updated for v1.3

Docs/Extras.md

@@ -1,5 +1,19 @@
 # Extras and Notes
 
+
+## Keyboard Shortcuts
+
+Note that the Setup Manager window does not activate to receive keystrokes automatically when running over Setup Manager. You have to click in the Setup Manager window first.
+
+| shift-control-command E | ["exit"/quit Setup Manager](#Quit), use only in emergencies as it will leave installations in an  indeterminate state |
+| command-L | open [Log window](#Logging) |
+| command-B | toggle Battery status icon in Setup Manager window |
+| command-N | toggle [Network status icon](Network.md) in Setup Manager window |
+| space | show [serial number bar code window](#scannable-serial-number-barcode) |
+| i | show "About this Mac" popup |
+| h | show "Help" popup, when present |
+| hold option key when clicking "About this Mac" | shows more info |
+
 ## Custom JSON Schema for Jamf Pro
 
 - create a new profile
@@ -23,7 +37,30 @@ The command-Q keyboard shortcut to quit the app is disabled. Use `shift-control-
 
 ## Logging
 
-Setup Manager logs to `/Library/Logs/Setup Manager.log`. While Setup Manager is running you can open a log window with command-L.
+While Setup Manager is running you can open a log window with command-L.
+
+There are two or three tabs, one for the main Setup Manager log, one showing output from `/var/log/install.log` and (Jamf Pro only) one tab showing output from `/var/log/jamf.log`. By default, these log tabs will be summarized to events relevant to the enrollment workflow. You can see the full log content by unchecking the 'Summarize' option.
+
+Note that both logs will show events that were not initiated by Setup Manager. Nevertheless, these events may be relevant to your enrollment workflow.
+
+These summarized events will also appear in the Setup Manager log tab and log file, as well as the universal log entries. Having these events in context at the time they occur in the Setup Manager log is very helpful when trouble-shooting enrollment workflows.
+
+Setup Manager logs to `/Library/Logs/Setup Manager.log`. There are four columns:
+
+- timestamp (in ISO8601)
+- log level (default, error or fault)
+- category (general, install, network, jamfpro)
+- message
+
+To clean up the main log a little, Setup Manager will only write the output of actions to the Setup Manager log file when an error occurred. You can control this behavior with a new top-level preference key `actionOutputLogging`.
+
+Setup Manager also logs to the macOS unified system log. The subsystem is `com.jamf.setupmanager`. You can use the `log` command line tool to read the log.
+
+For example:
+
+```
+sudo log show --last 30m --predicate 'subsystem="com.jamf.setupmanager"'
+```
 
 ## Debug mode
 
@@ -136,7 +173,7 @@ You can use this to scope configuration profiles and policies so that they are i
 
 ##  Running Scripts and Policies when Setup Manager finishes
 
-Generally, you want to coordinate tasks, configurations, and installations with Setup Manager actions. However, in some situations the installations might interfere with the Setup Manager workflow itself. This is most relevant with software that needs to reload the login window process, which will also kill Setup Manager.
+Generally, you want to coordinate tasks, configurations, and installations with Setup Manager actions. However, in some situations the installations might interfere with the Setup Manager workflow itself. This is most relevant with software that needs to reload the login window process, which will also kill Setup Manager. (e.g Jamf Connect Login)
 
 Setup Manager provides a LaunchDaemon which monitors the `.JamfEnrollmentSetupDone` flag file. It then launches a script or a custom Jamf Pro policy trigger. Since this LaunchDaemon runs independently from Setup Manager, so it can run installers or scripts that might quit login window or Setup Manager.
 
@@ -146,4 +183,3 @@ The finished script or custom trigger are configured in the Setup Manager config
 
 The SetupManagerFinished daemon logs its output (and the output of the policy and scripts to `/private/var/log/setupManagerFinished.log`.
 
