3 weeks ago
I have a bit of dilemma where I need to remove Jamf Framework and enroll many devices at once.
I was thinking we can do something with a script:
#!/bin/bash
sudo jamf removeFramework
sudo jamf enroll -prompt -nopolicy
#After this is run, it would request for JSS and password.
This is where I am stuck. I understand this is a bad Security practice. But I still want to do this. I was thinking of creating a one-time account to do this push and removing the account.
With that said, my question is:
Is there a way to add the username and password inside the script so that when "sudo jamf enroll" runs, it uses the credential to bypass it?
I don't want the users to enter the credentials instead use a one-time script to run everything and complete it.
Solved! Go to Solution.
3 weeks ago
while its a 'very bad idea' it can be done via 'expect' see
https://daniel-ellis.medium.com/shell-script-submitting-a-password-after-a-prompt-690bcf144c0e
more the questions is why are you removing framework then re-enrolling.. ? what are you trying to achive?
if you have ABM - and prestage, you could run a 'profiles renew -type enrollment' ..maybe?
3 weeks ago
while its a 'very bad idea' it can be done via 'expect' see
https://daniel-ellis.medium.com/shell-script-submitting-a-password-after-a-prompt-690bcf144c0e
more the questions is why are you removing framework then re-enrolling.. ? what are you trying to achive?
if you have ABM - and prestage, you could run a 'profiles renew -type enrollment' ..maybe?
3 weeks ago
To be honest you should test, test, and test again.
But to try and accomplish this you can do the following
#!/bin/bash
active_user=$(stat -f "%Su" /dev/console)
sudo -u $active_user /usr/local/bin/jamf removeFramework
sudo -u $active_user /usr/local/bin/jamf enroll -prompt -nopolicy
I used a variable in combination with the first command to capture the current shell user and run the commands as that user.
Could you test it and see how it goes?
Best of luck. If I reply slowly it is due to being super busy at work.
3 weeks ago - last edited 3 weeks ago
@jamf-42 I agree.
2 weeks ago
Not sure where you landed with this but there is one obvious flaw with running this
sudo jamf removeFramework
sudo jamf enroll -prompt -nopolicy
step 1 - remove Jamf
step 2 - there is no Jamf to call to perform the enrollment (because you removed them in step 1).