Hey y'all, just a quick little post about how you can customize a QuickAdd package to have even more impact on enrollment.
When you grab a fresh copy of a QuickAdd package from Recon.app, you'll see that nestled inside is a script that runs called postflight.
You'll see that it installs the jamf binary appropriate for the OS build, then uses jamf createConf (from the help file, "Creates a configuration file that the jamf binary uses to find the JSS") to start communication between the client and your company's JSS. It then turns on SSH and enrolls the machine.
The fun part about this script is that once the machine can talk to the JSS you can scope policies on events, ID numbers of policies, and all sorts of fun stuff. Just to test this out, I added a few policies to a custom trigger and then threw those into the QuickAdd postflight script.
When I did this initially I started thinking about what information I would want configured for the machine before enrolling. Or at the very least, if a non-Mac colleague had to enroll a machine in this way I could rule out any issues they might miss (like setting a hostname that fits our naming convention).
So once the machine is enrolled it looks for policies that are triggered by quickadd. I only made a handful:
So the "imaging" workflow for this QuickAdd ends up being:
When you grab a fresh copy of a QuickAdd package from Recon.app, you'll see that nestled inside is a script that runs called postflight.
You'll see that it installs the jamf binary appropriate for the OS build, then uses jamf createConf (from the help file, "Creates a configuration file that the jamf binary uses to find the JSS") to start communication between the client and your company's JSS. It then turns on SSH and enrolls the machine.
The fun part about this script is that once the machine can talk to the JSS you can scope policies on events, ID numbers of policies, and all sorts of fun stuff. Just to test this out, I added a few policies to a custom trigger and then threw those into the QuickAdd postflight script.
When I did this initially I started thinking about what information I would want configured for the machine before enrolling. Or at the very least, if a non-Mac colleague had to enroll a machine in this way I could rule out any issues they might miss (like setting a hostname that fits our naming convention).
So once the machine is enrolled it looks for policies that are triggered by quickadd. I only made a handful:
- one throws cocoaDialog on the machine for prompts (you could just use jamfHelper if you really wanted to, I just like cocoaDialog)
- one that prompts for the computer name and then updates the machine's name
- another that prompts for a username associated with the computer (because my colleagues always forget to assign a user in the JSS when using Casper Imaging)
- and a dummy receipt that saves what I call the "Image Type" so that I can scope policies to a smart group that used that image (in this case it's simply called "QuickAdd")
So the "imaging" workflow for this QuickAdd ends up being:
- Copy QuickAdd from network drive or USB disk or email attachment or whatever
- QuickAdd runs policies triggered by the custom event "quickadd"
- add dummy imaging receipt to computer
- install cocoaDialog
- prompt for Computer name and then update Computer name on computer
- prompt for a username which is then stored in the inventory record on the JSS
- Recon is run to update inventory on machine
- QuickAdd runs policies triggered by the custom event "config," which is where we house all policies used for the base OS used by all Mac users at my company (see this post for how this is set up)
- "FirstBoot" script to customize OS and settings for our environment
- Bind to AD (using Computer name set above)
- install ADPassMon fork
- install patchoo
- install other software like VPN, Office Suite, drivers, etc.
- custom wallpapers, dock, etc.
- Recon runs again
- Manage runs to enforce any remaining policies
There are probably more fluid and sophisticated ways to accomplish this, but I like the fact that it is pretty easy to get a more robust enrollment experience with the QuickAdd package without having to rely solely on the "enrollment" trigger. (Maybe I'm controlling but I like to compartmentalize the policies as much as I can.)
Anyway, as you can see it's pretty easy to get more out the QuickAdd package if you want to, especially with new MacBook Pros with only one port (!!!) on the horizon.
Note: the above is provided for informational purposes and general fun Mac Admin goodness only. I don't want to throw legalese at you but do want to make it clear that I don't work for JAMF, I don't have anything to do with their software other than I like using it and it helps me do my job and make people like me. Use my guides with caution; I can't support your JSS if something goes awry. Honestly, just have fun and do what you're comfortable with. Do what's best for you and your environment.
Did you find this post useful? Leave me a tip!
💖
Did you find this post useful? Leave me a tip!
💖
Very nice work!
ReplyDeleteThanks!
ReplyDelete