Utilizing Custom Trigger Policies for Device Configuration

9d350fa2294e1192f8f12b0ebf1a1d8b?s=47 Jamf
October 24, 2018

Utilizing Custom Trigger Policies for Device Configuration

Presentation from JNUC 2018, the world's largest rally of Apple IT administrators.

Session:
Utilizing Custom Trigger Policies for Device Configuration

Presented by:
Joseph Jenkins, North Carolina State University
Lisa Davies, Verisign

View all session slides, recordings and more at https://www.jamf.com/events/jamf-nation-user-conference/2018/.

9d350fa2294e1192f8f12b0ebf1a1d8b?s=128

Jamf

October 24, 2018
Tweet

Transcript

  1. None
  2. © JAMF Software, LLC Joseph Jenkins Systems Programmer/Analyst North Carolina

    State University Libraries Lisa Davies Senior Engineer 275x275 head shot 275x275 head shot
  3. Your logo here 275 x 100 max © JAMF Software,

    LLC Intro to Custom Trigger Policies What are they? What do they do? How can they be used? Why use them?
  4. Your logo here 275 x 100 max © JAMF Software,

    LLC Triggers • Startup, Login or Logout • Network State Change • Enrollment Complete • Recurring Check-in • Custom Policy execution events
  5. Your logo here 275 x 100 max © JAMF Software,

    LLC What are they? • Unique event name • Can have multiple policies per event Ability to call a policy with custom event name
  6. Your logo here 275 x 100 max © JAMF Software,

    LLC Example - Erase & re-install macOS • User - Self re-install macOS • Technician - Prepare to re-provision Use Case
  7. Your logo here 275 x 100 max © JAMF Software,

    LLC Example - Erase & re-install macOS • Self Service • User or tech erase and install Mac OS Requirements Success • DEP setup after re-install
  8. Your logo here 275 x 100 max © JAMF Software,

    LLC Example - Erase & re-install macOS • Check for existing installer • Cache the installer • Validate cache health • Begin the erase install Basic steps
  9. Your logo here 275 x 100 max © JAMF Software,

    LLC Algorithm Start Cache installer Validate cache Check for app End Begin install Present? Healthy? Delete app Show error Y Y N N
  10. Your logo here 275 x 100 max © JAMF Software,

    LLC Implementation • 1 Smart Group • 3 Policies Piecing it together
  11. Your logo here 275 x 100 max © JAMF Software,

    LLC Smart Group • Operating System like 10.13 • AND • More than 15 GB free space Criteria for self service policy scope
  12. Your logo here 275 x 100 max © JAMF Software,

    LLC Policies • Script payload to call custom triggers Policy 1 - Self Service Policy 2 - Custom trigger - cacheHS • Cache package • Verify cache health Policy 3 - Custom trigger - installHS • Install cached package • Begin the erase and install
  13. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 1 - Code - Check for app #!/usr/bin/perl use strict; use warnings; my $appfilepath = "/Applications/Install macOS High Sierra.app"; my $cachefilepath = "/Library/Application Support/JAMF/Waiting Room/Install macOS High Sierra.dmg”; # If Applications file already exists remove it if (-e "$appfilepath") { printf "Install app already exists - removing\n"; system "rm -rf \"$appfilepath\""; }
  14. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 1 - Code - Cache Installer # Execute custom trigger policy to cache the installer #Policy Caches package #Validates package checksum with after script priority printf "Caching the Installer\n"; system "jamf policy -event cacheHS";
  15. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 1 - Code - Validate Cache #If the cache file is missing exit - as it failed to cache unless (-e "$cachefilepath") { printf "no cache - exiting\n"; #show popup message there is no cache system "jamf displayMessage \"Unable to cache OS files.\""; exit 0; }
  16. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 1 - Code - Begin Install # Begin Erase & Install #Policy installs cached package #Policy executes install command printf "Beginning the install\n"; system "jamf policy -event installHS"; exit 0;
  17. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 2 - Payload Cache package After priority script to checksum cache
  18. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 2 - Code - Checksum Cached File #!/usr/bin/perl use warnings; use strict; my $file = $ARGV[3]; my $hash = $ARGV[4]; unless ($file =~ /a-zA-Z/) { exit; } unless ($hash =~ /a-zA-Z/) { exit; } my $command = "shasum -a 512 $file | cut -d ' ' -f 1"; my $downloadhash = `$command`; chomp $downloadhash; unless ("$hash" eq "$downloadhash") { printf "hash doesn't match - removing file.\n"; unlink $file; }
  19. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 2 - Checksum Cached File Pass arguments to script
  20. Your logo here 275 x 100 max © JAMF Software,

