jamf/Setup-Manager
1
0
Fork 0
mirror of https://github.com/jamf/Setup-Manager.git synced 2026-02-03 14:13:24 +00:00
Code Issues 37 Actions Packages Projects Releases Wiki Activity

Compare commits

base: jamf:v0.9.1-306
Branches Tags
jamf:main jamf:beta
jamf:v1.4.2 jamf:v1.4.1 jamf:v1.4 jamf:v1.4beta2 jamf:v1.4beta jamf:v1.3.1 jamf:v1.3 jamf:v1.3beta jamf:v1.2.2 jamf:v1.2.1 jamf:v1.2 jamf:v1.2beta3 jamf:v1.2beta2 jamf:v1.2beta jamf:v1.1.1 jamf:v1.1 jamf:v1.1beta jamf:v1.0 jamf:v1.0rc jamf:v0.9.1-306
...
compare: jamf:v1.3.1
Branches Tags
jamf:main jamf:beta
jamf:v1.4.2 jamf:v1.4.1 jamf:v1.4 jamf:v1.4beta2 jamf:v1.4beta jamf:v1.3.1 jamf:v1.3 jamf:v1.3beta jamf:v1.2.2 jamf:v1.2.1 jamf:v1.2 jamf:v1.2beta3 jamf:v1.2beta2 jamf:v1.2beta jamf:v1.1.1 jamf:v1.1 jamf:v1.1beta jamf:v1.0 jamf:v1.0rc jamf:v0.9.1-306

44 Commits
v0.9.1-306 ... v1.3.1

Author SHA1 Message Date
Armin Briegel
fb4d6c84e0 v1.3.1 2025-07-18 08:23:58 +02:00
Armin Briegel
d647234e37 fixed links 2025-07-08 10:13:44 +02:00
Armin Briegel
dd25148186 Merge branch 'beta' 2025-07-08 10:06:42 +02:00
Armin Briegel
552f8e7fc1 updated for v1.3 2025-07-08 10:03:20 +02:00
Armin Briegel
290c68cfe2 documentation updates 2025-05-28 13:32:15 +02:00
Armin Briegel
44f4c4513c minor fixes for 1.3beta 2025-05-27 16:03:22 +02:00
Armin Briegel
29489d9b6f updated for v1.3beta 2025-05-27 16:00:06 +02:00
Armin Briegel
9368026e74 updated for v1.2.2 2025-04-17 09:00:40 +02:00
Armin Briegel
3f6198a30f v1.2.1 2025-04-02 16:34:19 +02:00
Armin Briegel
9ea8e84f6b updated changelog for 1.2 2025-03-17 15:58:07 +01:00
Armin Briegel
407d7f32dc updated for v1.2beta3 2025-03-05 14:12:35 +01:00
Armin Briegel
89d9033c15 Merge branch 'main' into beta 2025-02-27 09:06:00 +01:00
Armin Briegel
996058a776 updated license 2025-02-27 09:05:40 +01:00
Armin Briegel
2f3bdaa93d added important notice to WebHook.md 2025-02-26 17:31:57 +01:00
Armin Briegel
d9ec69df04 v1.2beta2 2025-02-26 16:21:39 +01:00
Armin Briegel
0eb0916a2f updated for v1.2beta 2025-02-13 16:43:46 +01:00
Armin Briegel
c5d5798f4e Merge branch 'main' of github.com:Jamf-Concepts/Setup-Manager 2025-02-03 09:13:35 +01:00
Daniel MacLaughlin
97f11bab6b Fixed Custom Schema Links (#82) 
* fixed links for custom schema and some minor typos

* fixed links for custom schema and some minor typos
 2025-02-03 13:22:30 +11:00
Armin Briegel
675469b197 updated for v1.1.1 2025-01-28 14:05:26 +01:00
Armin Briegel
d3cec3276e fixed wrong path, closes #67 2025-01-14 16:22:46 +01:00
Armin Briegel
6645a7a926 removed extraneous separator 2025-01-14 08:33:35 +01:00
Armin Briegel
d1d7b1f569 Formatting fixes 2025-01-14 08:32:32 +01:00
Armin Briegel
960c06c5a5 Update JamfSchool-Setup with new instructions 2025-01-14 08:29:15 +01:00
Armin Briegel
c2fcc38faf various doc fixes, closes #57 2024-11-25 10:35:09 +01:00
Armin Briegel
d71f2ca6f1 fixed broken link 2024-10-29 15:04:25 +01:00
Armin Briegel
8623f85487 v1.1 2024-10-29 13:39:17 +01:00
Armin Briegel
e3d908747a updated waitForUserEntry docs 2024-09-10 09:15:58 +02:00
Armin Briegel
52ee0e0e2a Update ChangeLog.md 2024-09-09 16:00:54 +02:00
Armin Briegel
0e4961a42a updated docs for 1.1beta 2024-09-09 15:55:00 +02:00
Armin Briegel
4aabab6033 updated ReadMe 2024-08-29 10:04:44 +02:00
Armin Briegel
475f8e013a updated ReadMe 2024-08-29 09:59:45 +02:00
Anthony Reimer
08b36bf6ed Fix minor formatting error in ConfigurationProfile.md 
In totalDownloadBytes, the information about the parameters for the value appears on the same line as the header, unlike the rest of the document. This commit fixes that formatting (ever the editor…).
 2024-07-24 14:05:35 -06:00
Armin Briegel
246372c4a4 Merge pr #10 2024-07-08 09:18:35 +02:00
Elliot Jordan
dc233bb393 Use $appPath variable and quote whoami output 2024-07-05 14:16:24 -07:00
Elliot Jordan
f68ce643da plutil -convert xml1 2024-07-05 14:16:08 -07:00
Elliot Jordan
44742d97c9 Remove unreferenced screenshot 2024-07-05 14:15:58 -07:00
Elliot Jordan
7c509ccc60 Various spelling and formatting fixes for markdown files 2024-07-05 14:15:46 -07:00
Armin Briegel
6ea7365dc0 v1.0 2024-07-01 12:51:02 +02:00
Armin Briegel
640672b945 added .gitignore 2024-07-01 12:47:18 +02:00
macnotes
035796c035 Create LICENCE.md 2024-06-19 08:29:25 -04:00
Armin Briegel
a3fc803faf updated for 1.0RC 2024-06-12 09:38:27 +02:00
macnotes
f8271f95a8 Use issues and conversations for feedback. 2024-05-24 13:04:43 -04:00
macnotes
76c4be53ee Explicit links 2024-05-21 11:28:29 -04:00
macnotes
8a69128b6a Update README.md 2024-05-21 11:10:51 -04:00
22 changed files with 2001 additions and 425 deletions
Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.DS_Store

