Jamf Nation Community

jakeobie · ‎01-09-2018

Hey all,

We've been using JAMF for the last few years, but have stuck with deploying large images instead of workflow-based deployment. Recently, I've been testing package deployment and love it (using JAMF Imaging and an unbooted-OS made by AutoDMG).

However, we're now looking into utilizing our DEP. I have some questions, however:

1) From what I understand, DEP will enroll the computer during the setup assistant phase, and then we can set up policies to run "On Enrollment" (hopefully specifically PreStage Enrollment). Those policies will install all our required packages. Does that sound like the proper procedure to install various packages on a new computer?

2) If that is the case, how will we do configuration profiles to set up our various settings? I don't see an option to only apple the profiles to pre-stage enrolled copmuters, and I don't want to simply scope it to a huge pool of all computers as we don't want to affect computers already deployed. Maybe put configuration profiles into packages? Or, if I enable only deploying to newly assigned devices?

3) Right now, we name computers based on naming convention that requires some manual input. How would this be done? Maybe a script that prompts for the name of the computer?

Thanks for the assistance. I'm probably missing something basic in some of this, but I'd really like to get at least towards package deployment if not full DEP integration.

gachowski · ‎01-09-2018

Yep, though on some .pkg not build to Apple guidelines you may have to jump through some hoops
You can set a smart group based on the Jamf Pro ID so only the new DEP imaged machines get the profiles.
Yep script should get this done something with scutil --set HostName $ scutil --set ComputerName $ scutil --set LocalHostName $

C

blheureux · ‎01-09-2018

For Question #2, one option would be to set up a Smart Computer Group with criteria: "Enrollment Method: Prestage Enrollment" is <Prestage Enrollment Name>.

Look · ‎01-09-2018

You have an asset register of computer names based on serial number?
We gave ours a read only API interface so the machines can pull their own name from it and rename themselves using a script.

ibrahim_senyer · ‎01-09-2018

Q1 : yes that is the way how it works. Q2: If your configuration profiles set for all computers then it will be installed automatically(if ur dep and jss has set up properly), if they are targeting specific groups then you need to use composer to create packages for config profiles. Q3: Yes you need to use script.

jakeobie · ‎01-10-2018

The only complaint I have is that managing a policy that has 10+ packages in it is slow and cumbersome. While using imaging, I can use JAMF admin to quickly add packages to a workflow and it takes no time at all. Using the JAMF web interface to set up packages within a policy is not near as efficient.

There's no better way to do that, right?

Wakko · ‎01-10-2018

A word of caution I would be careful with creating a smart group with "Enrollment Method: Prestage Enrollment" is <Prestage Enrollment Name>. At any point, support might ask you delete the PreStage, if that happens then game over profiles will uninstall. I would recommend creating smart groups based on other criteria. Department, Building, etc, etc, etc. I'm just saying ........ be careful with a smart group like that.

ibrahim_senyer · ‎01-10-2018

If you really want easier way then you can use script to rename during enrolment with special prefix.

!/bin/sh

jamf setComputerName -useSerialNumber -prefix 'XYZ-'

hostname=jamf getComputerName | cut -c 16-30
localhostname=jamf getComputerName | cut -c 16-30

/usr/sbin/scutil --set HostName $hostname
/usr/sbin/scutil --set LocalHostName $localhostname

exit=0

so the computername will be XYZ-whateverisserial
and you can smartgroup them

lindisfarne · ‎01-10-2018

Question 2: I use breadcrumbs (write a file to our management folder on the machine) to achieve similar things. I then use extension attributes to read those breadcrumbs and create smart groups for scoping. Works really well. There's probably other ways to do the same thing.

Here's an example of the script I use to create breadcrumbs. We set $4 to the breadcrumb name, $5 to the breadcrumb contents, which will be the value of the extension attribute, and $6 to "1" if we want to run recon after we create the breadcrumb.

Cheers,
Gavin

#!/bin/bash

#log the output of the script to the jamf.log for easy viewing
logfile=/var/log/jamf.log;
exec >> $logfile 2>&1;




#------------------------------     
#-------BEGIN VARIABLES--------
#------------------------------ 

scriptname="breadcrumb_custom.sh";
breadcrumb="/Library/LAS/breadcrumb_$4.txt";

#------------------------------     
#-------END VARIABLES----------
#------------------------------



echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:   "
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: ------------------------------------------------------"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: --- Starting $scriptname"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:   "
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: Script variables:" 
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:    $4 =  $4"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:    $5 =  $5"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:    $6 =  $6"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:    $breadcrumb =  $breadcrumb"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:"

#make the /Library/LAS folder
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: Making /Library/LAS folder."
if [ -d "/Library/LAS" ]
then
    echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: Skipped making /Library/LAS folder - already exists."
else
    mkdir /Library/LAS >/dev/null 2>/dev/null
    echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: Made /Library/LAS folder."
fi

#create the breadcrumb
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: Creating the breadcrumb."
echo "$5" > $breadcrumb 

if [ "$6" == "1" ]
then
    #run recon to pick up the breadcrumb extension attribute
    echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: Running jamf recon because $6 variable was set to '1'."
    jamf recon >/dev/null 2>/dev/null
fi

echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:   "
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: --- Finished $scriptname"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: ------------------------------------------------------"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:   "

exit 0

RLim945 · ‎01-11-2018

For Q1, we tried setting the policies to run at Enrollment, but found inconsistent results. Sometimes it takes 10 minutes for all policies to run, sometimes, 30 minutes, sometimes never. If there was a reboot before all policies were ran, it would not complete the rest of the policies. We tried adding a 2nd trigger (Login) but that wasn’t much better. We ended up using a script that could be executed in Self Service that calls for custom triggers. This gave us much more consistent results and we were able to customize the order the policies were ran. Also gave us the ability to add custom settings such as enabling management access for ARD. We’re also able to create a separate script (multiple configurations) that installs different policies depending on who the end user is.

Jamf Nation Community

Questions about DEP and using it to replace imaging.

!/bin/sh