    LLC Policy 3 - Payload /Applications/Install\ macOS\ High\ Sierra.app/ Contents/Resources/startosinstall --eraseinstall --agreetolicense --nointeraction & Install cached package Runs install command
  21. Your logo here 275 x 100 max © JAMF Software,

    LLC Custom Trigger Software Install • Install at enrollment • Install from Terminal • Install from script • Install from another policy
  22. © JAMF Software, LLC Enrollment Policy with Custom Triggers One

    enrollment policy to rule them all… • Customized installations based on defined parameters like hardware type • Set specific defaults and settings first • Then call software installs
  23. © JAMF Software, LLC Max image dimensions Enrollment Policy with

    Custom Triggers Software installs in specific order • Software installs are clustered into Config policies • There is policy inheritance between related software “stacks” • Computer name determines the software stack.
  24. © JAMF Software, LLC Enrollment Policy with Custom Triggers Software

    stacks • Software installs are clustered into Config policies • There is policy inheritance between related software “stacks” • Computer name determines the software stack.
  25. © JAMF Software, LLC Max image dimensions Enrollment Policy with

    Custom Triggers Verifying Installs • Checks for pre-defined path of app • If it exists, report success. • If it doesn’t exist, try again. • If it fails again, report critical failure.
  26. © JAMF Software, LLC Enrollment Policy with Custom Triggers Verify

    Policy Variables • Define the path to check • Give the application name • Give the application install command for failed installs
  27. © JAMF Software, LLC Max image dimensions Call a custom

    trigger via the Terminal: sudo jamf policy -trigger TriggerName Enrollment Policy with Custom Triggers
  28. Your logo here 275 x 100 max © JAMF Software,

    LLC Enrollment Policy with Custom Triggers Calling a custom trigger from another policy
  29. Your logo here 275 x 100 max © JAMF Software,

    LLC Enrollment Policy with Custom Triggers Calling a custom trigger from another policy
  30. Your logo here 275 x 100 max © JAMF Software,

    LLC Demo
  31. © JAMF Software, LLC

  32. © JAMF Software, LLC Building Software Update Policies Use a

    single script with JSS GUI variables for applications Build a template policy Copy software deployment stack script and replace install triggers with software update triggers Schedule software update policy run times. Software Updates with Custom Triggers
  33. Your logo here 275 x 100 max © JAMF Software,

    LLC Application Software Update Script Software Updates with Custom Triggers
  34. Your logo here 275 x 100 max © JAMF Software,

    LLC Application Software Update Policy Software Updates with Custom Triggers
  35. Your logo here 275 x 100 max © JAMF Software,

    LLC Software Update Device Type Check Software Updates with Custom Triggers
  36. Your logo here 275 x 100 max © JAMF Software,

    LLC Software Stack Update List Software Updates with Custom Triggers
  37. Your logo here 275 x 100 max © JAMF Software,

    LLC Primary Software Update Policy Software Updates with Custom Triggers
  38. Your logo here 275 x 100 max © JAMF Software,

    LLC Demo
  39. © JAMF Software, LLC

  40. Your logo here 275 x 100 max © JAMF Software,

    LLC Links of interest All scripts and process documentation in this presentation may be found at: https://www.jamf.com/jamf-nation/discussions/ 29146/scripts-for-use-with-custom-trigger- policies
  41. Your logo here 275 x 100 max © JAMF Software,

    LLC Questions?
  42. © JAMF Software, LL THANK YOU!