312
ChangeLog.md
View File

@@ -1,5 +1,311 @@
# Setup Manager - Change Log
## 1.3.1
(2025-07-17)
- updates to Polish localization
- improvements to launch process at login window
- logs macOS version at launch
- email addresses and urls in markdown text are not active links any more
- documentation updates and clarifications
## 1.3
(2025-07-08)
Notes added since 1.3beta are marked with '(release)'
### New Features
- Logging
- log output format has been cleaned up
- Install log and Jamf Pro log (when available) can now be viewed in the Log window (#78, #130)
- now also logs to macOS unified logging
- new top-level default key to control action output logging
- Network Monitoring
- changes to network interfaces are now logged, see the Notes section for details (#15)
- network status can be shown in the top-right corner of the Setup Manager window
- new flag file `/private/var/db/.JamfSetupStarted`, which is created when Setup Manager starts. You can use this to scope Mac App Store apps and Jamf App Installers, which prevents these apps from installing early in the enrollment, slowing down the Jamf Pro configuration
- added [a specific webhook to send a message to Slack](Docs/Webhooks.md#slack) (#104)
- two new defaults keys `finishedScript` and `finishedTrigger` allow to run custom behavior when Setup Manager has finished
- new option `none` for `finalAction` (#115)
- (release) Polish localization (Thanks to @bsojka)
### Fixes and Improvements
- Jamf Pro: improved monitoring for Jamf Pro to complete its setup after enrollment
- webhook log entries correctly show status
- added `-skipAppUpdates` option to list of options for Jamf Pro policy actions, this should avoid some false "error 57" reports
- Jamf Pro policy will trigger 'Recurring Check-in' policies on empty string value
- (release) added name for macOS Tahoe 26
- (release) minor localization and UI fixes
- (release) disabled some undesirable keyboard shortcuts (#125)
- (release) arguments in `installomator` actions are now processed correctly
- (release) output to log is flushed immediately to avoid truncation on restart/shutdown (#129)
- (release) MDM Server address shown in extended "About this Mac" (#127)
### Deprecations and Removals
- (1.3) the minimum macOS requirement for Setup Manager is now macOS 13.5
- (1.2) `showBothButtons` option removed and non-functional, there will always be just one final action button displayed
- the method for providing localized texts in the configuration profile changed in version 1.1. The previous method (by appending the two letter language code to the key) is considered deprecated. It will continue to work for the time being but will be removed in a future release. It is _strongly_ recommended to change to the [new dictionary-based solution](ConfigurationProfile.md#localization)
### Notes
#### Logging
The format of the Setup Manager log file (in `/Library/Logs/Setup Manager.log`) has changed. The new format should be easier to read and parse with other tools. There are four columns:
- timestamp (in ISO8601)
- log level (default, error or fault)
- category (general, install, network, jamfpro)
- message
Setup Manager 1.3 also logs to the macOS unified system log. The subsystem is `com.jamf.setupmanager`. You can use the `log` command line tool to read the log.
For example:
```
sudo log show --last 30m --predicate 'subsystem="com.jamf.setupmanager"'
```
To clean up the log a little, Setup Manager 1.3 will only write the output of actions to the Setup Manager log file when an error occurred. You can control this behavior with a new top-level preference key `actionOutputLogging`.
#### Installation and Jamf Pro logs and summaries
The Log window (open with command-L) gained a new "Install" tab, which shows the system's installation log file (`/var/log/install.log`). When enrolling with Jamf Pro, there is another new "Jamf" tab, which shows the Jamf log (`/var/log/jamf.log`). By default, the Log window will be summarized to events relevant to the enrollment workflow. You can see the full log content by unchecking the 'Summarize' option.
Note that both logs will show events that were not initiated by Setup Manager. Nevertheless, these events may be relevant to your enrollment workflow.
These summarized events will also appear in the Setup Manager log tab and file, as well as the universal log entries. Having these events in context at the time they occur in the Setup Manager log is very helpful when trouble-shooting enrollment workflows.
#### Network change logging
Setup Manager 1.3 adds logging for changes to network interfaces. It is possible that there will multiple entries in the log with regards to the same network change. Most changes logged will be neutral and should not affect your deployment negatively.
However, it is possible that changes to the network configuration of a device can influence the deployment workflow. For example, when a configuration profile with the access information for a secure corporate Wifi is installed on the device, then the download access to required resources might change. Another example are security tools that might lead to restricted access for downloads (Installomator uses `curl` to download data, which might trigger security tools.)
Checking the log for network changes or outages during enrollment can be useful for troubleshooting.
#### Network Status icon/menu
Network status can also show with a new icon in the top-right corner of the Setup Manager window.
Note that Network Relay will only protect traffic to certain configured servers and services, not all traffic.
By default, the network icon will _not_ be shown. You can activate it manually with the command-N keystroke.
When you click on the Network status icon, a popup will show:
- the current active network interface
- IPv4 and IPv6 addresses
- download and upload bandwidth (will take a while to appear)
- Network Relay hosts (when network relay profile is present)
- list of additional custom hosts, configured in the profile
Note that the connectivity check is quite basic and might not catch all functionality that is required for a service to work. It should provide an indication whether a service is reachable, but deeper trouble-shooting and monitoring might be required for reliable diagnostics.
Seen["Network Connectivity"](Docs/Network.md) for more detail.
#### Finished Script and Trigger
Setup Manager now includes functionality to launch a script or Jamf Pro custom policy trigger in a separate process when the main Setup Manager process is finished. This is useful for installations that might unexpectedly restart the computer or the context that Setup Manager is running in (most commonly, Setup Manager is running at login window, which the Jamf Connect installer will kill).
There are two keys relevant for this: `finishedScript` and `finishedTrigger`.
See ["Running Scripts and Policies when Setup Manager finishes"](Docs/Extras.md#running-scripts-and-policies-when-setup-manager-finishes) for detail.
## v1.3beta
(2025-05-27)
### New Features
- Logging
- log output format has been cleaned up
- Install log and Jamf Pro log (when available) can now be viewed in the Log window (#78)
- now also logs to macOS unified logging
- new top-level default key to control action output logging
- Network Monitoring
- changes to network interfaces are now logged, see the Notes section for details (#15)
- network status can be shown in the top-right corner of the Setup Manager window
- new flag file `/private/var/db/.JamfSetupStarted`, which is created when Setup Manager starts
- added [a specific webhook to send a message to Slack](Docs/WebHooks.md#Slack) (#104)
- two new defaults keys `finishedScript` and `finishedTrigger` allow to run custom behavior when Setup Manager has finished
- new option `none` for `finalAction` (#115)
### Fixes and Improvements
- Jamf Pro: improved monitoring for Jamf Pro to complete its setup after enrollment
- webhook log entries correctly show status
- added `-skipAppUpdates` option to list of options for Jamf Pro policy actions
- Jamf Pro policy will trigger 'Recurring Check-in' policies on empty string value
### Deprecations and Removals
- (1.3) the minimum macOS requirement for Setup Manager is now macOS 13.5
- (1.2) `showBothButtons` option removed and non-functional, there will always be just one final action button displayed
- the method for providing localized texts in the configuration profile changed in version 1.1. The previous method (by appending the two letter language code to the key) is considered deprecated. It will continue to work for the time being but will be removed in a future release. It is _strongly_ recommended to change to the [new dictionary-based solution](ConfigurationProfile.md#localization)
## v1.2.2
(2025-04-17)
- signed a helper script that could lead to unexpected background item prompts
- disabled command-W keystroke
- fixed a stall in `waitForUserEntry` with Jamf School
- fixed link to computer record in Teams message (#110)
- minor documentation fixes
## v1.2.1
(2025-04-02)
- updated included Installomator script to [v10.8](https://github.com/Installomator/Installomator/releases/tag/v10.8)
- now tries for 15 seconds to reload local `background` image file (#105), this should help in situations where the image file is installed after Setup Manager
- improved monitoring of Jamf Pro enrollment process and completion during the "Getting Ready" phase
- minor documentation fixes (#106)
## v1.2.2
(2025-04-17)
- signed a helper script that could lead to unexpected background item prompts
- disabled command-W keystroke
- fixed a stall in `waitForUserEntry` with Jamf School
- fixed link to computer record in Teams message (#110)
- minor documentation fixes
## v1.2.1
(2025-04-02)
- updated included Installomator script to [v10.8](https://github.com/Installomator/Installomator/releases/tag/v10.8)
- now tries for 15 seconds to reload local `background` image file (#105), this should help in situations where the image file is installed after Setup Manager
- improved monitoring of Jamf Pro enrollment process and completion during the "Getting Ready" phase
- minor documentation fixes (#106)
v1.2
(2025-03-17)
### New Features
- Setup Manager can send [webhooks](Docs/Webhooks.md) on start and finish, (#70)
- (beta2) added [a specific webhook to send a message to Microsoft Teams](Docs/WebHooks.md#Microsoft-Teams)
- User Entry:
- `email`, `endUsername`, `realname`, `position` and `phone` fields added. These will be submitted to Jamf Pro when Setup Manager finishes and during a `waitForUserEntry` action
- you can set custom and localized labels for user entry fields in the profile with a `label` key
- [User Data file](Docs/Extras.md#user-data-file) now contains a list of enrollmentActions
- added 'restart' option to ['finalAction'](ConfigurationProfile.md#finalAction) (#38, #58)
- [icon sources](ConfigurationProfile.md#icon-source) and [`accentColor`](ConfigurationProfile.md#accentColor) can now have [a dark mode alternative defined in the profile](ConfigurationProfile.md#dark-mode) (#61)
- hitting the space bar while Setup Manager is the Active window will open a window with a scannable barcode of the serial number
- `message` and help:`message` now interpret [markdown formatting](ConfigurationProfile.md#markdown) (#46)
### Fixes and Improvements
- (beta3 and release) return key connected to final action and save buttons (#93)
- (beta3) added an `event` field to standard webhook data, (#94)
- (beta3) "facts" in Teams message are no longer in random order
- (beta3) improved reliablity of running at login window (#77)
- (beta2) an empty `userEntry` dictionary in the profile no longer chokes the UI (#85)
- (beta2) MDM check more resilient to certain profile configs (#87)
- (beta2) the `name` field in WebHook data was shortened from `SetupManagerFinished` and `SetupManagerStarted` to `Finished` and `Started`
- (beta2) early log entry when debug mode is enabled
- icon for `waitForUserEntry` can be changed from the profile
- shell actions correctly show success or failure, depending on their exit code#39)
- Jamf Pro policy actions show success or failure in most situations. Note that there are many things a policy can potentially do. Not all failures are caught. This registers failed pkg installations and policy scripts that return a non-zero exit code, which should cover most situations. Note also, these checks will only work on macOS 13 and higher. On macOS 12, Jamf policies will always be reported as success.
- read enrollment actions data from profile after user-initiated enrollments more reliably
- now tries for 15 seconds to reload images with local file paths, this should help in situations were the resources file are installed after Setup Manager
- many other fixes and improvements
- updated included Installomator to 10.7
- user data file will contain the enrollment user when the `userID` key is set
- battery warning threshold is now different for Intel (%50) and Apple silicon (%20) Macs. This matches Apple's warnings before applying software updates
### Deprecations and Removals
- the minimum macOS requirement for Setup Manager will be raised to macOS 13 soon
- `showBothButtons` option removed and non-functional, there will always be just one final action button displayed
- the method for providing localized texts in the configuration profile changed in version 1.1. The previous method (by appending the two letter language code to the key) is considered deprecated. It will continue to work for the time being but will be removed in a future release. It is _strongly_ recommended to change to the [new dictionary-based solution](ConfigurationProfile.md#localization).
### Beta Features
Even though we are confident that the release is overall stable and ready to be used in production, we believe this feature may require more testing. When, after thorough testing in your environment, you conclude this works for your workflow, please let us know about success or any issues you might encounter.
- Setup Manager can now run over Login Window, instead of immediately after installation. This also allows Setup Manager to work with AutoAdvance. Use [the new `runAt` key](ConfigurationProfile.md#runAt) in the profile to determine when Setup Manager runs
## v1.1.1
(2025-01-28)
- updated included Installomator script to [v10.7](https://github.com/Installomator/Installomator/releases/tag/v10.7)
## v1.1
(2024-10-23)
### New Features
- new action [`waitForUserEntry`](ConfigurationProfile.md#wait-for-user-entry) which allows for two-phase installation workflows in Jamf Pro. When Setup Manager reaches this action it will wait for the user entry to save the data entry, then it will run a recon/Update Inventory. Policy actions that follow this, can then be scoped to data from the user entry. (Jamf-Concepts/Setup-Manager#11)
- data from user entry is now written to a file when Setup Manager submits data. See details in [User Entry](Docs/Extras.md#user-data-file) (Jamf-Concepts/Setup-Manager#9)
- use token substitution in the `title`, `message`, and action `label` values (as well as `computerNameTemplate`)
- token substitution can extract center characters with `:=n`
- localization of custom text in the configuration profile has been simplified. The previous method still works, but is considered deprecated. [Details in the documentation](ConfigurationProfile.md#localization). The [plist and profile example files](Examples) have been updated.
### Fixes and improvements
1.1beta:
- icons using `symbol:` that end in `.app` now work properly
- Elapsed time is shown in "About this Mac…" Start time is shown with option key.
- svg and pdf images used for `icon`s should now work
- general fixes in user entry setup
- improved rendering in Help View (Jamf-Concepts/Setup-Manager#12)
- fixes to json schema
- improved and updated documentation
- included Installomator script updated to [v10.6](https://github.com/Installomator/Installomator/releases/v10.6)
- added Setup Manager version and macOS version and build to tracking ping
- fixed UI glitch in macOS Sequoia
1.1 release:
- documentation updates and fixes (Jamf-Concepts/Setup-Manager#35, Jamf-Concepts/Setup-Manager#44, Jamf-Concepts/Setup-Manager#48, Jamf-Concepts/Setup-Manager#51)
- custom `accentColor` now works correctly with SF Symbol icons (Jamf-Concepts/Setup-Manager#41)
- setting a `placeholder` no longer overrides a `default` in `userEntry` (Jamf-Concepts/Setup-Manager#43)
- more UI updates
- Hebrew localization
### Beta features
Even though we are confident that the 1.1 release is overall stable and ready to be used in production, we believe this feature may require more testing. When, after thorough testing in your environment, you conclude this works for your workflow, please let us know about success or any issues you might encounter.
- Setup Manager can now run over Login Window, instead of immediately after installation. This also allows Setup Manager to work with AutoAdvance. Use [the new `runAt` key](ConfigurationProfile.md#runAt) in the profile to determine when Setup Manager runs (Jamf-Concepts/Setup-Manager#18)
### Deprecations
These features are marked for removal in a future release:
- localized labels and text by adding the two-letter language code to key. Switch to [localization with dictionaries](ConfigurationProfile.md#localization).
- `showBothButtons` key and functionality
## v1.1beta
(2024-09-09)
### New Features
- new action [`waitForUserEntry`](ConfigurationProfile.md#waitforuserentry) which allows for two-phase installation workflows in Jamf Pro. When Setup Manager reaches this action it will wait for the user entry to save the data entry, then it will run a recon/Update Inventory. Policy actions that follow this, can then be scoped to data from the user entry. (#11)
- Setup Manager can now run over Login Window, instead of immediately after installation. This also allows Setup Manager to work with AutoAdvance. Use the new `runAt` key in the profile to determine when Setup Manager runs (#18)
- data from user entry, is now written to a file when Setup Manager submits data. See details in [User Entry](Extras.md#user-data-file) (#9)
- use token substitution in the `title`, `message`, and action `label` values (as well as `computerNameTemplate`)
- token substitution can extract center characters with `:=n`
- localization in the configuration profile has been simplified. The previous method still works, but is considered deprecated. [Details](ConfigurationProfile.md#localization)
### Fixes and improvements
- icons using `symbol:` that end in `.app` now work properly
- Elapsed time is shown in "About this Mac…" Start time is shown with option key
- svg and pdf images used for `icon`s should now work
- general fixes in user entry setup
- improved rendering in Help View (#12)
- fixes to json schema
- improved and updated documentation
- included Installomator script updated to [v10.6](https://github.com/Installomator/Installomator/releases/v10.6)
- added Setup Manager version and macOS version and build to tracking ping
- fixed UI glitch in macOS Sequoia
## v1.0
(2024-07-01)
- updated to new Jamf Concepts Use Agreement
- updated German and Swedish localizations
- added name for macOS 15
- new `hideActionLabels` and `hideDebugLabel` keys
- 'Jamf ID' is now only visible in the extended 'About this Mac' View (reachable when holding the option key)
- messaging when Setup Manager is launched in user space or with missing configuration
- UI tweaks
## v1.0RC
(2024-03-11)
@@ -58,8 +364,8 @@
- main `icon` now properly displays wide aspect images
- watchPath actions time faster in DEBUG mode
- unloads Jamf Pro background check-in during workflow
- About this Mac…
- downloand speed (measured with `networkQuality`) and esitmated download time
- About this Mac…
- Download speed (measured with `networkQuality`) and estimated download time
- Jamf Pro version
- new preference keys (see [config profile documentation for details](ConfigurationProfile.md))
- `accentColor`
@@ -81,7 +387,7 @@
- added macOS Sonoma to list of known macOS releases
- added documentation for Jamf School
- added changelog and some more updates to documentation
- computer name can now be generated wihtout UI from a template
- computer name can now be generated without UI from a template
- added slight scale animation and edge fade to action list
- user entry fields can now be validated with a regular expression and localized message
- battery widget now display correctly on Macs without a battery

