Skip to main content
Question

Possible to delete computer before imaging


Forum|alt.badge.img+3

Hello,

I am wondering if it is possible to delete a system before imaging again with Casper. We have things that are dependent on running 'once per computer' and we have found that when we image a machine and then image it again (even with a different name) the policies labeled with 'once per computer' won't run. We have verified this is how JAMF is supposed to run as it's based on UDID. So while not ideal, what we do is delete the computer from the JSS. Is there a way to automate this process so we can ensure it gets done every time?

Thanks in advance!

Jeff

davidacland
Forum|alt.badge.img+18
  • Valued Contributor
  • May 11, 2015

It might be easier just to use sudo jamf flushPolicyHistory as a post imaging script. That should flush the policy logs for that machine so the run once items will execute again.

Deleting a computer automatically would need the rest api. Completely doable, but much more complex.


Forum|alt.badge.img+13
  • Valued Contributor
  • May 11, 2015

As @davidacland said, put a script into your JSS that runs

#!/bin/sh
jamf flushPolicyHistory

and you'll be all set.
Done this way, you won't need sudo as it will run as root. Set it to run at reboot and throw it into your re-image configuration.

Jeff


Forum|alt.badge.img+3

Awesome!

Thank you both so much!

I will test this today!


Forum|alt.badge.img+10
  • Contributor
  • August 21, 2015

Hi ,

I just happened to be looking for a way to automate deleting a computer before re-imaging as @jeffrey_ngo mentioned. However, I am using Deploy Studio to image my macs and things just seem to run better if the computer account was deleted before getting re-enrolled. Any ideas?

Thanks

Mark


Forum|alt.badge.img+13
  • Valued Contributor
  • August 21, 2015

Deleted


Forum|alt.badge.img+13
  • Valued Contributor
  • August 21, 2015

Deleted as the reply was not relevant to the previous post.
Man, I shouldn't just reply to the email notification obviously!


Forum|alt.badge.img+5
  • Contributor
  • August 21, 2015

@msnowdon

Hi , I just happened to be looking for a way to automate deleting a computer before re-imaging as @jeffrey_ngo mentioned. However, I am using Deploy Studio to image my macs and things just seem to run better if the computer account was deleted before getting re-enrolled. Any ideas? Thanks Mark

We also use DeployStudio. We have a script at the end of our workflow that does the /flush policy as well as another script to remove the user associated with the computers. That seems to work well for us.

enroll.pkg installs on first reboot, the two scripts run after that. We haven't had a problem since we've been doing that, in fact we just finished up our summer imaging of about 1600 desktops.


Forum|alt.badge.img+14

As I understand it this shouldn't be necessary, but I use this as a workaround because the existing computer record has caused issues with imaging for me.

I use a Self Service policy and a script that uses the API to delete the JSS computer account for that machine. We run the Self Service policy before re-imaging a machine. Essentially it reads the machine's serial number then deletes the record for that serial number:

#!/bin/sh
SERIAL=$(system_profiler SPHardwareDataType | grep 'Serial Number (system)' | awk '{print $NF}')
curl -ksu username:password "https://jss.com/JSSResource/computers/serialnumber/$SERIAL" -X DELETE

The SS policy also removes the EFI password and reboots the machine into Target disk mode so it's ready to image.


Forum|alt.badge.img+10
  • Contributor
  • August 21, 2015

@rleatherwood , Im not very good with scripting. I usually find what I'm looking for and edit it. Do you use the above script and place it in DeployStudio's workflow?
Since it runs after the enrollment, it doesn't mess anything up with the new policy history?

And @Josh.Smith , would that script you use work in my environment? I'm assuming I would have to change the URL to the JSS but would that be it? Again, I'm not a big scripting person.

Thanks for the help,

Mark


Forum|alt.badge.img+14

@msnowdon You'd need to modify the username, password, and URL for your environment. I have added logging and some error checking, but that's the heart of it.

I created a JSS user account that only has access to delete Computers specifically for this purpose, and those are the credentials in the script.


