Sharing our One-to-One roll out scripts and processes

GabeShack
Valued Contributor II

Hey All,
We just had a successful roll out of a one-to-one with MacBook Airs and I wanted to share some of what really worked for us.

We started with imaging, which we use DEPNotify to prompt to name the computer and then run the installs for base software. (We asked Apple to setup our order but they had so many issues and delays that we canceled their setup and ended up setting up close to 2000 on our own using labs and our office, along with 100 Belkin ethernet adapters, and we ended up being able to image from 200-300 a day ).

Our base system has Chrome, Firefox, Cisco Umbrella, Zoom, Adobe Creative Cloud (just the desktop app) and Microsoft Office Pro installer. I also install DockUtil and Desktopr to set each desktop and dock as they logged in. The last prep work I did was create a ton of TCC profiles to allow my various scripts and applescripts to work:
b2b88b170c3349009d3d873278c56e8a

We then had handouts where we kept all the machines on wired connections for the first login (still binding, dont ask) and left the Apple ID, Touch ID and Cloud Documents features turned on in the prestage with managed apple ids so we can use Apple Classroom with the teachers able to work with the students machines who are in their classrooms.

Once students log in my script would open safari to our classlink login page, tell the keyboard to type the name of the logged in user, then open Safari's extension tab so students can check the checkbox next to the classlink extension, then it would open word that would be prefilled with the students email address (which is based on their login username just with our domain after it) then it would open zoom (and this one I left to the students to fully enter their own full email because they should at lest do it once right?) and then it opened the creative cloud desktop app and would type their username then the @ sign then our domain, then would hit enter, then tab through all the settings until it got to Company or School account, then hit enter again, and would wait there until the student typed their password in.

So essentially this just filled in usernames and email addresses for the students the first time they logged in.

Attached are the scripts I used. Hoping maybe this could help someone else:
OpenSafari to Classlink and then openExtension

#!/bin/bash 
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
dockStatus=$(pgrep -x Dock)

echo "Waiting for Desktop..."

while [[ "$dockStatus" == "" ]]
do
  echo "Desktop is not loaded. Waiting."
  sleep 5
  dockStatus=$(pgrep -x Dock)
done

sleep 5
echo "$currentUser has successfully logged on! The Dock appaears to be loaded with PID $dockStatus."
sleep 5
sudo -u $currentUser open http://yourlinkhere.com

sudo -u $currentUser osascript <<EOF 
tell application "Safari"

    activate

    delay 3

    tell application "System Events"

        keystroke "$currentUser"

    end tell

end tell


tell application "Safari" to activate

delay 4

tell application "System Events" to tell process "Safari"

    keystroke "," using command down

        tell window 1
        click button "Extensions" of toolbar 1
        activate "Extensions"
        keystroke return

    end tell
end tell
EOF

Open Word and Preset their Login
(Total shoutout to @pbowden for the help with this bit of scripting!)

#!/bin/bash 
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
domain=$"@yourdomainhere"
sudo -u $currentUser defaults write com.microsoft.office OfficeActivationEmailAddress -string "$currentUser$domain"
sleep 2
sudo -u $currentUser open "/Applications/Microsoft Word.app"

exit 0

OpenZoom

#!/bin/bash 
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
sudo -u $currentUser open "/Applications/zoom.us.app/"
exit 0

Open Creative Cloud Desktop App and auto login

#!/bin/bash 
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}') 

sudo -u $currentUser open "/Applications/Utilities/Adobe Creative Cloud/ACC/Creative Cloud.app"/

sudo -u $currentUser osascript <<EOF 
tell application "Creative Cloud"

    activate

    delay 3

    tell application "System Events"

        keystroke "$currentUser"
        delay .5
        keystroke "@yourdomainhere"
        delay 1
        keystroke return
        delay 2
        keystroke tab
        delay .5
        keystroke tab
        delay .5
        keystroke tab
        delay .5
        keystroke tab
        delay .5
        keystroke return

    end tell

end tell
EOF

Assign Username to record

#!/bin/sh
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
sleep 15
jamf recon -endUsername $currentUser
exit 0

All in all the login process took under 10 min for each student to login and setup and it took a little over a week to hand out at our high school and about the same for our middle school

Again this all worked so well, I figured I'd share it. Of course every now and then the script would have a timing error or would miss a step, so I also added it to self service to re run if it failed originally. But for some reason when re running it from self service, it didn't like the AppleScript commands that typed things out and I never figured out how to make a TCC for that self service re-run part. But it just meant that they would have to type more for those few occasions which was no big deal.

Anyway, stay healthy everyone!