636
ConfigurationProfile.md
View File

File diff suppressed because it is too large Load Diff

185
Docs/Extras.md Normal file
View File

@@ -0,0 +1,185 @@
# Extras and Notes
## Keyboard Shortcuts
Note that the Setup Manager window does not activate to receive keystrokes automatically when running over Setup Manager. You have to click in the Setup Manager window first.
| shift-control-command E | ["exit"/quit Setup Manager](#Quit), use only in emergencies as it will leave installations in an indeterminate state |
| command-L | open [Log window](#Logging) |
| command-B | toggle Battery status icon in Setup Manager window |
| command-N | toggle [Network status icon](Network.md) in Setup Manager window |
| space | show [serial number bar code window](#scannable-serial-number-barcode) |
| i | show "About this Mac" popup |
| h | show "Help" popup, when present |
| hold option key when clicking "About this Mac" | shows more info |
## Custom JSON Schema for Jamf Pro
- create a new profile
- go to Application & Custom Settings
- select Jamf Applications
- click the + Add button
- in the Jamf Application Domain popup select com.jamf.setupmanager
- for the version select the version of Setup Manager you are using
- for the Variant, select Setup Manager.json
- fill in your fields!
The custom schema does not contain all keys and options available in the [configuration profile](../ConfigurationProfile.md). Specifically, the `wait` action and the option to [localize values](../ConfigurationProfile.md#localization) are not available.
When you reach the limits of the custom schema, use the XML it generates as a starting to building a custom XML.
Note that the custom schema can become confused when you switch between enrollment action types and you will need to clean up extra empty fields.
## Quit
The command-Q keyboard shortcut to quit the app is disabled. Use `shift-control-command-E` instead. This should only be used when debugging and troubleshooting, as it will leave the client in an undetermined state when installations are aborted.
## Logging
While Setup Manager is running you can open a log window with command-L.
There are two or three tabs, one for the main Setup Manager log, one showing output from `/var/log/install.log` and (Jamf Pro only) one tab showing output from `/var/log/jamf.log`. By default, these log tabs will be summarized to events relevant to the enrollment workflow. You can see the full log content by unchecking the 'Summarize' option.
Note that both logs will show events that were not initiated by Setup Manager. Nevertheless, these events may be relevant to your enrollment workflow.
These summarized events will also appear in the Setup Manager log tab and log file, as well as the universal log entries. Having these events in context at the time they occur in the Setup Manager log is very helpful when trouble-shooting enrollment workflows.
Setup Manager logs to `/Library/Logs/Setup Manager.log`. There are four columns:
- timestamp (in ISO8601)
- log level (default, error or fault)
- category (general, install, network, jamfpro)
- message
To clean up the main log a little, Setup Manager will only write the output of actions to the Setup Manager log file when an error occurred. You can control this behavior with a new top-level preference key `actionOutputLogging`.
Setup Manager also logs to the macOS unified system log. The subsystem is `com.jamf.setupmanager`. You can use the `log` command line tool to read the log.
For example:
```
sudo log show --last 30m --predicate 'subsystem="com.jamf.setupmanager"'
```
## Debug mode
When you set the `DEBUG` key to `true` in the profile or locally with the `defaults` command Setup Manager will not perform any tasks that actually perform installations or otherwise change the system. When in DEBUG mode, Setup Manager will also read settings from the local settings (i.e. `~/Library/Preferences/com.jamf.setupmanager.plist`) which simplifies iterating through different settings. If you want to run Setup Manager on an unmanaged Mac, you may need to provide a `simulateMDM` key with a value of either `Jamf Pro` or `Jamf School`.
You may also need to remember to remove the [flag file](#flag-file) before launching Setup Manager.
You will also be able launch the app as the user, by double-clicking the app in `/Applications/Utilities`. This is useful to test the look and feel of your custom icons, text and localization. When you use this to create screen shots for documentation, also note the `overrideSerialNumber` and `hideDebugLabel` keys.
For testing, you can also re-launch Setup Manager from the command line as root with `sudo "/Applications/Utilities/Setup Manager.app/Contents/MacOS/Setup Manager"`
## Flag file
Setup Manager creates a flag file at `/private/var/db/.JamfSetupEnrollmentDone` when it finishes.
If this file exists when Setup Manager launches, the app will terminate immediately without taking any action. You can use this flag file in an extension attribute in Jamf to determine whether the enrollment steps were performed. (Setup Manager does not care if the actions were performed successfully.)
When `DEBUG` is set to `true` in the defaults/configuration profile, the flag file is ignored at launch, but may still be created when done.
In Jamf Pro, you can create an Extension Attribute named "Setup Manager Done" with the script code:
```sh
if [ -f "/private/var/db/.JamfSetupEnrollmentDone" ]; then
echo "<result>done</result>"
else
echo "<result>incomplete</result>"
fi
```
And then create a Smart Group named "Setup Manager Done" with the criteria `"Setup Manager Done" is "done"`. This can be very useful for scoping and limitations.
## User Data file
The data from user entry is written to a file when Setup Manager reaches a `waitForUserEntry` step and again when it finishes. The file is stored at `/private/var/db/SetupManagerUserData.txt`. When `DEBUG` is enabled, the file will be written to `/Users/Shared/`.
The file is plain text with the following format:
```
start: 2024-08-14T13:52:56Z
userID: a.b@example.com
department: Sales
building: Example
room: ABC123
assetTag: XYZ888
computerName: MacBook-M7WGMK
submit: 2024-08-14T13:54:37Z
duration: 101
```
Start time (`start`) and finish/submission time (`submit`) are given in ISO8601 format, universal time (UTC). Duration is given in seconds.
Fields that were not set in user entry will not be shown at all. You can use this file in scripts or extension attributes. One possible way is to parse it with `awk`, e.g.
```xml
duration=$(awk -F ': ' '/duration: / {print $2}' /private/var/db/SetupManagerUserData.txt)
```
Starting with Setup Manager 1.2, the User Data file contains a list of actions with their status:
```
enrollmentActions:
-action 0: finished - Microsoft 365
-action 1: finished - Google Chrome
-action 2: finished - Jamf Connect
```
The status can be `finished` or `failed`.
## "About This Mac…" window
When you hold the option key when clicking on "About This Mac…" you will see more information.
## Scannable Serial Number Barcode
Hitting the space bar while Setup Manager is the Active window will open a window with a scannable barcode of the serial number. Hitting the space bar again will dismiss the window.
Note that Setup Manager does not automatically get Key Window when it launches, while running over Setup Assistant, so you may have to click in the Setup Manager window, before hitting the space bar.
## Uninstall Setup Manager
Setup Manager will unload and remove its LaunchAgent and LauchDaemon files upon successful completion. That together with the [flag file](#flag-file) should prevent Setup Manager from launching on future reboots.
If you still want to remove Setup Manager after successful enrollment, there is [a sample uninstaller script in the Examples folder](../Examples/uninstall.sh).
## (Jamf Pro): Useful Smart Groups
You can create smart groups to coordinate installations of Configuration profiles. Some useful examples are:
### Setup Manager Installed
Criteria: 'Application Bundle ID' is `com.jamf.setupmanager`
You can use this smart group to scope or limit configuration profiles, Mac App Store/VPP apps, and Jamf App Installer apps. This way their installation will not occur immediately after enrollment, potentially slowing down the installation of essential Jamf Pro components and extending the "Getting Ready" phase.
### Setup Manager Done
Create an Extension attribute named "Setup Manager Done" with the script code:
```sh
if [ -f "/private/var/db/.JamfSetupEnrollmentDone" ]; then
echo "<result>done</result>"
else
echo "<result>incomplete</result>"
fi
```
Then create a Smart Group named "Setup Manager Done" with the criteria `"Setup Manager Done" is "done"`.
You can use this to scope configuration profiles and policies so that they are installed or run _after_ Setup Manager is complete.
## Running Scripts and Policies when Setup Manager finishes
Generally, you want to coordinate tasks, configurations, and installations with Setup Manager actions. However, in some situations the installations might interfere with the Setup Manager workflow itself. This is most relevant with software that needs to reload the login window process, which will also kill Setup Manager. (e.g Jamf Connect Login)
Setup Manager provides a LaunchDaemon which monitors the `.JamfEnrollmentSetupDone` flag file. It then launches a script or a custom Jamf Pro policy trigger. Since this LaunchDaemon runs independently from Setup Manager, so it can run installers or scripts that might quit login window or Setup Manager.
However, if you have set Setup Manager to automatically shut down or restart at the end, this will interrupt the finished script or policy, unless the automated delay is long enough. Use the [`finalAction`](../ConfigurationProfile.md#finalAction) value of `none` to remove the button and countdown from the Setup Manager UI. However, now it the responsibility of the finishing process to restart the Mac or quit the Setup Manager process, otherwise Setup Manager will keep blocking the UI.
The finished script or custom trigger are configured in the Setup Manager configuration profile, with the [`finishedScript`](../ConfigurationProfile.md#finishedScript) and [`finishedTrigger`](../ConfigurationProfile.md#finishedTrigger) keys.
The SetupManagerFinished daemon logs its output (and the output of the policy and scripts to `/private/var/log/setupManagerFinished.log`.