Forum|alt.badge.img+5
  • Contributor
  • August 21, 2015

@msnowdon

Im not very good with scripting. I usually find what I'm looking for and edit it. Do you use the above script and place it in DeployStudio's workflow? Since it runs after the enrollment, it doesn't mess anything up with the new policy history?

It clears jamf policy history completely before the first boot. I just throw it at the end and have it set to run after first boot, but after the enroll.pkg file runs.

So anything set to run once per computer will run again.


Forum|alt.badge.img+10
  • Contributor
  • August 25, 2015

@rleatherwood , I used that script as the last part of my workflow and it worked. Now I'm debating whether to play with deleting the entire computer record prior to imaging because not everything gets reset.

Thanks

Mark


Forum|alt.badge.img+14
  • Contributor
  • August 25, 2015

@Josh.Smith @msnowdon

I have it run during imaging with the priority of "Before". It just makes life easier in a school.


Forum|alt.badge.img+5
  • Contributor
  • August 25, 2015

You could still mass delete the computers ahead of time if you wanted to do that still by deleting them by Smart group, in the action tab at the bottom right corner.

One of my concerns with deleting the computer out of Casper ahead of time is if something goes wrong during the image you might not know until you physically saw the computer. (Froze during imaging? Power went out?) Though I guess you could go and count the computers, we just have everything automated on our end and don't need to touch the computer again once the restore kicks off barring a failure. Actually next year we shouldn't even need to physically touch them, and we could technically re-image all of our classroom computers (1600ish) within a week automatically using a combination DeployStudio & Casper.


Forum|alt.badge.img+14
  • Contributor
  • September 3, 2015

@Josh.Smith

I ran into an issue with this script, it prevented Casper Imaging from mapping printers during imaging. I turned on debug mode in Casper Imaging and nothing useful. It stated that all printers were mapped, but System Preferences said otherwise.

I'm going to so some more testing with this.

Edit:

Don't set this as a "Before" script, it doesn't map printers at all. Using Self Service, it works.


bentoms
Forum|alt.badge.img+35
  • Legendary Contributor
  • September 6, 2015

Hi All,

I'm pretty sure that the below has been included in the First Run script that is run post imaging since v8.x

sudo jamf flushPolicyHistory

So should be no need for this, which means i'm confused by the behaviour @jeffrey_ngo is seeing.


Forum|alt.badge.img+23
  • Esteemed Contributor
  • September 6, 2015

The flush policy history command hasn't been necessary since 8.62. I used to use it, but imaging does a policy flush on it's own as part of JAMF's first run scripts. Assuming you're using Casper Imaging.

Not sure if using a quick add pkg as part of DeployStudio has the same effect.


Forum|alt.badge.img+14
  • Contributor
  • September 6, 2015

@bentoms

I need to use this otherwise I will occasionally get "Device signature error" when I re-image a computer too many times (test machines for example). Using "flush policy" will not fix this issue. Take a lab of 30 machines for example, guaranteed two of them will get that error. Everything is up to date in the JSS (certs, JSS, the server).

Deleting the computer from the JSS (before or during imaging) fixes this issue completely.


bentoms
Forum|alt.badge.img+35
  • Legendary Contributor
  • September 6, 2015

@Abdiaziz hmm I don't see that error & have multiple iMacs that i bludgeon with imaging tests regularly.

I wonder what I do that differs to you?


Forum|alt.badge.img+14
  • Contributor
  • September 6, 2015

@bentoms

Good question really.

JSS 9.73, Windows Sever 2012, self signed certificate.

NetBoot made with AutoCasperNbi (thanks Bentoms!)

Imaging config for test machines:

Wipe HDD
OS X 10.10.5 mad with AutoDMG
Apple Remote Desktop
Active directory bind (built in)
Admin packaging account.


bentoms
Forum|alt.badge.img+35
  • Legendary Contributor
  • September 6, 2015

@Abdiaziz Well this is my workflow, have a ganders & see if much differs.


Forum|alt.badge.img+13
  • Valued Contributor
  • September 8, 2015

@Abdiaziz You know, I'm starting to see more of these "device signature error" as well. I've just been re-enrolling and moving on but it is starting to get to a point where I think something is wrong in my environment. I'm still on 9.72 though.


