Help

Script to enroll Devices. Need help with adding credentials

Go to solution
sudoErase
New Contributor III

3 weeks ago

I have a bit of dilemma where I need to remove Jamf Framework and enroll many devices at once.

 

I was thinking we can do something with a script:
#!/bin/bash

sudo jamf removeFramework

sudo jamf enroll -prompt -nopolicy

 

#After this is run, it would request for JSS and password.

 

 

This is where I am stuck. I understand this is a bad Security practice. But I still want to do this. I was thinking of creating a one-time account to do this push and removing the account.

With that said, my question is:

Is there a way to add the username and password inside the script so that when "sudo jamf enroll" runs, it uses the credential to bypass it?

 I don't want the users to enter the credentials instead use a one-time script to run everything and complete it.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
jamf-42
Valued Contributor II

3 weeks ago

while its a 'very bad idea' it can be done via 'expect'  see 

https://daniel-ellis.medium.com/shell-script-submitting-a-password-after-a-prompt-690bcf144c0e

more the questions is why are you removing framework then re-enrolling.. ? what are you trying to achive?

if you have ABM - and prestage, you could run a 'profiles renew -type enrollment'  ..maybe?

View solution in original post

4 REPLIES 4

Go to solution
jamf-42
Valued Contributor II

3 weeks ago

while its a 'very bad idea' it can be done via 'expect'  see 

https://daniel-ellis.medium.com/shell-script-submitting-a-password-after-a-prompt-690bcf144c0e

more the questions is why are you removing framework then re-enrolling.. ? what are you trying to achive?

if you have ABM - and prestage, you could run a 'profiles renew -type enrollment'  ..maybe?

Go to solution
dvasquez
Valued Contributor

3 weeks ago

To be honest you should test, test, and test again. 

But to try and accomplish this you can do the following

#!/bin/bash

active_user=$(stat -f "%Su" /dev/console) 

sudo -u $active_user /usr/local/bin/jamf removeFramework

sudo -u $active_user /usr/local/bin/jamf enroll -prompt -nopolicy

I used a variable in combination with the first command to capture the current shell user and run the commands as that user.

Could you test it and see how it goes?

Best of luck. If I reply slowly it is due to being super busy at work. 

 

0 Kudos

Go to solution
dvasquez
Valued Contributor

3 weeks ago - last edited 3 weeks ago

@jamf-42 I agree.

0 Kudos

Go to solution
easyedc
Valued Contributor II

2 weeks ago

Not sure where you landed with this but there is one obvious flaw with running this

sudo jamf removeFramework
sudo jamf enroll -prompt -nopolicy

 step 1 - remove Jamf

step 2 - there is no Jamf to call to perform the enrollment (because you removed them in step 1).

0 Kudos