107
Docs/FAQ.md Normal file
View File

@@ -0,0 +1,107 @@
# Frequently Asked Questions
## Is there a custom JSON Schema for Jamf Pro?
[Yes.](Extras.md#custom-json-schema-for-jamf-pro)
## Can you block the user desktop with user initiated enrollment?
Yes, use the top-level `background` key and point it to a local image file or a http URL to an image file. If you don't want custom branding, you can set `background` to `/System/Library/CoreServices/DefaultDesktop.heic` for the default image.
## Setup Manager is not launching after enrollment
There can be many causes for this. A few common causes are:
- you need at least one of the 'Setup Assistant Options' in the prestage to be set to _not_ skip. Location Services is a good choice that you generally want to leave up the user anyway. Otherwise, Setup Assistant may quit before Setup Manager can launch and do its actions.
- Jamf Pro:
- check that Setup Manager is added to your prestage and the package does not have the label "Availability pending" in Settings> Packages
- in Prestage > Enrollment Packages verify that the Distribution Point is set correctly (it resets to "none" when you remove the last enrollment package)
## Does Setup Manager require Jamf Connect
No.
Setup Manager will run fine without Jamf Connect. You can even build 'single-touch' style workflows with Setup Manager without Jamf Connect. Some workflows, such as pre-assigning a device to a specific user require Jamf Connect, though.
## How can I use the icon for an app before the app is installed?
- preinstall icon files with a custom package installer in prestage. Set the priority of the media/branding package lower than that for Setup Manager, or give the branding/media package a name that is alphabetically earlier than Setup Manager, so it installs before Setup Manager
- use http(s) urls to the image files
- you can host them on a web server/service that you have control over
- you can add the icon to a Self Service policy in Jamf and then copy the url to the icon once uploaded
## What is happening during "Getting Ready" and "Finishing"?
During the "Getting Ready" phase, Setup Manager is waiting for the enrollment configuration to be complete. The steps taken during these phases depend on the version of Setup Manager and the management system.
When enrolled into Jamf Pro, Setup Manager runs (among other things) a recon/Update Inventory during "Getting Ready" and "Finishing." This will make up most of the time in these phases.
You can open the log window (command-L) or review the [log file](Extras.md#logging) for detail for each step. Should Setup Manager stall during one of these steps, you can [quit](Extras.md#quit) out of Setup Manager and review the [log file](Extras.md#logging) after completing the setup.
## (Jamf Pro) Getting Ready is taking very long (several minutes). What is happening and can I do something to make it faster?
The "Getting Ready" phase prepares some steps and waits for all essential Jamf Pro components (the jamf binary, certificates, Jamf.app, etc.) to be installed and configured before starting with the actual enrollment workflow. Depending on the network connection this might take a while.
Note that you can see the individual steps and the timing for each step in the [Setup Manager log file](Extras.md#logging)].
Once Jamf Pro's enrollment workflow is complete, Setup Manager runs a full update inventory/recon. In general, if the recon takes a long time, you should review the inventory collection settings. Calculating home directory sizes and gathering fonts can take a lot of time and CPU power, and speed up things significantly when turned off, not just during enrollment with Setup Manager. You should also review extension attributes, for how long each one runs.
Mac App Store/VPP and Jamf App Installer apps that are scoped to the computer will also begin installing _immediately_ after enrollment. Since macOS will only perform one installation at a time, these might delay the installation of essential Jamf Pro components. You can create smart groups to defer these installations.
With Setup Manager 1.3 and higher, you can check whether apps are getting installed before Setup Manager starts the actions in the Setup Manager log.
## Can I set the wallpaper/desktop picture or dock with Setup Manager?
The settings for the dock and wallpaper/desktop picture are _user_ settings. Since the user account usually does not yet exist when Setup Manager runs, you cannot affect those settings.
What you can do is run a script at login which sets the desktop (using [desktoppr](https://github.com/scriptingosx/desktoppr) ) or the dock (using [dockutil](https://github.com/kcrawford/dockutil) or a similar tool).
## If Setup Manager cannot do it, how can I run scripts at first login
There are several options:
- custom launch agent
- [outset](https://github.com/macadmins/outset/)
- Jamf Pro: [Self Service macOS Onboarding](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/macOS_Onboarding.html)
- Jamf Pro: [policy with a login trigger](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Login_Events.html)
## Can Setup Manager run at first login, rather than right after enrollment?
Technically, yes.
With Jamf Pro, you can set the Setup Manager pkg to install at the `login` trigger or manually from Self Service. Then it will launch within the user session.
This is not, however, the primary workflow for Setup Manager and not something that we will test or verify. We believe running right after enrollment over Setup Assistant is the preferable deployment.
With Jamf Pro, you should consider [macOS Onboarding in Self Service](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/macOS_Onboarding.html) or a [login trigger](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Login_Events.html) instead.
## Installer or Policy Script is failing with access errors
For some policy scripts or installers it may be necessary to give the Setup Manager app Full Disk Access or some other exemptions with a PPPC Profile.
## Installomator actions are all failing
The log shows exit code 4, which means the download was rejected.
Installomator uses Gatekeeper to verify the downloads. When Gatekeeper is set to allow Mac App Store apps only it will reject all third party apps and installers and the verification will fail.
## Can I set Installomator variables?
Yes. The `installomator` action has an `arguments` key, which takes an array strings, one for each argument. With this, you can override variables in Installomator.
Example:
```xml
<dict>
<key>label</key>
<string>Example App</string>
<key>installomator</key>
<string>example</string>
<key>arguments</key>
<array>
<string>downloadURL=https://example.com/alternativeURL</string>
</array>
</dict>
```

35
Docs/JamfPro-LoginWindow.md Normal file
View File

@@ -0,0 +1,35 @@
# Jamf Pro: Run Setup Manager at Login Window
**Beta** _We believe the run at login window feature may require more testing, especially in some edge cases. When, after thorough testing, you believe this works in your workflow, feel free to deploy it, and please let us know about success or any issues you might encounter._
By default, Setup Manager launches as soon as the installation completes. You can defer launching Setup Manager to launch when the macOS Login Window appears, instead.
When the `runAt` key in the profile is set to `loginwindow`, Setup Manager will not launch immediately after installation but when Login Window appears. In combination with the 'AutoAdvance' feature for automated device enrollment, this allows for completely 'hands-off' enrollment and configuration workflows.
However, this requires the enrollment workflow to be configured so that it will eventually end at Login Window, usually by connecting the Mac to a directory service.
## Prestage configuration
- Create or clone a new prestage to run Setup Manager at Login Window.
- Under 'General', under 'Setup Assistant', enable 'Automatically advance through Setup Assistant'. Select the language and region you want to assign to the Macs.
- Select all options to be skipped.
- Under 'Account Settings' choose to create a managed local administrator, configure the user name, password and other options.
- In 'Local User Account Type', select 'Skip Account Creation'
- Under 'Configuration Profiles', select the Setup Manager configuration profile. In that profile, set the [`runAt` key](../ConfigurationProfile.md#runAt) to `loginwindow`.
- Upload the Setup Manager installation pkg from the [Releases](https://github.com/jamf-concepts/setup-manager/releases) section to Jamf Pro and add it to the 'Enrollment Packages' section. Ensure you have selected 'Cloud Distribution Point' as the distribution point or setup the manifest for an on-premise deployment.
## Bind to directory
You will likely need to bind the Mac to a directory service to allow for user login after successful deployment. This can be triggered by a policy as an Setup Manager action.
## Auto Advance
The Apple feature to automatically advance through the Setup Assistant screens has a few requirements. The Mac has to be registered in Apple Business Manager or Apple School Manager and assigned to the MDM servier. It also has to be connected with ethernet to a network that can reach the MDM server, all Apple services and other internal services you might configure during enrollment (e.g. directory or IdP server).
Auto Advance doesn't 'kick in' until after Voiceover has introduced itself and if you ever touch any of the controls, AutoAdvance will stop and you have to continue manually.

70
Docs/JamfPro-QuickStart.md Normal file
View File

@@ -0,0 +1,70 @@
# Jamf Pro: Setup Manager Quick Start
## Upload Setup Manager package
Download the latest version of the Setup Manager installation pkg from the [releases page](https://github.com/Jamf-Concepts/Setup-Manager/releases/latest).
In the Jamf Pro web interface, go to Settings > Packages. Create a new package and upload the Setup Manager installer pkg file to Jamf Pro. Save the package.
_Note:_ when the package is marked as 'pending' it will not work in prestage deployment. Wait with testing deployments until the 'pending' flag has disappeared.
## Prepare a Jamf Pro policy for use with Setup Manager
Setup Manager can trigger policies in Jamf Pro. By triggering a sequence of Jamf Pro policies all the required software and configurations will be installed on the device.
## Create the Setup Manager configuration profile
- Go to Computers > create a new profile
- Name the profile 'Setup Manager'
- assign a category, ensure the Level is set to 'Computer Level'
- in payload sidebar select 'Application & Custom Settings', then select 'Jamf Applications'
- click the '+ Add' button
- for the 'Jamf Application Domain' choose `com.jamf.setupmanager`
- for the version select the version of Setup Manager you are using
- for the 'Variant', select `Setup Manager.json`
### Profile values
- for the Icon Source, enter `name:NSComputer`. This is a special value that tells Setup Manager to use an image of the computer it is running on. There are many other options you can use as an icon source [documented here](../ConfigurationProfile.md#icon-source).
- for the Title, enter `Welcome to Setup Manager!`
- for the Message, enter `Please be patient while we set up your new Mac…`
### Enrollment
- under Enrollment Actions, click on 'Add Item'
- for item 1, from the 'Select Action Type' popup, choose "Installomator"
- for 'Action Label,' enter `Google Chrome`
- for 'Action Icon Source,' enter `symbol:network`
- for 'Installomator Label' enter `googlechromepkg`
- click 'Add Item'
- for item 2, from the 'Select Action Type' popup, choose "Shell Command"
- under 'Command Arguments', click 'Add argument', enter `-setTimeZone`
- click 'Add argument' again and enter your time zone in the format `Europe/Amsterdam` (the 'TZ identifier' [from this list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones))
- for 'Action Label,' enter `Set Time Zone`
- for 'Action Icon Source,' enter `symbol:clock`
- for 'Requires Root' select `true`
- for 'Shell Command Path' enter `/usr/sbin/systemsetup`
You can add more actions here. There are more types of actions available, you can use a 'Jamf Policy Trigger' action to run a policy with a custom trigger. You can also use a 'Watch Path' action to wait for an app to be installed from the Mac App Store or Jamf App Installers.
## Scoping and Prestage
- scope the configuration profile to the computers you want to run Setup Manager on
- create a new Prestage or duplicate an existing one
- add the Setup Manager pkg and the configuration profile to the Prestage
- when installing and using Jamf Connect Login, ensure you have the latest version
- ensure that 'Automatically advance through Setup Assitant' is _disabled_
- have at least one Setup Assistant option which shows before user creation _disabled_ (so that _is_ displayed), we recommend the Location Services or Terms and Conditions pane
- ensure your test Mac(s) is (are) assigned to the Prestage
## Wipe the Test Mac
- on the test mac, choose 'Erase all Contents and Settings' in the Settings app or wipe the Mac using the 'Wipe Computer' remote management command in Jamf Pro
- click through the initial enrollment dialogs. After you approve the enrollment in your MDM, Setup Manger should appear and perform the actions you configured
- while the installations are progressing, click on "About this Mac…" for information, click again while holding down the option key for even more information
- hit command-L for a log window. You can also find this log info later at `/Library/Logs/Setup Manager.log`
## Next Steps
- add more [actions](../ConfigurationProfile.md#actions) to Setup Manager, you can use more Jamf Pro policies, Installomator labels, or shell actions
- automate computer naming with a [computer name template key](../ConfigurationProfile.md#computerNameTemplate)
- optionally, add [a `help` section](../ConfigurationProfile.md#help) to let the user know what is going on
- ideally automated deployments shouldn't require manual data entry, but if necessary, you can configure a [user entry](../ConfigurationProfile.md#user-entry) section in the profile