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools
1 ACCEPTED SOLUTION

GabeShack
Valued Contributor II

@rhooper The script I linked to above is a pretty good starting point and lets you edit all of those features @mm2270 listed above. I actually got Apple to approve its use during their set up on a part of our order based on the fact that JAMF wrote that particular script. Lots of good customizable options. My hope is eventually Apple and Jamf will give us the ability to name devices again before the enrollment process so we can not have to worry about these silly issues (like they already do on iPads, so I'm sure the Apple Silicon might change this issue as well).
Attached again here in case you missed it earlier:https://github.com/jamf/DEPNotify-Starter/blob/master/depNotify.sh

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools

View solution in original post

6 REPLIES 6

rhooper
Contributor III

WOW, I have not heard of DEPNotify until now. Am I reading correctly that it prompts to name the computer? So does that mean John Doe's MacBook Air and not just John's MacBook Air (which there are many John's at our school? Can it name them according to a convention, like "MBA" instead of "MacBook Air"? Can it prompt for a building location like, Oklahoma High School or Oklahoma Middle School?
I am really intrigued by this opportunity this may provide in the near future.
We use ASM, will DEPNotify still work for us?
Please send me links or locations to see what this can really do. Already looking at YouTube videos. This could be a game-changer for us

GabeShack
Valued Contributor II

@rhooper I put the one installer for DEPNotify in the prestage packages so then during login I can call the script. It does require that someone logs in to do the naming. Since we set all our computers up for the staff and students, our tech department did all the prework with an admin account ahead of time. I set the DEPNotify script to set a Device Name and Asset Tag Number.

60a67d5ca3264e8abad4d787fc78bc88

7980139bd3bf4b35841c680200fabab3

12dece98b2dc4d549afffc7fcb1d954c

To download the installer:https://files.nomad.menu/DEPNotify.pkg
The script to start DEPNotify is here: https://github.com/jamf/DEPNotify-Starter/blob/master/depNotify.sh

Hope this helps!
Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools

mm2270
Legendary Contributor II

@rhooper DEPNotify can be configured to provide some drop down menus to choose options for the device, such as a building location, which can be captured and used as part of the final computer name if desired. It's all configured through a plist file that you can create at the time of enrollment with a script that holds the options you want to present.
And yes, it will work fine with ASM or ABM. There's no real difference between them as far as the DEPNotify program is concerned.

Just to note, DEPNotify is not the only game in town for this stuff, as there are some other more complex and more customizable programs out there that can do these things too. But DEPNotify is, I would say, the easiest of all of them for people new to the process to get their head around and configure successfully. There are also several nice existing scripts to get you started on configuring/using it (including some from folks at Jamf), which you can use as a jumping off point and customize from there if needed.

GabeShack
Valued Contributor II

@rhooper The script I linked to above is a pretty good starting point and lets you edit all of those features @mm2270 listed above. I actually got Apple to approve its use during their set up on a part of our order based on the fact that JAMF wrote that particular script. Lots of good customizable options. My hope is eventually Apple and Jamf will give us the ability to name devices again before the enrollment process so we can not have to worry about these silly issues (like they already do on iPads, so I'm sure the Apple Silicon might change this issue as well).
Attached again here in case you missed it earlier:https://github.com/jamf/DEPNotify-Starter/blob/master/depNotify.sh

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools

View solution in original post

rhooper
Contributor III

Thanks @gshackney and @mm2270 This helps me a lot. We have 9 different buildings and at the moment I am having to use JAMF MUT for School Buildiong, name, and a few other things... But this could cut out a load of work and streamline it quite a bit.
Thanks for the fast responses.

mickgrant
Contributor

I also use DEPNotify for my setups, but I have automated the renaming of devices based on a CSV file that's stored in google drive (you can also host it yourself if you want) and its worked flawlessly for me this year rolling out 500 new MacBooks and iMacs.
https://www.macblog.org/post/automatically-renaming-computers-from-a-google-sheet-with-jamf-pro/

We also have a guest user on our devices, which caused an issue with teachers apple classroom usage, where they couldn't identify which student was doing what, as each computer is identified by their logged-in user. I wrote this little script that changes the "RealName" of the guest account to match the computers hostName with all dashes removed.
allowing them to identify Computers based on stickers on the back of the screen

#!/bin/bash

# Written - Michael Grant on 17/9/19
#script to change the guest users "RealName" from the default to the computers Hostname
#this will allow guest users computers to be identifiable within Apple Classroom

#finds the Computers hostname
myHost=$(hostname -s)

#changed guest Users RealName to the computers hostname with all "-"s removed
dscl . change /Users/guest RealName "Guest User" "${myHost//-}"

exit 0