Utilizing Custom Trigger Policies for Device Configuration

Transcript

1. None

2. © JAMF Software, LLC Joseph Jenkins Systems Programmer/Analyst North Carolina

   State University Libraries Lisa Davies Senior Engineer 275x275 head shot 275x275 head shot

3. Your logo here 275 x 100 max © JAMF Software,

   LLC Intro to Custom Trigger Policies What are they? What do they do? How can they be used? Why use them?

4. Your logo here 275 x 100 max © JAMF Software,

   LLC Triggers • Startup, Login or Logout • Network State Change • Enrollment Complete • Recurring Check-in • Custom Policy execution events

5. Your logo here 275 x 100 max © JAMF Software,

   LLC What are they? • Unique event name • Can have multiple policies per event Ability to call a policy with custom event name

6. Your logo here 275 x 100 max © JAMF Software,

   LLC Example - Erase & re-install macOS • User - Self re-install macOS • Technician - Prepare to re-provision Use Case

7. Your logo here 275 x 100 max © JAMF Software,

   LLC Example - Erase & re-install macOS • Self Service • User or tech erase and install Mac OS Requirements Success • DEP setup after re-install

8. Your logo here 275 x 100 max © JAMF Software,

   LLC Example - Erase & re-install macOS • Check for existing installer • Cache the installer • Validate cache health • Begin the erase install Basic steps

9. Your logo here 275 x 100 max © JAMF Software,

   LLC Algorithm Start Cache installer Validate cache Check for app End Begin install Present? Healthy? Delete app Show error Y Y N N

10. Your logo here 275 x 100 max © JAMF Software,

    LLC Implementation • 1 Smart Group • 3 Policies Piecing it together

11. Your logo here 275 x 100 max © JAMF Software,

    LLC Smart Group • Operating System like 10.13 • AND • More than 15 GB free space Criteria for self service policy scope

12. Your logo here 275 x 100 max © JAMF Software,

    LLC Policies • Script payload to call custom triggers Policy 1 - Self Service Policy 2 - Custom trigger - cacheHS • Cache package • Verify cache health Policy 3 - Custom trigger - installHS • Install cached package • Begin the erase and install

13. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 1 - Code - Check for app #!/usr/bin/perl use strict; use warnings; my $appfilepath = "/Applications/Install macOS High Sierra.app"; my $cachefilepath = "/Library/Application Support/JAMF/Waiting Room/Install macOS High Sierra.dmg”; # If Applications file already exists remove it if (-e "$appfilepath") { printf "Install app already exists - removing\n"; system "rm -rf \"$appfilepath\""; }

14. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 1 - Code - Cache Installer # Execute custom trigger policy to cache the installer #Policy Caches package #Validates package checksum with after script priority printf "Caching the Installer\n"; system "jamf policy -event cacheHS";

15. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 1 - Code - Validate Cache #If the cache file is missing exit - as it failed to cache unless (-e "$cachefilepath") { printf "no cache - exiting\n"; #show popup message there is no cache system "jamf displayMessage \"Unable to cache OS files.\""; exit 0; }

16. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 1 - Code - Begin Install # Begin Erase & Install #Policy installs cached package #Policy executes install command printf "Beginning the install\n"; system "jamf policy -event installHS"; exit 0;

17. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 2 - Payload Cache package After priority script to checksum cache

18. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 2 - Code - Checksum Cached File #!/usr/bin/perl use warnings; use strict; my $file = $ARGV[3]; my $hash = $ARGV[4]; unless ($file =~ /a-zA-Z/) { exit; } unless ($hash =~ /a-zA-Z/) { exit; } my $command = "shasum -a 512 $file | cut -d ' ' -f 1"; my $downloadhash = `$command`; chomp $downloadhash; unless ("$hash" eq "$downloadhash") { printf "hash doesn't match - removing file.\n"; unlink $file; }

19. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 2 - Checksum Cached File Pass arguments to script

20. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 3 - Payload /Applications/Install\ macOS\ High\ Sierra.app/ Contents/Resources/startosinstall --eraseinstall --agreetolicense --nointeraction & Install cached package Runs install command

21. Your logo here 275 x 100 max © JAMF Software,

    LLC Custom Trigger Software Install • Install at enrollment • Install from Terminal • Install from script • Install from another policy

22. © JAMF Software, LLC Enrollment Policy with Custom Triggers One

    enrollment policy to rule them all… • Customized installations based on defined parameters like hardware type • Set specific defaults and settings first • Then call software installs

23. © JAMF Software, LLC Max image dimensions Enrollment Policy with

    Custom Triggers Software installs in specific order • Software installs are clustered into Config policies • There is policy inheritance between related software “stacks” • Computer name determines the software stack.

24. © JAMF Software, LLC Enrollment Policy with Custom Triggers Software

    stacks • Software installs are clustered into Config policies • There is policy inheritance between related software “stacks” • Computer name determines the software stack.

25. © JAMF Software, LLC Max image dimensions Enrollment Policy with

    Custom Triggers Verifying Installs • Checks for pre-defined path of app • If it exists, report success. • If it doesn’t exist, try again. • If it fails again, report critical failure.

26. © JAMF Software, LLC Enrollment Policy with Custom Triggers Verify

    Policy Variables • Define the path to check • Give the application name • Give the application install command for failed installs

27. © JAMF Software, LLC Max image dimensions Call a custom

    trigger via the Terminal: sudo jamf policy -trigger TriggerName Enrollment Policy with Custom Triggers

28. Your logo here 275 x 100 max © JAMF Software,

    LLC Enrollment Policy with Custom Triggers Calling a custom trigger from another policy

29. Your logo here 275 x 100 max © JAMF Software,

    LLC Enrollment Policy with Custom Triggers Calling a custom trigger from another policy

30. Your logo here 275 x 100 max © JAMF Software,

    LLC Demo

31. © JAMF Software, LLC

32. © JAMF Software, LLC Building Software Update Policies Use a

    single script with JSS GUI variables for applications Build a template policy Copy software deployment stack script and replace install triggers with software update triggers Schedule software update policy run times. Software Updates with Custom Triggers

33. Your logo here 275 x 100 max © JAMF Software,

    LLC Application Software Update Script Software Updates with Custom Triggers

34. Your logo here 275 x 100 max © JAMF Software,

    LLC Application Software Update Policy Software Updates with Custom Triggers

35. Your logo here 275 x 100 max © JAMF Software,

    LLC Software Update Device Type Check Software Updates with Custom Triggers

36. Your logo here 275 x 100 max © JAMF Software,

    LLC Software Stack Update List Software Updates with Custom Triggers

37. Your logo here 275 x 100 max © JAMF Software,

    LLC Primary Software Update Policy Software Updates with Custom Triggers

38. Your logo here 275 x 100 max © JAMF Software,

    LLC Demo

39. © JAMF Software, LLC

40. Your logo here 275 x 100 max © JAMF Software,

    LLC Links of interest All scripts and process documentation in this presentation may be found at: https://www.jamf.com/jamf-nation/discussions/ 29146/scripts-for-use-with-custom-trigger- policies

41. Your logo here 275 x 100 max © JAMF Software,

    LLC Questions?

42. © JAMF Software, LL THANK YOU!