59
Docs/JamfPro-TwoPhase.md Normal file
View File

@@ -0,0 +1,59 @@
# Jamf Pro: extra installations based on user data entry
In this simple example workflow, we run certain Jamf Pro policies depending on the department. This example can be expanded to other user entry data fields.
- create Setup Manager configuration profile
- create a `userEntry` key with a list of options for the department:
```xml
<key>userEntry</key>
<dict>
<key>department</key>
<dict>
<key>options</key>
<array>
<string>Sales</string>
<string>Development</string>
<string>IT</string>
<string>Marketing</string>
</array>
</dict>
</dict>
```
Note that you need to have the matching departments in Jamf Pro.
- add the `enrollmentActions` that should run on all computers first
- then add a `waitForUserEntry` action:
```xml
<dict>
<key>label</key>
<string>Submit entries</string>
<key>waitForUserEntry</key>
<string/>
</dict>
```
When Setup Manager reaches this action it will wait for the user data entry to be complete if it isn't already. Then Setup Manager will submit the data from the user entry to Jamf Pro and run a recon, so you can use the data for scoping subsequent policies.
Setup Manager also saves the data from user entry in a plain text file which you can use in policy scripts after the `waitForUserEntry` action. [See details here.](Extras.md#user-data-file)
- Insert this action
``` xml
<dict>
<key>icon</key>
<string>symbol:plus.app</string>
<key>label</key>
<string>Extra Apps for %department%</string>
<key>policy</key>
<string>install_extra_apps</string>
</dict>
```
- for the policies you want run/install depending on the user entry:
- give the policy a custom trigger matching the trigger in 'Extra Apps' action: `install_extra_apps`
- scope the policy to the department(s) that should receive the installations
- repeat for every extra installation that depends on the user entry

28
JamfProConnect-SingleTouch.md → Docs/JamfProConnect-SingleTouch.md
View File

@@ -1,4 +1,4 @@
# Single Touch workflow with Jamf Pro and Jamf Connect
# Single Touch workflow with Jamf Pro and Jamf Connect
## What is Single Touch?
@@ -8,7 +8,7 @@ A single touch workflow can be as easy the tech unpacking the Mac (erasing it wi
You can use a combination of Jamf Pro, Setup Manager and Jamf Connector, to get a tighter deployment, user assignment and account creation process. This requires a bit more setup and configuration. This workflow allows the tech to monitor the Setup Manager workflow, enter device specific data such as an asset tag and assign _and lock_ the device to a different user, without requiring the end user's login credentials.
## What you need:
## What you need
- Jamf Pro
- Setup Manager
@@ -16,7 +16,9 @@ You can use a combination of Jamf Pro, Setup Manager and Jamf Connector, to get
Customized Enrollment with SSO is not _required_ for this workflow. The assignment to the final user is set from the email entered in Setup Manager. Nevertheless, customized enrollment with SSO is useful in this context since restricts Mac enrollment to a group of authorized accounts.
You should have Jamf Pro and Jamf Connect configured with the required SSO integrations and thoroughly tested before configuring this workflow.
You should have Jamf Pro and Jamf Connect configured with the required SSO integrations and thoroughly tested before configuring this workflow.
Verify that "Collect User and Location information from Directory Service" is **enabled** in Settings > Computer management > Inventory collection.
## Configure Setup Manager
@@ -28,8 +30,7 @@ Setup Manager profile will require a `userEntry` field for `userID` to know whic
Example:
```
```xml
<key>userID</key>
<dict>
<key>placeholder</key>
@@ -56,7 +57,7 @@ When you upload the Jamf Connect pkg to Jamf Pro and add it to either the Presta
When you use Jamf App Installers you have no direct control over when the installation actually occurs. You should add a `watchPath` action at the end of your `enrollmentActions` array in the Setup Manager profile to ensure that Jamf Connect is installed before proceeding:
```
```xml
<dict>
<key>label</key>
<string>Jamf Connect</string>
@@ -75,7 +76,7 @@ The email entered for userID will be submitted to Jamf Pro at the end of the Set
Create an Extension attribute named "Setup Manager Done" with the script code:
```
```sh
if [ -f "/private/var/db/.JamfSetupEnrollmentDone" ]; then
echo "<result>done</result>"
else
@@ -87,17 +88,19 @@ Then create a Smart Group named "Setup Manager Done" with the criteria `"Setup M
## Pre-set user for Jamf Connect
Note: this step only works with Entra ID as the Identity Provider.
Jamf Connect Login allows pre-configuring the user. Create a configuration profile named "Jamf Connect Enrollment User" to the preference domain `com.jamf.connect.login` with the following property list:
```
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnrollmentRealName</key>
<string>$REALNAME</string>
<key>EnrollmentUserName</key>
<string>$EMAIL</string>
<key>EnrollmentRealName</key>
<string>$REALNAME</string>
<key>EnrollmentUserName</key>
<string>$EMAIL</string>
</dict>
</plist>
```
@@ -105,4 +108,3 @@ Jamf Connect Login allows pre-configuring the user. Create a configuration profi
Scope this configuration profile the "Setup Manager Done" smart group you created earlier.
With this setup, the configuration profile that presets the user in Jamf Connect Login will be pushed out after Setup Manager finishes its final recon, which sets the user information to the Mac in Jamf Pro.

64
Docs/JamfSchool-Setup.md Normal file
View File

@@ -0,0 +1,64 @@
# Jamf School: Setup Manager Quick Start
### Upload Setup Manager Package
Download the latest version of the Setup Manager installation pkg from the [releases page](https://github.com/Jamf-Concepts/Setup-Manager/releases)
Once you have the pkg it needs to be uploaded to Jamf School as an `In House macOS app` and can be done by logging into Jamf School and Navigating to
* **Apps** -> **Inventory** -> **click on + Add App**
* Click **Add In-House macOS Package**
* Navigate to the downloaded Jamf Setup Manager Package and drag into the window
* Once uploaded click **Save** (no need to scope anything at this point)
### Prepare Jamf School In House macOS Apps, VPP Apps and Configurations
Setup Manager can "watch" for items in a particular file path on the volume. This is a great way to check if an app installed via VPP or In House macOS Apps (custom packages) are installed before moving on to the next action.
If you intend to "watch" for an item in your Setup Manager workflow ensure to scope the app(s) in the convential way.
Other apps (that are not being monitored through Setup Manager) and profile configurations should be scoped to the target devices in the convential way
*How you scope these addtional items will depend on your deployment but as an example this could be done through the App Inventory menu or via a smart / static group.*
### Create the Setup Manager Configuration Profile
There are many actions and configurable items available for Setup Manager, which are well [documented here](https://github.com/Jamf-Concepts/Setup-Manager/blob/main/ConfigurationProfile.md).
*Its worth noting that there are a number of actions that can be performed that are only available for Jamf Pro, these are clearly stated in the documentation.*
To help you get started on creating a Configuration Profile, there is a [sample profile](https://github.com/Jamf-Concepts/Setup-Manager/blob/main/Examples/sample-jamfschool.mobileconfig).
This sample profile can then be edited using a text editor tool such as [BBEdit](https://www.barebones.com/products/bbedit/) or a tool specifically for editing plists and profiles, such as [PlistEdit Pro](https://www.fatcatsoftware.com/plisteditpro/).
If you'd prefer to not edit in text format [iMazing Profile Editor](https://imazing.com/profile-editor) now has a community created payload spefically for Setup Manager which enables you to create a profile in a more user friendly GUI
Once you have a configuration profile with the desired actions it should be uploaded to Jamf School. Navigate to
* **Profiles** -> **Overview** -> click **+Create Profile**
* Click **Upload Custom Profile** -> Find the configuration profile on your system and drag to the window
* Click **Next**
* Give the profile and name and description -> click **Next**
* Click **Finish**
* Click **Save** (no need to scope anything at this point)
### Automated Device Enrolment Profile & Scoping
Create a new ADE profile by Navigating to
* **Profiles** -> **Automated Device Enrolment Profiles** -> click **+macOS**
* Fill out the profile as required for your deployment but **DO NOT** check the *Enable Zero-Touch Setup* box
* Click **Add** under profiles and select your *Jamf Setup Manager Configuration Profile* from the drop down menu
* Click **Add** under packages and select the *Jamf Setup Manager package* from the drop down menu
* Click **Save**
Finally scope the ADE profile to the required devices
### Wipe The Test Mac
* On the test mac, choose `Erase all Contents and Settings` in the Settings app or wipe the Mac using the `Erase Device` remote management command in Jamf Pro
* Click through the initial enrollment dialogs. After you approve the enrollment in your MDM, Setup Manger should appear and perform the actions you configured
* While the installations are progressing, click on "About this Mac…" for information, click again while holding down the option key for even more information
* Hit `command-L` for a log window. You can also find this log info later at `/Library/Logs/Setup Manager.log`

87
Docs/Network.md Normal file
View File

@@ -0,0 +1,87 @@
# Network Connectivity
Setup Manager can display the current network status in the top right corner of the main window.
By default, the icon will only appear when
- there is no network connection or the connection is lost
- Network Relay is configured
- the `networkCheck` array is present in the profile, even when it is empty
You can always manually toggle the visibility of the network status icon with command-N.
The icon will show the network "globe" icon when the network is connected, the icon with a slash when it is disconnected, and the icon with a small shield when it is connected and Network Relay is configured.
You can click on the icon for more detailed information:
- network connection name
- IP addresses (IPv4 and IPv6, when present)
- Network Bandwidth information (these take a while to appear, be patient)
- When Network Relay is configured, it will show the connectivity to the HTTP3/QUIC and HTTP2 hosts
- Connectivity to certain hosts
- by default, the Jamf Server will be shown
- You can add a list of custom hosts in the configuration profile
### `networkCheck`
(array of dict, optional)
Provides a list of hosts to check connectivity to. These will be shown in the 'Connectivity' section in the network info pane.
Each dict in this array represents a check for a connection to a host. The dict can contain the following keys:
#### `host`
(string)
The host name, e.g. `host.example.com` (no url scheme) to test a connection to.
#### `port`
(integer, optional, default: `443`)
The port to test a connection to.
#### `protocol`
(string, optional, default: `tcp`)
The connection protocol to test: `tcp` or `udp`.
#### `label`
(string, localizable, optional)
A display label for the connection test.
Example:
```xml
<key>networkCheck</key>
<array>
<dict>
<key>host</key>
<string>map.wandera.com</string>
<key>label</key>
<string>Intranet Maps</string>
<key>port</key>
<integer>443</integer>
<key>protocol</key>
<string>tcp</string>
</dict>
</array>
```
Example: empty `networkCheck` array to force Network icon to always show
```xml
<key>networkCheck</key>
<array/>
```
## Network Change logging
Setup Manager 1.3 adds logging for changes to network interfaces. It is possible that there will multiple entries in the log with regards to the same network change. Most changes logged will be neutral and should not affect your deployment negatively.
However, it is possible that changes to the network configuration of a device can influence the deployment workflow. Changes to network or Wi-Fi configurations and other network or security tools might disrupt the network connectivity during enrollment. This might interrupt or cancel downloads.
For example, when a configuration profile with the access information for a secure corporate Wifi is installed on the device, then the download access to required resources might change. Another example are security tools that might lead to restricted access for downloads (Installomator uses `curl` to download data, which might trigger security tools.)
Checking the log for network changes or outages during enrollment can be useful for troubleshooting.