-

Docs/FAQ.md

@@ -12,9 +12,10 @@ Yes, use the top-level `background` key and point it to a local image file or a
 
 There can be many causes for this. A few common causes are:
  
-- Jamf Pro: check that Setup Manager is added to your prestage and the package does not have the label "Availability pending" in Settings> Packages
-- Jamf Pro: do not install JamfConnect.pkg in prestage when you want to use Setup Manager. Install JamfConnect with Setup Manager instead
-- you need at least one of the 'Setup Assistant Options' in the prestage to be set to _not_ skip. Location Services or 'Choose your Look' are common choices that you generally want to leave up the user anyway. Otherwise, Setup Assistant may quit before Setup Manager can launch and do its actions.
+- you need at least one of the 'Setup Assistant Options' in the prestage to be set to _not_ skip. Location Services is a good choice that you generally want to leave up the user anyway. Otherwise, Setup Assistant may quit before Setup Manager can launch and do its actions.
+- Jamf Pro: 
+    - check that Setup Manager is added to your prestage and the package does not have the label "Availability pending" in Settings> Packages
+    - in Prestage > Enrollment Packages verify that the Distribution Point is set correctly (it resets to "none" when you remove the last enrollment package)
 
 ## Does Setup Manager require Jamf Connect
 
@@ -27,7 +28,7 @@ Setup Manager will run fine without Jamf Connect. You can even build 'single-tou
 - preinstall icon files with a custom package installer in prestage. Set the priority of the media/branding package lower than that for Setup Manager, or give the branding/media package a name that is alphabetically earlier than Setup Manager, so it installs before Setup Manager
 - use http(s) urls to the image files
     - you can host them on a web server/service that you have control over
-    - you can add the icon as an icon for a Self Service policy in Jamf and then copy the url to the icon once uploaded
+    - you can add the icon to a Self Service policy in Jamf and then copy the url to the icon once uploaded
 
 
 ## What is happening during "Getting Ready" and "Finishing"?
@@ -44,17 +45,27 @@ The "Getting Ready" phase prepares some steps and waits for all essential Jamf P
 
 Note that you can see the individual steps and the timing for each step in the [Setup Manager log file](Extras.md#logging)].
 
-Once Jamf Pro's enrollment workflow is complete, Setup Manager runs a full update inventory/recon. In general, if the recon takes a long time, you should review the inventory collection settings. Calculating home directory sizes and gathering fonts can take a lot of time and CPU power, and speed up things significantly when turned off, not just during enrollment with Setup Manager.  You should also review extension attributes, for whether they are used and how long each one runs.
+Once Jamf Pro's enrollment workflow is complete, Setup Manager runs a full update inventory/recon. In general, if the recon takes a long time, you should review the inventory collection settings. Calculating home directory sizes and gathering fonts can take a lot of time and CPU power, and speed up things significantly when turned off, not just during enrollment with Setup Manager.  You should also review extension attributes, for how long each one runs.
 
 Mac App Store/VPP and Jamf App Installer apps that are scoped to the computer will also begin installing _immediately_ after enrollment. Since macOS will only perform one installation at a time, these might delay the installation of essential Jamf Pro components. You can create smart groups to defer these installations.
 
+With Setup Manager 1.3 and higher, you can check whether apps are getting installed before Setup Manager starts the actions in the Setup Manager log.
 
 
 ## Can I set the wallpaper/desktop picture or dock with Setup Manager?
 
 The settings for the dock and wallpaper/desktop picture are _user_ settings. Since the user account usually does not yet exist when Setup Manager runs, you cannot affect those settings.
 
-What you can do is run a script at login which sets the desktop (using [desktoppr](https://github.com/scriptingosx/desktoppr) ) or the dock (using [dockutil](https://github.com/kcrawford/dockutil) or a similar tool). You can use the [Jamf Pro login trigger](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Login_Events.html) for this, or create a custom LaunchAgent or use [outset](https://github.com/macadmins/outset/)
+What you can do is run a script at login which sets the desktop (using [desktoppr](https://github.com/scriptingosx/desktoppr) ) or the dock (using [dockutil](https://github.com/kcrawford/dockutil) or a similar tool).
+
+## If Setup Manager cannot do it, how can I run scripts at first login
+
+There are several options:
+
+- custom launch agent
+- [outset](https://github.com/macadmins/outset/)
+- Jamf Pro: [Self Service macOS Onboarding](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/macOS_Onboarding.html)
+- Jamf Pro: [policy with a login trigger](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Login_Events.html)
 
 ## Can Setup Manager run at first login, rather than right after enrollment?
 
@@ -69,3 +80,28 @@ With Jamf Pro, you should consider [macOS Onboarding in Self Service](https://le
 ## Installer or Policy Script is failing with access errors
 
