Questions about DEP and using it to replace imaging.

jakeobie
New Contributor II

Hey all,

We've been using JAMF for the last few years, but have stuck with deploying large images instead of workflow-based deployment. Recently, I've been testing package deployment and love it (using JAMF Imaging and an unbooted-OS made by AutoDMG).

However, we're now looking into utilizing our DEP. I have some questions, however:

1) From what I understand, DEP will enroll the computer during the setup assistant phase, and then we can set up policies to run "On Enrollment" (hopefully specifically PreStage Enrollment). Those policies will install all our required packages. Does that sound like the proper procedure to install various packages on a new computer?

2) If that is the case, how will we do configuration profiles to set up our various settings? I don't see an option to only apple the profiles to pre-stage enrolled copmuters, and I don't want to simply scope it to a huge pool of all computers as we don't want to affect computers already deployed. Maybe put configuration profiles into packages? Or, if I enable only deploying to newly assigned devices?

3) Right now, we name computers based on naming convention that requires some manual input. How would this be done? Maybe a script that prompts for the name of the computer?

Thanks for the assistance. I'm probably missing something basic in some of this, but I'd really like to get at least towards package deployment if not full DEP integration.

9 REPLIES 9

gachowski
Valued Contributor II
  1. Yep, though on some .pkg not build to Apple guidelines you may have to jump through some hoops
  2. You can set a smart group based on the Jamf Pro ID so only the new DEP imaged machines get the profiles.
  3. Yep script should get this done something with scutil --set HostName $ scutil --set ComputerName $ scutil --set LocalHostName $

C

blheureux
New Contributor II

For Question #2, one option would be to set up a Smart Computer Group with criteria: "Enrollment Method: Prestage Enrollment" is <Prestage Enrollment Name>.

Look
Valued Contributor III

You have an asset register of computer names based on serial number?
We gave ours a read only API interface so the machines can pull their own name from it and rename themselves using a script.

ibrahim_senyer
New Contributor III

Q1 : yes that is the way how it works. Q2: If your configuration profiles set for all computers then it will be installed automatically(if ur dep and jss has set up properly), if they are targeting specific groups then you need to use composer to create packages for config profiles. Q3: Yes you need to use script.

jakeobie
New Contributor II

The only complaint I have is that managing a policy that has 10+ packages in it is slow and cumbersome. While using imaging, I can use JAMF admin to quickly add packages to a workflow and it takes no time at all. Using the JAMF web interface to set up packages within a policy is not near as efficient.

There's no better way to do that, right?

Wakko
Contributor II

A word of caution I would be careful with creating a smart group with "Enrollment Method: Prestage Enrollment" is <Prestage Enrollment Name>. At any point, support might ask you delete the PreStage, if that happens then game over profiles will uninstall. I would recommend creating smart groups based on other criteria. Department, Building, etc, etc, etc. I'm just saying ........ be careful with a smart group like that.

ibrahim_senyer
New Contributor III

If you really want easier way then you can use script to rename during enrolment with special prefix.

!/bin/sh

jamf setComputerName -useSerialNumber -prefix 'XYZ-'

hostname=jamf getComputerName | cut -c 16-30
localhostname=jamf getComputerName | cut -c 16-30

/usr/sbin/scutil --set HostName $hostname
/usr/sbin/scutil --set LocalHostName $localhostname

exit=0

so the computername will be XYZ-whateverisserial
and you can smartgroup them

lindisfarne
New Contributor

Question 2: I use breadcrumbs (write a file to our management folder on the machine) to achieve similar things. I then use extension attributes to read those breadcrumbs and create smart groups for scoping. Works really well. There's probably other ways to do the same thing.

Here's an example of the script I use to create breadcrumbs. We set $4 to the breadcrumb name, $5 to the breadcrumb contents, which will be the value of the extension attribute, and $6 to "1" if we want to run recon after we create the breadcrumb.

Cheers,
Gavin

#!/bin/bash

#log the output of the script to the jamf.log for easy viewing
logfile=/var/log/jamf.log;
exec >> $logfile 2>&1;




#------------------------------     
#-------BEGIN VARIABLES--------
#------------------------------ 

scriptname="breadcrumb_custom.sh";
breadcrumb="/Library/LAS/breadcrumb_$4.txt";

#------------------------------     
#-------END VARIABLES----------
#------------------------------



echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:   "
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: ------------------------------------------------------"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: --- Starting $scriptname"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:   "
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: Script variables:" 
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:    $4 =  $4"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:    $5 =  $5"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:    $6 =  $6"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:    $breadcrumb =  $breadcrumb"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:"

#make the /Library/LAS folder
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: Making /Library/LAS folder."
if [ -d "/Library/LAS" ]
then
    echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: Skipped making /Library/LAS folder - already exists."
else
    mkdir /Library/LAS >/dev/null 2>/dev/null
    echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: Made /Library/LAS folder."
fi

#create the breadcrumb
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: Creating the breadcrumb."
echo "$5" > $breadcrumb 

if [ "$6" == "1" ]
then
    #run recon to pick up the breadcrumb extension attribute
    echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: Running jamf recon because $6 variable was set to '1'."
    jamf recon >/dev/null 2>/dev/null
fi

echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:   "
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: --- Finished $scriptname"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]: ------------------------------------------------------"
echo "`date +"%a %b %d %X"` `hostname` jamf[script-$scriptname]:   "

exit 0

RLim945
New Contributor III

For Q1, we tried setting the policies to run at Enrollment, but found inconsistent results. Sometimes it takes 10 minutes for all policies to run, sometimes, 30 minutes, sometimes never. If there was a reboot before all policies were ran, it would not complete the rest of the policies. We tried adding a 2nd trigger (Login) but that wasn’t much better. We ended up using a script that could be executed in Self Service that calls for custom triggers. This gave us much more consistent results and we were able to customize the order the policies were ran. Also gave us the ability to add custom settings such as enabling management access for ARD. We’re also able to create a separate script (multiple configurations) that installs different policies depending on who the end user is.