164
Docs/Webhooks.md Normal file
View File

@@ -0,0 +1,164 @@
# Webhooks
#### `webhooks`
(Dict, optional)
Setup Manager can send webhooks to inform other services of its status. The configuration for the webhooks in all stored under the top-level `webhooks` key.
The webhooks dict can contain two keys, both of which are again dicts. `started` defines the webhook or webhooks that are called when Setup Manager starts its workflow, and the other `finished` defines the webhook or webhooks when it finishes the workflow.
When the either the `started` or `finished` key is missing, no webhook will be sent for that event.
Example:
```xml
<key>webhooks</key>
<dict>
<key>finished</key>
<string>https://example.com/webhook-finish</string>
<key>started</key>
<string>https://example.com/webhook-start</string>
</dict>
```
### Multiple webhooks
You can send multiple services per event:
```xml
<key>webhooks</key>
<dict>
<key>finished</key>
<array>
<string>https://example.com/webhook-finish</string>
<string>https://otherservice.com/abc123456</string>
</array>
<key>started</key>
<array>
<string>https://example.com/webhook-start</string>
<string>https://otherservice.com/abc123456</string>
</array>
</dict>
```
### WebHook Data
For the `started` webhook, Setup Manager attaches this data:
```json
{
"name": "Started", // string
"event": "com.jamf.setupmanager.started" // string
"timestamp": "2025-01-14T15:11:28Z", // time setup manager started, date as string, iso8601
"started": "2025-01-14T15:11:27Z", // time webhook was sent, date as string, iso8601
"modelName": "MacBook Air", // string
"modelIdentifier": "Mac14,2", // string
"macOSBuild": "24C101", // string
"macOSVersion": "15.2.0", // string
"serialNumber": "ABCD1234DE", // string
"setupManagerVersion": "1.2" // string
"jamfProVersion": "11.13.0" // optional, only for Jamf Pro, string
"jssID": 1234 // optional, only when `jssID` is set in profile, string
}
```
The data for the `finished` webhook includes the same as above, with some additional fields:
```json
{
"name": "Finished", // string
"event": "com.jamf.setupmanager.finished" // string
"duration": 53, // integer
"finished": "2025-01-14T15:12:20Z", // time Setup Manager finished, date as string, iso8601
"computerName": "Mac-123456" // computer name, only when set through Setup Manager
"userEntry": { // data entered by the user
"department": "IT",
"computerName": "IT-ABC123",
"userID": "a.b@example.,com",
"assetTag": "abc54321"
},
"enrollmentActions": [ // array of enrollmentActions with status
{
"label": "Microsoft 365",
"status": "finished" // status: "finished" or "failed"
},
{
"label": "Google Chrome",
"status": "finished"
},
{
"label": "Jamf Connect",
"status": "finished"
},
],
}
```
### Microsoft Teams
When you set up [an incoming webhook workflow with Microsoft Teams](https://support.microsoft.com/en-us/office/create-incoming-webhooks-with-workflows-for-microsoft-teams-8ae491c7-0394-4861-ba59-055e33f75498) the json payload is expected in a certain format.
**Important Note:** _The Teams Workflow Webhook URL will contain ampersands `&`. Since configuration profiles are XML files, you need to escape/replace all ampersands in the URL with the XML escape sequence `&amp;`._
Use this webhook format in the Setup Manager profile:
```xml
<dict>
<key>kind</key>
<string>teams</string>
<key>url</key>
<string>--insert url from Teams Workflows here--</string>
</dict>
```
This `dict` replaces the simple `string` syntax.
### Slack
You can also [configure Slack to receive messages on webhook url](https://api.slack.com/messaging/webhooks).
Use this webhook format in the Setup Manager profile:
```xml
<dict>
<key>kind</key>
<string>slack</string>
<key>url</key>
<string>--insert url from Slack here--</string>
</dict>
```
### Multiple webhooks
You can send multiple services per event:
```xml
<key>webhooks</key>
<dict>
<key>finished</key>
<array>
<string>https://example.com/webhook-finish</string>
<dict>
<key>kind</key>
<string>teams</string>
<key>url</key>
<string>--insert url from Teams Workflows here--</string>
</dict>
</array>
<key>started</key>
<array>
<string>https://example.com/webhook-start</string>
<dict>
<key>kind</key>
<string>teams</string>
<key>url</key>
<string>--insert url from Teams Workflows here--</string>
</dict>
</array>
</dict>
```
### Webhooks in Debug mode
Webhooks are generally _not_ sent when DEBUG is set to true. However, if you set a `DEBUG` key to `true` _inside_ the webhooks dictionary to true, webhooks will be sent, even when global DEBUG is enabled.

162
Examples/sample-com.jamf.setupmanager.plist Normal file
View File

@@ -0,0 +1,162 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>enrollmentActions</key>
<array>
<dict>
<key>arguments</key>
<array>
<string>-setTimeZone</string>
<string>Europe/Amsterdam</string>
</array>
<key>icon</key>
<string>symbol:clock</string>
<key>label</key>
<dict>
<key>de</key>
<string>Zeitzone einstellen</string>
<key>en</key>
<string>Set Time Zone</string>
<key>es</key>
<string>Establecer zona horaria</string>
<key>fr</key>
<string>Définir le fuseau horaire</string>
<key>he</key>
<string>הגדרות אזור זמן</string>
<key>it</key>
<string>Imposta il fuso orario</string>
<key>nl</key>
<string>Tijdzone instellen</string>
<key>sv</key>
<string>Ställ in tidszon</string>
<key>nb</key>
<string>Angi tidssone</string>
<key>pl</key>
<string>Ustal strefę czasową</string>
</dict>
<key>requiresRoot</key>
<true/>
<key>shell</key>
<string>/usr/sbin/systemsetup</string>
</dict>
<dict>
<key>icon</key>
<string>https://ics.services.jamfcloud.com/icon/hash_bb4e9c7d19adf8360ff28d666b01e66c35ae3e8d190660ac496d5a8abf4276a8</string>
<key>label</key>
<string>Microsoft 365</string>
<key>policy</key>
<string>install_microsoft365</string>
</dict>
<dict>
<key>icon</key>
<string>https://ics.services.jamfcloud.com/icon/hash_87d2224fa990a47de96f63fb2f84aa3b7304c20a3ff29412f5a7a484745fd2c9</string>
<key>label</key>
<string>Google Chrome</string>
<key>policy</key>
<string>install_chrome</string>
</dict>
<dict>
<key>icon</key>
<string>https://ics.services.jamfcloud.com/icon/hash_d72c39716b456bb647a1cfe01942656bd25dfcdd0faaa147dcce337589b75a8a</string>
<key>label</key>
<string>BBEdit</string>
<key>policy</key>
<string>install_bbedit</string>
</dict>
<dict>
<key>icon</key>
<string>symbol:app.badge</string>
<key>label</key>
<string>Jamf Protect</string>
<key>timeout</key>
<integer>600</integer>
<key>watchPath</key>
<string>/Applications/JamfProtect.app</string>
</dict>
</array>
<key>finalCountdown</key>
<integer>30</integer>
<key>icon</key>
<string>name:AppIcon</string>
<key>jssID</key>
<string>$JSSID</string>
<key>message</key>
<dict>
<key>de</key>
<string>Bitte etwas Geduld während Setup Manager deinen neuen Mac konfiguriert.</string>
<key>en</key>
<string>Please be patient while Setup Manager configures your new Mac.</string>
<key>es</key>
<string>Por favor espere mientras Setup Manager configura tu nuevo Mac.</string>
<key>fr</key>
<string>Veuillez être patient pendant que Setup Manager configure votre nouveau Mac.</string>
<key>he</key>
<string>אנא התאזר בסבלנות בזמן ש-Setup Manager מגדיר את ה-Mac החדש שלך</string>
<key>it</key>
<string>Sii paziente mentre Setup Manager configura il tuo nuovo Mac.</string>
<key>nl</key>
<string>Even geduld terwijl Setup Manager je nieuwe Mac configureert.</string>
<key>pl</key>
<string>Prosimy o cierpliwość, podczas gdy Setup Manager konfiguruje Twojego nowego Maca.</string>
<key>sv</key>
<string>Ha tålamod medan Setup Manager konfigurerar din nya Mac.</string>
<key>nb</key>
<string>Vær tålmodig mens Setup Manager konfigurerer den nye Mac-en din.</string>
</dict>
<key>title</key>
<dict>
<key>de</key>
<string>Willkommen!</string>
<key>en</key>
<string>Welcome!</string>
<key>es</key>
<string>¡^[^[Bienvenido](inflect: true)](inflectionAlternative: &apos;Te damos la bienvenida&apos;)!</string>
<key>fr</key>
<string>Bienvenu!</string>
<key>he</key>
<string>ברוכים הבאים!</string>
<key>it</key>
<string>^[Benvenuto](inflect: true, inflectionAlternative: &quot;Ciao&quot;)!</string>
<key>nl</key>
<string>Welcom!</string>
<key>pl</key>
<string>Witamy!</string>
<key>sv</key>
<string>Välkommen</string>
<key>nb</key>
<string>Velkommen</string>
</dict>
<key>userEntry</key>
<dict>
<key>assetTag</key>
<dict>
<key>placeholder</key>
<string>ABC12345</string>
</dict>
<key>computerName</key>
<string>Mac-12345</string>
<key>department</key>
<dict>
<key>options</key>
<array>
<string>Sales</string>
<string>R&amp;D</string>
<string>IT</string>
</array>
</dict>
<key>userID</key>
<dict>
<key>placeholder</key>
<dict>
<key>de</key>
<string>vorname.nachname@example.com</string>
<key>en</key>
<string>first.last@example.com</string>
<key>nl</key>
<string>voornaam.achternaam@example.com</string>
</dict>
</dict>
</dict>
</dict>
</plist>

68
sample-jamfschool.mobileconfig → Examples/sample-jamfschool.mobileconfig
View File

@@ -25,13 +25,16 @@
<key>icon</key>
<string>symbol:clock</string>
<key>label</key>
<string>Set Time Zone</string>
<key>label.de</key>
<string>Zeitzone setzen</string>
<key>label.fr</key>
<string>Définir le fuseau horaire</string>
<key>label.nl</key>
<string>Tijdzone instellen</string>
<dict>
<key>de</key>
<string>Zeitzone setzen</string>
<key>en</key>
<string>Set Time Zone</string>
<key>fr</key>
<string>Définir le fuseau horaire</string>
<key>nl</key>
<string>Tijdzone instellen</string>
</dict>
<key>requiresRoot</key>
<true/>
<key>shell</key>
@@ -46,13 +49,16 @@
<key>icon</key>
<string>symbol:cpu</string>
<key>label</key>
<string>Install Rosetta</string>
<key>label.de</key>
<string>Rosetta installieren</string>
<key>label.fr</key>
<string>Installer Rosetta</string>
<key>label.nl</key>
<string>Rosetta installeren</string>
<dict>
<key>de</key>
<string>Rosetta installieren</string>
<key>en</key>
<string>Install Rosetta</string>
<key>fr</key>
<string>Installer Rosetta</string>
<key>nl</key>
<string>Rosetta installeren</string>
</dict>
<key>requiresRoot</key>
<true/>
<key>shell</key>
@@ -78,21 +84,27 @@
<key>icon</key>
<string>name:AppIcon</string>
<key>message</key>
<string>Setup Manager is configuring your Mac…</string>
<key>message.de</key>
<string>Setup Manager konfiguriert deinen Mac…</string>
<key>message.fr</key>
<string>Setup Manager configure votre Mac…</string>
<key>message.nl</key>
<string>Setup Manager configureert je Mac…</string>
<dict>
<key>de</key>
<string>Setup Manager konfiguriert deinen Mac…</string>
<key>en</key>
<string>Setup Manager is configuring your Mac…</string>
<key>fr</key>
<string>Setup Manager configure votre Mac…</string>
<key>nl</key>
<string>Setup Manager configureert je Mac…</string>
</dict>
<key>title</key>
<string>Welcome!</string>
<key>title.de</key>
<string>Willkommen!</string>
<key>title.fr</key>
<string>Bienvenu!</string>
<key>title.nl</key>
<string>Welkom!</string>
<dict>
<key>de</key>
<string>Willkommen!</string>
<key>en</key>
<string>Welcome!</string>
<key>fr</key>
<string>Bienvenu!</string>
<key>nl</key>
<string>Welkom!</string>
</dict>
</dict>
</dict>
</array>

