-
Notifications
You must be signed in to change notification settings - Fork 0
/
depScript.sh
178 lines (147 loc) · 6.09 KB
/
depScript.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
#!/bin/bash
##################################################
# ABOUT: Provisioning Script
# DESCRIPTION: Provisions Computer through JAMF
# NOTES: Created by Bryan Feuling
##################################################
# Wait for dock befor executing the rest of the script
# This prevents the script from executing before the
# setup assistant is finished
while true; do
myUser=`whoami`
dockcheck=`ps -ef | grep [/]System/Library/CoreServices/Dock.app/Contents/MacOS/Dock`
echo "Waiting for file as: ${myUser}"
sudo echo "Waiting for file as: ${myUser}" >> /var/log/jamf.log
echo "regenerating dockcheck as ${dockcheck}."
if [ ! -z "${dockcheck}" ]; then
echo "Dockcheck is ${dockcheck}, breaking."
break
fi
sleep 1
done
# Global variables
LoggedInUser=$(/usr/libexec/PlistBuddy -c "print :dsAttrTypeStandard\:RealName:0" /dev/stdin <<< "$(dscl -plist . -read /Users/$(stat -f%Su /dev/console) RealName)")
HelpDesk=""
CompanyName=""
ProvisioningNetwork=""
# Generic JAMFHelper screen with Screen Lock to prevent users from
# quitting out of JAMFHelper
function LockScreen() {
"/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfhelper" \
-windowType "fs" \
-heading "Congratulations ${LoggedInUser}" \
-description "Your Mac is being customized.
This may take up to 30 minutes, depending on your network speed.
Please call Central Help Desk at ${HelpDesk} if you need assistance." \
-icon /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/com.apple.macbook-retina-space-gray.icns \
-iconSize "256" \
-alignDescription "center" \
-alignHeading "center" &
sudo /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/MacOS/LockScreen -session 256
}
# Makes a Plist that allows for a local copy of information for
# later querying
function ProvisionEA() {
sudo mkdir /usr/local/
sudo chmod 777 /usr/local/
sudo /usr/libexec/PlistBuddy -c "add :Status string Not Provisioned" -c "add :ProvisioningScript string 0.0.0" /usr/local/com.${CompanyName}.provisioned.plist &&
$(LockScreen)
# Grant System Pane Preferences permissions
sudo /usr/bin/security authorizationdb write system.preferences allow
# Grant Printing Pane permissions
sudo /usr/bin/security authorizationdb write system.preferences.printing allow
sudo /usr/bin/security authorizationdb write system.print.operator allow
sudo /usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin
sudo /usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group _lpadmin
# Grant Network Pane permissions
sudo /usr/bin/security authorizationdb write system.preferences.network allow
sudo /usr/bin/security authorizationdb write system.services.systemconfiguration.network allow
}
# Adds to Plist for queriable information
function SetProvision() {
sudo /usr/libexec/PlistBuddy -c "Set :ProvisioningScript 2.0.0" -c "Set :Status Provisioned" /usr/local/com.${CompanyName}.provisioned.plist
}
# Changes computer name for device
function CompName() {
CompType=$(/usr/sbin/system_profiler SPHardwareDataType | grep "Model Name")
SerialNumber=$(/usr/sbin/system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')
if [[ "${CompType}" == *"MacBook"* ]]; then
ComputerName="L${SerialNumber}"
else
ComputerName="D${SerialNumber}"
fi
/usr/sbin/scutil --set ComputerName "${ComputerName}"
/usr/sbin/scutil --set LocalHostName "${ComputerName}"
/usr/sbin/scutil --set HostName "${ComputerName}"
/usr/bin/defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName "${ComputerName}"
}
# JAMF API Password can be passed from JAMF Policy execution
JSSAPIpass="${4}"
# Update JAMF EA if needed
function APICall() {
jssURL=""
serial=$(/usr/sbin/system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')
jssAPIUser=""
jssAPIPass=""
curl -X PUT -H "Accept: application/xml" -H "Content-type: application/xml" -k -u "${jssAPIUser}:${jssAPIPass}" -d "<computer><extension_attributes><attribute><name>${1}</name><value>${2}</value></attribute></extension_attributes></computer>" "${jssURL}"/computers/serialnumber/"${serial}"
}
function Recon() {
sudo /usr/local/bin/jamf recon
}
# JAMFHelper function allows for repeated use of JAMFHelper
# for provisioning process
function JAMFHelper() {
windowType="fs"
windowPostion="ul"
alignDescription="center"
alignHeading="center"
jhHeading="${2}"
jhDescription="Your Mac is being customized.
This may take up to 30 minutes, depending on your network speed.
Please call Central Help Desk at <number> if you need assistance."
"/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfhelper" \
-windowType "$windowType" \
-heading "$jhHeading" \
-description "$jhDescription" \
-icon "${3}" \
-iconSize "${4}" \
-alignDescription "$alignDescription" \
-alignHeading "$alignHeading" &
jamf policy -trigger "${1}"
}
echo "Running ProvisionEA Function"
ProvisionEA &
echo "ProvisionEA function ran"
echo "Computer Name changing"
CompName &&
echo "Computer name changed"
# Running recon here allows JAMF to register computer name change
echo "Running Recon"
Recon &&
echo "Recon ran"
# Copy the following command for each provisioning policy needed
echo <Logging of following command>
JAMFHelper <Policy Call> <Desired JAMF Helper Message> <Desired Picture/Icon> <Icon Size> &&
echo <Logging of previous command>
# Local record of provision completion and version of provisioning script run
echo "Setting Provision plist"
SetProvision &&
echo "Provision Plist set"
# If EA upadte needed, use the following API Call
echo "Running API Calls"
APICall <EA Name> <EA Information> &&
echo "API calls ran"
# Remove provisioning network, if different than production network
echo "Removing <network>"
sudo networksetup -removepreferredwirelessnetwork ${ProvisioningNetwork}
echo "<network> removed"
# Final Recon policy
echo "Running recon Policy"
Recon
echo "Recon policy ran"
# Kill all JAMFHelper and the LockScreen
sudo /usr/bin/killall jamfhelper
sudo /usr/bin/killall LockScreen
# Final Policy
JAMFHelper <Policy Call> <Desired JAMF Helper Message> <Desired Picture/Icon> <Icon Size>
exit 0