 For some policy scripts or installers it may be necessary to give the Setup Manager app Full Disk Access or some other exemptions with a PPPC Profile. 
+
+## Installomator actions are all failing
+
+The log shows exit code 4, which means the download was rejected.
+
+Installomator uses Gatekeeper to verify the downloads. When Gatekeeper is set to allow Mac App Store apps only it will reject all third party apps and installers and the verification will fail.
+
+## Can I set Installomator variables?
+
+Yes. The `installomator` action has an `arguments` key, which takes an array strings, one for each argument. With this, you can override variables in Installomator.
+
+Example: 
+
+```xml
+<dict>
+  <key>label</key>
+  <string>Example App</string>
+  <key>installomator</key>
+  <string>example</string>
+  <key>arguments</key>
+  <array>
+    <string>downloadURL=https://example.com/alternativeURL</string>
+  </array>
+</dict>
+```

Docs/JamfPro-QuickStart.md

@@ -47,12 +47,12 @@ You can add more actions here. There are more types of actions available, you ca
 
 ## Scoping and Prestage
 
-- Scope the configuration profile to the computers you want to run Setup Manager on
+- scope the configuration profile to the computers you want to run Setup Manager on
 - create a new Prestage or duplicate an existing one
-- Add the Setup Manager pkg and the configuration profile to the Prestage
-- if you have JamfConnect.pkg in the Prestage, remove it. You can later add an action to install JamfConnect using Setup Manager.
+- add the Setup Manager pkg and the configuration profile to the Prestage
+- when installing and using Jamf Connect Login, ensure you have the latest version
 - ensure that 'Automatically advance through Setup Assitant' is _disabled_
-- Have at least one Setup Assistant option _disabled_ (so that _is_ displayed)
+- have at least one Setup Assistant option which shows before user creation _disabled_ (so that _is_ displayed), we recommend the Location Services or Terms and Conditions pane
 - ensure your test Mac(s) is (are) assigned to the Prestage
 
 ## Wipe the Test Mac
@@ -66,5 +66,5 @@ You can add more actions here. There are more types of actions available, you ca
 
 - add more [actions](../ConfigurationProfile.md#actions) to Setup Manager, you can use more Jamf Pro policies, Installomator labels, or shell actions
 - automate computer naming with a [computer name template key](../ConfigurationProfile.md#computerNameTemplate)
-- add [a `help` section](../ConfigurationProfile.md#help) to let the user know what is going on
-- ideally automated deployments shouldn't require manual entry, but if necessary, you can configure a [user entry](../ConfigurationProfile.md#user-entry) section in the profile
+- optionally, add [a `help` section](../ConfigurationProfile.md#help) to let the user know what is going on
+- ideally automated deployments shouldn't require manual data entry, but if necessary, you can configure a [user entry](../ConfigurationProfile.md#user-entry) section in the profile

Docs/Network.md

@@ -2,9 +2,14 @@
 
 Setup Manager can display the current network status in the top right corner of the main window.
 
-By default, the icon will only appear when the network is _not_ active, or when Network Relay is configured. You can always toggle the visibility of the network status icon with command-N.
+By default, the icon will only appear when 
+- there is no network connection
+- Network Relay is configured
+- the `networkCheck` array is present in the profile
 
-The icon will show the network "globe" icon when the network is connected, the icon with a slash when it is disconnected, and the icon with a shield when it is connected and Network Relay is configured.
+You can always manually toggle the visibility of the network status icon with command-N.
+
+The icon will show the network "globe" icon when the network is connected, the icon with a slash when it is disconnected, and the icon with a small shield when it is connected and Network Relay is configured.
 
 You can click on the icon for more detailed information:
 - network connection name
@@ -64,4 +69,12 @@ Example:
 </array>
 ```
 
+## Network Change logging
 
+Setup Manager 1.3 adds logging for changes to network interfaces. It is possible that there will multiple entries in the log with regards to the same network change. Most changes logged will be neutral and should not affect your deployment negatively.
+
+However, it is possible that changes to the network configuration of a device can influence the deployment workflow. Changes to network or Wi-Fi configurations and other network or security tools might disrupt the network connectivity during enrollment. This might interrupt or cancel downloads.
+
+For example, when a configuration profile with the access information for a secure corporate Wifi is installed on the device, then the download access to required resources might change. Another example are security tools that might lead to restricted access for downloads (Installomator uses `curl` to download data, which might trigger security tools.) 
+
+Checking the log for network changes or outages during enrollment can be useful for troubleshooting.