156
Examples/sample-waitForUserEntry.plist Normal file
View File

@@ -0,0 +1,156 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>enrollmentActions</key>
<array>
<dict>
<key>arguments</key>
<array>
<string>-setTimeZone</string>
<string>Europe/Amsterdam</string>
</array>
<key>icon</key>
<string>symbol:clock</string>
<key>label</key>
<dict>
<key>de</key>
<string>Zeitzone setzen</string>
<key>en</key>
<string>Set Time Zone</string>
<key>es</key>
<string>Establecer zona horaria</string>
<key>fr</key>
<string>Définir le fuseau horaire</string>
<key>it</key>
<string>Imposta il fuso orario</string>
<key>nl</key>
<string>Tijdzone instellen</string>
</dict>
<key>requiresRoot</key>
<true/>
<key>shell</key>
<string>/usr/sbin/systemsetup</string>
</dict>
<dict>
<key>icon</key>
<string>https://ics.services.jamfcloud.com/icon/hash_bb4e9c7d19adf8360ff28d666b01e66c35ae3e8d190660ac496d5a8abf4276a8</string>
<key>label</key>
<string>Microsoft 365</string>
<key>policy</key>
<string>install_microsoft365</string>
</dict>
<dict>
<key>icon</key>
<string>https://ics.services.jamfcloud.com/icon/hash_87d2224fa990a47de96f63fb2f84aa3b7304c20a3ff29412f5a7a484745fd2c9</string>
<key>label</key>
<string>Google Chrome</string>
<key>policy</key>
<string>install_chrome</string>
</dict>
<dict>
<key>icon</key>
<string>https://ics.services.jamfcloud.com/icon/hash_d72c39716b456bb647a1cfe01942656bd25dfcdd0faaa147dcce337589b75a8a</string>
<key>label</key>
<string>BBEdit</string>
<key>policy</key>
<string>install_bbedit</string>
</dict>
<dict>
<key>icon</key>
<string>symbol:app.badge</string>
<key>label</key>
<string>Jamf Protect</string>
<key>timeout</key>
<integer>600</integer>
<key>watchPath</key>
<string>/Applications/JamfProtect.app</string>
</dict>
<dict>
<key>label</key>
<dict>
<key>de</key>
<string>Eingaben übermitteln</string>
<key>en</key>
<string>Submit User Entry</string>
<key>fr</key>
<string>Soumettre les entrées</string>
<key>nl</key>
<string>Voer invoer in</string>
</dict>
<key>waitForUserEntry</key>
<string></string>
</dict>
<dict>
<key>icon</key>
<string>symbol:plus.app</string>
<key>label</key>
<dict>
<key>de</key>
<string>Extra Apps für %department%</string>
<key>en</key>
<string>Extra Apps for %department%</string>
<key>fr</key>
<string>Extra Apps pour %department%</string>
<key>nl</key>
<string>Extra Apps voor %department%</string>
</dict>
<key>policy</key>
<string>install_extra_apps</string>
</dict>
</array>
<key>finalCountdown</key>
<integer>30</integer>
<key>icon</key>
<string>name:AppIcon</string>
<key>jssID</key>
<string>$JSSID</string>
<key>message</key>
<dict>
<key>de</key>
<string>Bitte etwas Geduld während Setup Manager deinen neuen Mac konfiguriert.</string>
<key>en</key>
<string>Please be patient while Setup Manager configures your new Mac.</string>
<key>es</key>
<string>Por favor espere mientras Setup Manager configura tu nuevo Mac.</string>
<key>fr</key>
<string>Veuillez être patient pendant que Setup Manager configure votre nouveau Mac.</string>
<key>he</key>
<string>אנא התאזר בסבלנות בזמן ש-Setup Manager מגדיר את ה-Mac החדש שלך</string>
<key>it</key>
<string>Sii paziente mentre Setup Manager configura il tuo nuovo Mac.</string>
<key>nl</key>
<string>Even geduld terwijl Setup Manager je nieuwe Mac configureert.</string>
</dict>
<key>title</key>
<dict>
<key>de</key>
<string>Willkommen!</string>
<key>en</key>
<string>Welcome!</string>
<key>es</key>
<string>¡Bienvenido!</string>
<key>fr</key>
<string>Bienvenu!</string>
<key>he</key>
<string>ברוכים הבאים!</string>
<key>it</key>
<string>Benvenuto!</string>
<key>nl</key>
<string>Welcom!</string>
</dict>
<key>userEntry</key>
<dict>
<key>department</key>
<dict>
<key>options</key>
<array>
<string>Sales</string>
<string>Development</string>
<string>IT</string>
<string>Marketing</string>
</array>
</dict>
</dict>
</dict>
</plist>

6
uninstall.sh → Examples/uninstall.sh
View File

@@ -24,7 +24,7 @@ bundleID="com.jamf.setupmanager"
appPath="/Applications/Utilities/${appName}.app"
if [ $(whoami) != "root" ]; then
if [ "$(whoami)" != "root" ]; then
echo "needs to run as root!"
exit 1
fi
@@ -35,9 +35,11 @@ if launchctl list | grep -q "$bundleID" ; then
fi
echo "removing files"
rm -rfv /Applications/Utilities/"$appName".app
rm -rfv "$appPath"
rm -v /Library/LaunchDaemons/"$bundleID".plist
rm -v /Library/LaunchAgents/"$bundleID".loginwindow.plist
echo "forgetting $bundleID pkg receipt"
pkgutil --forget "$bundleID"
# rm -v /private/var/db/.JamfSetupEnrollmentDone

BIN
Images/setup-manager-progress-screenshot.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 536 KiB

After

Width:  |  Height:  |  Size: 617 KiB

BIN
Images/setup-manager-progress-screenshot_old.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 94 KiB

1
LICENSE.md Normal file
View File

@@ -0,0 +1 @@
Offered under the terms of the [Jamf Software License and Service Agreement](https://resources.jamf.com/documents/jamf-SLASA.pdf).

88
README.md
View File

@@ -1,90 +1,70 @@
![Setup Manager Icon](Images/SetupManager250.png)
# Setup Manager
# Setup Manager
_"Every Assistant has a Manager"_
![Setup Manager Logo](https://img.shields.io/badge/macOS-12%2B-success)
![Setup Manager Logo](https://img.shields.io/badge/macOS-13.5%2B-success)
Updates are published in the '[Releases](https://github.com/jamf-concepts/setup-manager/releases)' section of the repo. There you can also [download the latest pkg installer](https://github.com/jamf-concepts/setup-manager/releases/latest). You can subscribe to notifications for the repo using the 'Watch' button above.
Please report issues, feature requests [as an issue.](https://github.com/setup-manager/setup-manager/issues)
Please report issues, feature requests [as an issue.](https://github.com/jamf-concepts/setup-manager/issues)
We have opened the [discussions](https://github.com/setup-manager/setup-manager/discussions) area for questions and more generic feedback.
We have opened the [discussions](https://github.com/jamf-concepts/setup-manager/discussions) area for questions and more generic feedback.
Updates will be published in the '[Releases](https://github.com/setup-manager/setup-manager/releases)' section of the repo. There you can also [download the latest pkg installer](https://github.com/setup-manager/setup-manager/releases/latest). You can subscribe to notifications for the repo using the 'Watch' button above.
There is also a [`#jamf-setup-manager`](https://macadmins.slack.com/archives/C078DDLKRDW) channel on the [MacAdmins Slack](https://macadmins.org).
![setup manager progress dialog](Images/setup-manager-progress-screenshot.png)
## What it does
There are many enrollment progress tools available for Mac admins, each with their own strengths. Jamf Setup Manager approaches the problem from the perspective of an IT service provider.
Setup Manager offers many of the same features of these utilities but is especially useful for the case where an IT department or provisioning depot wants to ensure that a new Mac is properly configured and assigned before sending the device to its new user. It runs over Setup Assistant before a user is created so it won't interfere with MDM-capable user or the secure token flow for FileVault. You can control which policies and installations Setup Manager runs with a configuration profile.
Setup Manager offers many of the same features of these utilities but is especially useful for the case where an IT department or provisioning depot wants to ensure that a new Mac is properly configured and assigned before sending the device to its new user. It runs over Setup Assistant before a user is created, so it won't interfere with MDM-capable user or the secure token flow for FileVault. You can control which policies and installations Setup Manager runs with a configuration profile.
Setup Manager provides:
- a nice modern UI
- configuration with a configuration profile, no need to modify shell scripts or json
- works with different deployment workflows
- zero-touch (user-driven)
- single-touch (tech-driven)
- user initiated enrollment
- handsfree deployment with AutoAdvance (beta)
- customized branding
- localized interface and custom text
- support for Jamf Pro and Jamf School
![setup manager progress dialog](Images/setup-manager-progress-screenshot.png)
- localized interface and localizable custom text
- works with Jamf Pro and Jamf School
## Installation and Configuration
### Jamf Pro
1. Upload the Setup Manager installer pkg file to Jamf Pro
2. Create a custom configuration profile with the preference domain `com.jamf.setupmanager`. See documentation for the profile contents [here](ConfigurationProfile.md).
3. Scope the configuration profile to the computers
4. Add the pkg and the configuration profile to the Prestage
Setup Manager can be used for various zero-touch and tech-driven single-touch deployments with Jamf Pro and (optionally) Jamf Connect. One single-touch workflow with Jamf Connect where the tech can re-assign the Mac to a different end user [is described here](JamfProConnect-SingleTouch.md).
### Jamf School
[Setup with Jamf School](Setup-JamfSchool.md)
- Jamf Pro
- [JamfPro-Quick Start](Docs/JamfPro-QuickStart.md)
- zero-touch and user-initiated deployments (forthcoming)
- [extra installations based on user data entry](Docs/JamfPro-TwoPhase.md)
- [Single-touch workflow with user re-assignment using Jamf Connect](Docs/JamfProConnect-SingleTouch.md)
- [handsfree deployment with AutoAdvance and Setup Manager at login window (beta)](Docs/JamfPro-LoginWindow.md)
- [Jamf School](Docs/JamfSchool-Setup.md)
- [Extras and Notes](Docs/Extras.md)
- [Frequently Asked Questions](Docs/FAQ.md)
- [Webhooks](Docs/Webhooks.md)
- [Network Connectivity Checks](Docs/Network.md)
## Configuration Profile
The structure of the configuration profile [is documented here](ConfigurationProfile.md).
## Notes
There is also a [custom schema for Jamf Pro](Docs/Extras.md#custom-json-schema-for-jamf-pro).
### Requirements
## Requirements
Setup Manager requires macOS 12.0.0 or higher. It will work only with Jamf Pro or Jamf School.
Setup Manager requires macOS 13.5 or higher. It will work only with Jamf Pro or Jamf School.
### Known Issues
## Known Issues
- Setup Manager will **_not_** launch with Auto-Advance enabled
- Setup Manager may **_not_** launch when you disable _all_ Setup Assistant screens
- Setup Manager will **_not_** launch at enrollment with Auto-Advance enabled, use the option to run at login window
- Setup Manager may **_not_** launch or launch and quit quickly when you disable _all_ Setup Assistant screens and skip user creation, leave at least one Setup Assistant option that shows _before_ the user creation enabled, or use the option to run at login window
- Policies that are triggered by `enrollmentComplete` may delay or even disrupt Setup Manager running from Prestage/Automated Device Enrollment. Disable or un-scope policies triggered by `enrollmentComplete` on devices using Setup Manager.
### Quit
---
The command-Q keyboard short cut to quit the app is disabled. You can use shift-control-command-E instead. This should only be used when debugging as it may leave the client in an undetermined state when installations are aborted.
### Logging
Setup Manager logs to `/Library/Logs/Setup Manager.log`.
While it is running you can open a log window with command-L.
### Flag file
Setup Manager creates a flag file at `/private/var/db/.JamfSetupEnrollmentDone` when it finishes. If this file exists when Setup Manager launches, the app will terminate immediately and withour taking any action. You can use this flag file in an extension attribute in Jamf to determine whether the enrollment steps were performed. (Setup Manager does not care if the actions were performed successfully.)
When DEBUG is set to YES in the defaults/configuration profile, the flag file is ignored at launch, but still created when done.
### Final action and shutdown
When the app is not running as root (for testing or from Xcode) or when the `DEBUG` preference is set, shutdown will merely quit.
### "About This Mac…" window
When you hold the option key when clicking on "About This Mac…" you will see more information.
Please report issues, feature requests, and feedback (positive and negative) [as an issue.](https://github.com/setup-manager/setup-manager/issues)
Please report issues, feature requests, and feedback (positive and negative) [as an issue.](https://github.com/Jamf-Concepts/Setup-Manager/issues)

