Setup Your Mac – Using enrollmentComplete
I was recently asked by Dan Snelson https://snelson.us, the creator of the Setup Your Mac script for Jamf Pro, to document my custom method of leveraging Jamf Pro’s enrollmentComplete
trigger to run the Setup Your Mac script without the need of a Pre-Stage package.
There have been various reports in the past of the enrollmentComplete
trigger being unreliable, however I have had zero issues with 100+ endpoints using this method.
I believe this may have to do with the fact that I use a very small WaitForDock script as my enrollmentComplete
policy and use that as a shim to call the much larger main Setup Your Mac script, but I don’t have definitive proof… YMMV.
Initial Considerations
This method is not compatible with the Setup Your Mac’s requiredMinimumBuild
and outdatedOsAction
functions. It is also probably not compatible with any of the restart
options in the main Setup Your Mac script.
For those cases you would most likely be much better off checking out the Setup Your Mac Pre-Stage package method from Rob J Schroeder, which can be found at his blog TechItOut.
How to use the WaitForDock script
In Jamf Pro I have two main policies for Setup Your Mac:
- Provisioning – Setup Your Mac
- Script:
SetupYourMac.sh
- Scope: All Computers
- Custom Trigger:
setupYourMac
- Frequency: Ongoing
- Script:
- Provisioning – Wait For Dock
- Script:
SetupYourMac-WaitForDock.sh
- Parameter 4:
/var/log/org.myOrg.log
- Parameter 5:
setupYourMac
- Parameter 4:
- Scope: All Computers
- Trigger:
enrollmentComplete
- Frequency: Once Per Computer
- Script:
TODO: Images of policies.
The Provisioning – Wait For Dock script accepts two parameters.
The first, parameter 4 in Jamf Pro, determines where the log events are stored on disk and should match parameter 4 from your main Setup Your Mac script.
The second, parameter 5 in Jamf Pro, should match what you set the custom trigger to for your main Setup Your Mac policy, in my case this is set to setupYourMac
.
The benefit of using parameters is you can use a single instance of the WaitForDock script for multiple policies, EX: A production and testing policy. All you would need to change is the parameters and scoping.
The Setup Your Mac – Wait for dock script can be found at the following link: Github, or it is provided in the code block below.
SetupYourMac_WaitForDock.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
#!/bin/bash #################################################################################################### # # Setup Your Mac - Wait For Dock # This script adds an additional wait for the Dock process # that runs before the main SYM Policy / Script, this has alleviated # issues with the enrollmentComplete trigger for my org. # #################################################################################################### # # HISTORY # # Version 2.0, 22-Jan-2024, Andrew Clark (@drtaru) # - Full rewrite # - Add logging # - Add policy parameters for policy trigger # #################################################################################################### scriptVersion="2.0" export PATH=/usr/bin:/bin:/usr/sbin:/sbin scriptLog="${4:-"/var/log/org.myOrg.log"}" # Parameter 4: Script Log Location [ /var/log/org.company.log ] ( This sould match what is set in your Setup Your Mac policy / script ) policyTrigger="${5}" # Parameter 5: Policy Trigger [ This should match the custom trigger set for your main Setup Your Mac policy in Jamf Pro, leave blank if this script is in the same policy as your setupYourMac policy **Not Recommended** ) #################################################################################################### # # Pre-flight Checks # #################################################################################################### # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Pre-flight Check: Client-side Logging # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # if [[ ! -f "${scriptLog}" ]]; then touch "${scriptLog}" fi # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Pre-flight Check: Client-side Script Logging Function # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # function updateScriptLog() { echo -e "$( date +%Y-%m-%d\ %H:%M:%S ) - ${1}" | tee -a "${scriptLog}" } # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Pre-flight Check: Logging Preamble # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # updateScriptLog "\n\n###\n# Setup Your Mac - Wait For Dock (${scriptVersion})\n###\n" updateScriptLog "Wait For Dock: Initiating …" #################################################################################################### # # Main Script # #################################################################################################### # Check for Dock process dockStatus=$(pgrep -x Dock) updateScriptLog "Wait For Dock: Waiting for Dock" try=1 if [ "$dockStatus" == "" ]; then updateScriptLog "Wait For Dock: Dock process not running. Waiting..." while [ "$dockStatus" == "" ]; do sleep 2 # Check for Dock Process (( try++ )) dockStatus=$(pgrep -x Dock) done tries=$((try * 2)) updateScriptLog "Wait For Dock: Dock process running. Waited for $tries seconds." else updateScriptLog "Wait For Dock: Dock process already running. Continuing..." fi # Run Setup Your Mac custom trigger if [ -n $policyTrigger ]; then updateScriptLog "Wait For Dock: Running Setup Your Mac custom policy trigger $policyTrigger..." /usr/local/bin/jamf policy -event $policyTrigger else exit 0 fi |
Once you have both policies in place with the requisite parameters and scoping, simply enroll a Mac and make sure the Setup Your Mac window kicks off as expected. You can see what the WaitForDock script did and how long it waited by checking the log file specified in parameter 4. The output should look something like this:
org.myOrg.log
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
2024-01-23 10:29:56 - ### # Setup Your Mac - Wait For Dock (2.0) ### 2024-01-23 10:29:56 - Wait For Dock: Initiating... 2024-01-23 10:29:56 - Wait For Dock: Waiting for Dock 2024-01-23 10:29:56 - Wait For Dock: Dock process not running. Waiting... 2024-01-23 13:31:49 - Wait For Dock: Dock process running. Waited for 104 seconds. 2024-01-23 13:31:49 - Wait For Dock: Running Setup Your Mac custom policy trigger setupYourMacTEST... 2024-01-23 13:32:02 - ### # Setup Your Mac (1.13.0) # https://snelson.us/sym ### 2024-01-23 13:32:02 - PRE-FLIGHT CHECK: Initiating... |
Final Thoughts
As stated above this method has worked cleanly and without issue for my current fleet of ~100 Macbook Pros. I am confident that it should work for you as well as long as you have taken everything in the considerations section above into account.
If you have any additional questions, feel free to ask in the #setup-your-mac
channel on the MacAdmins Slack.