Forum|alt.badge.img+14
  • Contributor
  • September 8, 2015

@jrippy Even adding a quickadd package to the end of the configuration doesn't fix it :/


Forum|alt.badge.img+5

I have experienced "Device signature error" since version 9 so I do need to delete any computer record where duplicate or a refresh. I like @Abdiaziz have the JSS on JSS 9.73, Windows Server 2012 but with a third party cert.

This is a script cobbled together from what I have seen here on jamfnation and also picking up on what @Josh.Smith had posted.

It is a work in progress and I am sure it could be approved. The idea of it is to run before a computer is provisioned.

#!/bin/bash

# Variables needed to match the environment
JSSURL="https://xxxxxxxl.com:8443" 
LOGIN="xxxxx" 
PASS="xxxxxxx" 
LOGFILE="/private/var/log/xxxxx.log" 
SERIALNO=$(ioreg -rd1 -c IOPlatformExpertDevice | awk -F'"' '/IOPlatformSerialNumber/{print $4}')
COMPUTERNAME=$(hostname)
MACHINEID=`/usr/bin/curl -sS -k -u "${LOGIN}:${PASS}" -g "${JSSURL}/JSSResource/computers/serialnumber/${SERIALNO}/subset/General" | awk -F "<id>" '{print $2}' | awk -F "</id>" '{print $1}'` 2>&1 >> "${LOGFILE}"
MACHINEGENERAL=`/usr/bin/curl -sS -k -u "${LOGIN}:${PASS}" -g "${JSSURL}/JSSResource/computers/serialnumber/${SERIALNO}/subset/General" | head -1` 2>&1 >> "${LOGFILE}"
DATE=`date "+%d.%m.%Y - %H:%M:%S"`


# Creating Log file
/usr/bin/touch "${LOGFILE}"
/bin/echo "" >> "${LOGFILE}"
/bin/echo "" >> "${LOGFILE}"
/bin/echo "${DATE}___Logfile created" >> "${LOGFILE}"


#/bin/echo Machine name, serial number and JSS Computer_ID
/bin/echo "${DATE}___Machine name is: ${COMPUTERNAME}" >> "${LOGFILE}"
/bin/echo "${DATE}___Serial number is: ${SERIALNO}" >> "${LOGFILE}"
if [ -z "${MACHINEID}" ] || [ "${MACHINEGENERAL}" == "<html>" ]; then
    /bin/echo "${DATE}___Could not find any Computer_ID for machine ${SERIALNO}" >> "${LOGFILE}"
    osascript << EOT
tell application "System Events" to display dialog "Looks good, could not find any computer record matches." with title "XXXXXX" with text buttons {"OK"} default button 1 
EOT
    # add dialog Looks good, could not find any computer record matches
else
    /bin/echo "${DATE}___JSS ID for machine is: ${MACHINEID}" >> "${LOGFILE}"
    # add dialog Found matching serial number, check yes to delete from the JSS
theAnswer=`/usr/bin/osascript << EOT
tell application "System Events" 
activate
display dialog "Found matching computer record, should we delete?" with title "XXXXXX" buttons {"Yes","No"} default button 1 
if the button returned of the result is "Yes" then
   set theAnswer to Yes
  end if
end tell
EOT`
/bin/echo "${theAnswer}"
if [[ ${theAnswer} == "yes" ]]
then curl -ksu username:password "https://xxxxxxxxx.com:8443/JSSResource/computers/serialnumber/$SERIALNO" -X DELETE
osascript << EOT
tell application "System Events" to display dialog "Computer record deleted." with title "XXXXXX" with text buttons {"OK"} default button 1 
EOT
else
osascript << EOT
tell application "System Events" to display dialog "Computer record not deleted." with title "XXXXXXX" with text buttons {"OK"} default button 1 
EOT
fi
fi

Forum|alt.badge.img+16
  • Honored Contributor
  • September 8, 2015

FYI,

When I was testing years ago I could't get curl to JSS to work with a bash script had to use cshell

C


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings