- Jamf Nation Community
- Products
- Jamf Pro
- Script to enroll Devices. Need help with adding cr...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-10-2024 08:53 AM
I have a bit of dilemma where I need to remove Jamf Framework and enroll many devices at once.
I was thinking we can do something with a script:
#!/bin/bash
sudo jamf removeFramework
sudo jamf enroll -prompt -nopolicy
#After this is run, it would request for JSS and password.
This is where I am stuck. I understand this is a bad Security practice. But I still want to do this. I was thinking of creating a one-time account to do this push and removing the account.
With that said, my question is:
Is there a way to add the username and password inside the script so that when "sudo jamf enroll" runs, it uses the credential to bypass it?
I don't want the users to enter the credentials instead use a one-time script to run everything and complete it.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-10-2024 09:10 AM
while its a 'very bad idea' it can be done via 'expect' see
https://daniel-ellis.medium.com/shell-script-submitting-a-password-after-a-prompt-690bcf144c0e
more the questions is why are you removing framework then re-enrolling.. ? what are you trying to achive?
if you have ABM - and prestage, you could run a 'profiles renew -type enrollment' ..maybe?
Reply
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-10-2024 09:10 AM
while its a 'very bad idea' it can be done via 'expect' see
https://daniel-ellis.medium.com/shell-script-submitting-a-password-after-a-prompt-690bcf144c0e
more the questions is why are you removing framework then re-enrolling.. ? what are you trying to achive?
if you have ABM - and prestage, you could run a 'profiles renew -type enrollment' ..maybe?
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-10-2024 09:11 AM
To be honest you should test, test, and test again.
But to try and accomplish this you can do the following
#!/bin/bash
active_user=$(stat -f "%Su" /dev/console)
sudo -u $active_user /usr/local/bin/jamf removeFramework
sudo -u $active_user /usr/local/bin/jamf enroll -prompt -nopolicy
I used a variable in combination with the first command to capture the current shell user and run the commands as that user.
Could you test it and see how it goes?
Best of luck. If I reply slowly it is due to being super busy at work.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2024 09:12 AM - edited 04-10-2024 09:13 AM
@jamf-42 I agree.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-18-2024 07:06 AM
Not sure where you landed with this but there is one obvious flaw with running this
sudo jamf removeFramework
sudo jamf enroll -prompt -nopolicystep 1 - remove Jamf
step 2 - there is no Jamf to call to perform the enrollment (because you removed them in step 1).
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-31-2024 05:41 PM
haha yep I wasnt thinking... 😂
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-17-2024 05:58 AM
I thought I'd drop this here in case anyone ever stumbles across this, but did you ever think about Jamf's re-enroller?You could remove/readd the same server theoretically. https://github.com/jamf/ReEnroller
