upload user account.
Have you done something different?
We ended up making the package available through Self Service. Mojave is currently allowing the account creation if the policy is user-initiated, so this was the easiest solution for us. Doing it the way you listed is theoretically possible, but by taking the user creation step out of the install package you give up the error checking that the Panopto installer does. We chose to use the vendor package as it is, and do our best to make Jamf work with it, instead of the other way around.