71
Setup-JamfSchool.md
View File

@@ -1,71 +0,0 @@
# Setup with Jamf School
## Setting Jamf Setup Manager Workflow in Jamf School
In order to configure the workflow in Jamf School you will need
- A Jamf Setup Manager Configuration Profile (configured for your deployment, example profile below) uploaded to Jamf School
- Jamf Setup Manager PKG (available from GitHub) uploaded to Jamf School
- An Automated Device Enrolment Profile with at least one setup assistant pane configured, “Wait for the configuration to be applied before continuing the Setup Assistant” box checked and an admin account configured as required and “skipped user creation” pane
- Other ADE profile setting should be set as required but Do Not select Auto Advance (see below)
### Step 1
- Create a Payloadless Profile for Smart Group Targeting
- Navigate to profiles and create a new macOS Profile.
- Name it “Jamf Setup Manager Installed”
- Do not scope the profile and do not configure any payloads. Simply save the profile
### Step 2
- Create a Smart Group to target your required Macs
- Navigate to Devices → Device Groups and create a new group. Ensure you select “Smart Group”
- Name the Group “Jamf Setup Manager Profile” skip all other panes until members
- In members select “Operating System” “equals” “Any” and then leave the min and max OS blank. This will target any and all macOS devices in my environment
- If you only want to select a subset of macOS devices, for example Lab Mac devices and not 1:1 devices, configure this group to target the desired devices in your environment
- Save Scope
### Step 3
- Create a Smart Group to target devices with Jamf Setup Manager Profile Installed to deploy JSM pkg
- Navigate to Devices → Device Groups and create a new group. Ensure you select “Smart Group”
- Name the Group “Install Jamf Setup Manager”, skip all other panes until members
- In members select “Managed Profile (Installed)” “equals” and then select the Jamf Setup Manager Configuration Profile that you uploaded to Jamf School
- Save Scope
- Next in the Apps tab add the Jamf Setup Manager pkg and in the Profiles tab select the “Jamf Setup Manager Installed” profile you created in Step 1
- If you named your profile in step 1 something different, be sure to select that profile in this step
### Step 4
- Create a Smart Group to target devices with the “JSM Installed” profile installed and deploy the rest of the profile and apps
- Navigate to Devices → Device Groups and create a new group. Ensure you select “Smart Group”
- Name the group “macOS Management & Apps”, skip all other panes until members
- In members select ““Managed Profile (Installed)” “equals” and then select “Jamf Setup Manager Installed” profile that you created in Step 1
- If you named your profile in step 1 something different, be sure to select that profile in this step
- Next in the Apps tab add any apps or packages that will not be installed via Installomator as part of the Jamf Setup Workflow and in the Profiles tab any any and all config needed to manage your Macs
- If you install packages or App Store apps through Jamf School, if you want to report on them as part of the Jamf Setup Manager workflow be sure to add Watchpaths for the apps / content into the Jamf Setup Manager Configuration Profile before uploading to Jamf School
These chained Smart group actions then perform the following flow
- Scope the Jamf Setup Manager Config profiles to all macOS devices
- Once the Profile is reported as installed by Jamf School, it will then install the Jamf Setup Manager pkg (since we 100% know the config profile is on the device before the pkg, when know itll be configured in the correct manner) and the “Jamf Setup Manager Installed” profile
- Only when the device reports back that it has “Jamf Setup Manager Installed” profile will it move into the next smart group where it will receive the commands to install further apps / packages and the rest of the configuration profiles
With this flow we are controlling the best we can that the first thing the device does it install Jamf Setup Manager and the required config rather than having Jamf Setup Manager queued rather down a list of apps that are installing.
This activity log shows the order in which Jamf School issues and the device receives the commands. We can see that theres not a huge amount of time between all the actions but long enough that we can be sure that the device gets the Enterprise Install command to install Jamf Setup Manager before anything other apps
## Workflow Warnings
Since the Jamf Setup Manager workflow is very “specific” for Jamf School it shouldnt be a surprise that there are some warnings, or gotchas. All mainly around the way that weve chained together the smart groups based on installed profiles, although it gives us the flow that we need it's also a little fragile.
For example if you were to accidentally unscope the “Jamf Setup Manager Installed” profile from a device it would then fall out of scope of the “macOS Management & Apps” group, which is where all of the management and App Store apps are scoped.
…and of course that means the device has the profiles removed and App Store apps removed AKA disaster 💥💥💥
The second smart group we create also is looking for a profile that is installed. Youre likely not going to unscope by accident this profile (although if you did is would mean the device has profiles removed and App Store app removed AKA disaster 💥💥💥) what is more likely to happen is that you UPDATE or REPLACE the “Jamf Setup Manager Configuration Profile”
Let's say you upload your JSM configure Profile and call its “JSM Setup V1” and this is the profile that you select in the smart group in Step 1 above. You then edit the config profile and call it JSM Setup V1.1, maybe even delete the JSM Setup V1 from Jamf School.
The smart group is still looking for a profile called “JSM Setup V1”.
Depending on your setup and how youve managed your profiles in Jamf School your deployed devices might not longer have JSM Setup V1 installed, which means it falls out of the “Install Jamf Setup Manager” group which in turn will fall out of the “macOS Management & Apps” group….which is where all of the management and App Store apps are scoped.
Again, of course that means the device has the profiles removed and App Store apps removed AKA disaster 💥💥💥
Also newly deployed devices might not run through the workflow correctly as they are now have JSM Setup V1.1 installed and the smart group is looking for JSM Setup V1.
Bottom line here is be mindful about the name of your Jamf Setup Manager Profile and if you amend the config and upload a new version, scope that FIRST, then EDIT the smart group, wait for it to deploy and then remove the old profile.
Although targeting the profile is what makes this workflow successful in Jamf School, its also a house of cards

126
sample-com.jamf.setupmanager.plist
View File

@@ -1,126 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>userEntry</key>
<dict>
<key>department</key>
<dict>
<key>options</key>
<array>
<string>Sales</string>
<string>R&amp;D</string>
<string>IT</string>
</array>
</dict>
<key>computerName</key>
<string>Mac-12345</string>
<key>userID</key>
<dict>
<key>placeholder</key>
<string>first.last@example.com</string>
<key>placeholder.de</key>
<string>vorname.nachname@example.com</string>
<key>placeholder.nl</key>
<string>voornaam.achternaam@example.com</string>
</dict>
<key>assetTag</key>
<dict>
<key>placeholder</key>
<string>ABC12345</string>
</dict>
</dict>
<key>enrollmentActions</key>
<array>
<dict>
<key>arguments</key>
<array>
<string>-setTimeZone</string>
<string>Europe/Amsterdam</string>
</array>
<key>icon</key>
<string>symbol:clock</string>
<key>label</key>
<string>Set Time Zone</string>
<key>label.es</key>
<string>Establecer zona horaria</string>
<key>label.fr</key>
<string>Définir le fuseau horaire</string>
<key>label.it</key>
<string>Imposta il fuso orario</string>
<key>label.de</key>
<string>Zeitzone setzen</string>
<key>label.nl</key>
<string>Tijdzone instellen</string>
<key>requiresRoot</key>
<true/>
<key>shell</key>
<string>/usr/sbin/systemsetup</string>
</dict>
<dict>
<key>icon</key>
<string>https://ics.services.jamfcloud.com/icon/hash_bb4e9c7d19adf8360ff28d666b01e66c35ae3e8d190660ac496d5a8abf4276a8</string>
<key>label</key>
<string>Microsoft 365</string>
<key>policy</key>
<string>install_microsoft365</string>
</dict>
<dict>
<key>icon</key>
<string>https://ics.services.jamfcloud.com/icon/hash_87d2224fa990a47de96f63fb2f84aa3b7304c20a3ff29412f5a7a484745fd2c9</string>
<key>label</key>
<string>Google Chrome</string>
<key>policy</key>
<string>install_chrome</string>
</dict>
<dict>
<key>icon</key>
<string>https://ics.services.jamfcloud.com/icon/hash_d72c39716b456bb647a1cfe01942656bd25dfcdd0faaa147dcce337589b75a8a</string>
<key>label</key>
<string>BBEdit</string>
<key>policy</key>
<string>install_bbedit</string>
</dict>
<dict>
<key>icon</key>
<string>symbol:app.badge</string>
<key>label</key>
<string>Jamf Protect</string>
<key>timeout</key>
<integer>600</integer>
<key>watchPath</key>
<string>/Applications/JamfProtect.app</string>
</dict>
</array>
<key>icon</key>
<string>name:AppIcon</string>
<key>finalCountdown</key>
<integer>30</integer>
<key>message</key>
<string>Please be patient while Setup Manager configures your new Mac.</string>
<key>message.es</key>
<string>Por favor espere mientras Setup Manager configura tu nuevo Mac.</string>
<key>message.it</key>
<string>Sii paziente mentre Setup Manager configura il tuo nuovo Mac.</string>
<key>message.fr</key>
<string>Veuillez être patient pendant que Setup Manager configure votre nouveau Mac.</string>
<key>message.de</key>
<string>Bitte etwas Geduld während Setup Manager deinen neuen Mac konfiguriert.</string>
<key>message.nl</key>
<string>Even geduld terwijl Setup Manager je nieuwe Mac configureert.</string>
<key>title</key>
<string>Welcome!</string>
<key>title.es</key>
<string>¡Bienvenido!</string>
<key>title.it</key>
<string>Benvenuto!</string>
<key>title.fr</key>
<string>Bienvenu!</string>
<key>title.de</key>
<string>Willkommen!</string>
<key>title.nl</key>
<string>Welcom!</string>
<key>jssID</key>
<string>$JSSID</string>
</dict>
</plist>