-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathComputer_Enrollment_LaunchAgent.sh
More file actions
170 lines (137 loc) · 5.93 KB
/
Computer_Enrollment_LaunchAgent.sh
File metadata and controls
170 lines (137 loc) · 5.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
#!/bin/bash
# You will want to customize this script for your environment starting at line 132.
# Everything from 132 down is just an example from my environment.
# Variables
# Set these for your environment
jamfHelperHeading='My Org'
jamfHelperIconPath='/Library/Application\ Support/MyOrg/Logo.png'
launchAgentName='org.my.jamfHelperSplashScreen'
# You probably don't need to change these
launchAgentPath="/Library/LaunchAgents/${launchAgentName}.plist"
jamfHelperPath='/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper'
# Functions
startSplashScreen () {
# Check for user not logged in
if [[ -z "$loggedInUser" ]]; then
# Remove existing LaunchAgent
if [[ -f ${launchAgentPath} ]]; then
rm ${launchAgentPath}
fi
# Write LaunchAgent to load jamfHelper script
defaults write ${launchAgentPath} KeepAlive -bool true
defaults write ${launchAgentPath} Label ${launchAgentName}
defaults write ${launchAgentPath} LimitLoadToSessionType "LoginWindow"
defaults write ${launchAgentPath} ProgramArguments -array-add "$jamfHelperPath"
defaults write ${launchAgentPath} ProgramArguments -array-add "-windowType"
defaults write ${launchAgentPath} ProgramArguments -array-add "fs"
defaults write ${launchAgentPath} ProgramArguments -array-add "-heading"
defaults write ${launchAgentPath} ProgramArguments -array-add "$jamfHelperHeading"
defaults write ${launchAgentPath} ProgramArguments -array-add "-description"
defaults write ${launchAgentPath} ProgramArguments -array-add "$message"
defaults write ${launchAgentPath} ProgramArguments -array-add "-icon"
defaults write ${launchAgentPath} ProgramArguments -array-add "$jamfHelperIconPath"
defaults write ${launchAgentPath} RunAtLoad -bool true
chown root:wheel ${launchAgentPath}
chmod 644 ${launchAgentPath}
echo "Created Launch Agent to run jamfHelper"
# Kill/restart the loginwindow process to load the LaunchAgent
echo "Ready to lock screen. Restarting loginwindow..."
if [[ ${osversMajor} -eq 10 && ${osversMinor} -le 14 ]]; then
killall -HUP loginwindow
fi
if [[ ${osversMajor} -eq 10 && ${osversMinor} -ge 15 ]]; then
launchctl kickstart -k system/com.apple.loginwindow # kickstarting the login window works but is slower and results in a runaway SecurityAgent process in macOS 10.15
sleep 0.5
killall -HUP SecurityAgent # kill the runaway SecurityAgent process
fi
if [[ ${osversMajor} -ge 11 ]]; then
launchctl kickstart -k system/com.apple.loginwindow
fi
fi
}
killSplashScreen () {
# Remove existing LaunchAgent and restart login window
if [[ -f ${launchAgentPath} ]]; then
echo "Removing LaunchAgent located at ${launchAgentPath}"
rm ${launchAgentPath}
fi
echo "Restarting loginwindow..."
killall loginwindow
}
removeLaunchAgentAtReboot () {
# Create a self-destructing LaunchDaemon to remove our LaunchAgent at next startup
if [[ -f ${launchAgentPath} ]]; then
launchDaemonName="${launchAgentName}.remove"
launchDaemonPath="/Library/LaunchDaemons/${launchDaemonName}.plist"
defaults write ${launchDaemonPath} Label "${launchDaemonName}"
defaults write ${launchDaemonPath} ProgramArguments -array-add "rm"
defaults write ${launchDaemonPath} ProgramArguments -array-add "${launchAgentPath}"
defaults write ${launchDaemonPath} ProgramArguments -array-add "${launchDaemonPath}"
defaults write ${launchDaemonPath} RunAtLoad -bool true
chown root:wheel ${launchDaemonPath}
chmod 644 ${launchDaemonPath}
echo "Created Launch Daemon to remove ${launchAgentPath}"
fi
}
# Start script
osversMajor=$(sw_vers -productVersion | awk -F. '{print $1}')
osversMinor=$(sw_vers -productVersion | awk -F. '{print $2}')
# Only proceed if macOS version is 10.13 or higer
if [[ ${osversMajor} -eq 10 && ${osversMinor} -le 12 ]]; then
echo "macOS version ${osversMajor}.${osversMinor} not supported."
exit 0
fi
# Get currently logged in user
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
# Wait for _mbsetupuser to not be logged in (used by Apple for setup screens)
while [[ $loggedInUser = "_mbsetupuser" ]]
do
sleep 5
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
#echo "Waiting for _mbsetupuser"
done
# Check for logged in user and exit if true
if [[ -n "$loggedInUser" ]]; then
echo "$loggedInUser is logged in. Exiting..."
exit 0
fi
message="Starting Final Setup..."
startSplashScreen
# Keep this Mac from dozing off
caffeinate -d -i -s -t 7200 &
# Prevent Jamf check-in policies from running until next reboot
launchctl unload /Library/LaunchDaemons/com.jamfsoftware.task.1.plist
launchctl unload /Library/LaunchDaemons/com.jamfsoftware.jamf.daemon.plist
# Run Jamf enrollment policies (custom these as needed for your environment)
# When you want to change the jamfHeper message, set the message variable and run startSplashScreen
# Either run killSplashScreen at the end of your script or use removeLaunchAgentAtReboot if you will be restarting the computer
# Set computer name / join AD
jamf policy -event enrollment_02
# Enable SSH
jamf policy -event enrollment_03
# Set Energy Saver
jamf policy -event enrollment_04
message="Installing Canon Print Drivers..."
startSplashScreen
jamf policy -event enrollment_05
message="Installing HP Print Drivers..."
startSplashScreen
jamf policy -event enrollment_06
message="Installing Microsoft Office..."
startSplashScreen
jamf policy -event enrollment_07
# Update inventory to avoid running unneccessary startup policies
message="Updating Inventory..."
startSplashScreen
jamf recon
# Run Jamf startup policies
message="Checking Policies..."
startSplashScreen
jamf policy -event startup
# Cleanup (anything you might want to do before starting software updates and/or restarting the computer)
jamf policy -event enrollment_15
removeLaunchAgentAtReboot
# Check for software updates and reboot
message="Checking Software Updates..."
startSplashScreen
jamf policy -event enrollment_20