jamf/Setup-Manager
1
0
Fork 0
mirror of https://github.com/jamf/Setup-Manager.git synced 2026-02-05 23:12:15 +00:00
Code Issues 37 Actions Packages Projects Releases Wiki Activity

Compare commits

base: jamf:v1.0rc
Branches Tags
jamf:main jamf:beta
jamf:v1.4.3 jamf:v1.4.2 jamf:v1.4.1 jamf:v1.4 jamf:v1.4beta2 jamf:v1.4beta jamf:v1.3.1 jamf:v1.3 jamf:v1.3beta jamf:v1.2.2 jamf:v1.2.1 jamf:v1.2 jamf:v1.2beta3 jamf:v1.2beta2 jamf:v1.2beta jamf:v1.1.1 jamf:v1.1 jamf:v1.1beta jamf:v1.0 jamf:v1.0rc jamf:v0.9.1-306
...
compare: jamf:v1.1beta
Branches Tags
jamf:main jamf:beta
jamf:v1.4.3 jamf:v1.4.2 jamf:v1.4.1 jamf:v1.4 jamf:v1.4beta2 jamf:v1.4beta jamf:v1.3.1 jamf:v1.3 jamf:v1.3beta jamf:v1.2.2 jamf:v1.2.1 jamf:v1.2 jamf:v1.2beta3 jamf:v1.2beta2 jamf:v1.2beta jamf:v1.1.1 jamf:v1.1 jamf:v1.1beta jamf:v1.0 jamf:v1.0rc jamf:v0.9.1-306

13 Commits
v1.0rc ... v1.1beta

Author SHA1 Message Date
Armin Briegel
52ee0e0e2a Update ChangeLog.md 2024-09-09 16:00:54 +02:00
Armin Briegel
0e4961a42a updated docs for 1.1beta 2024-09-09 15:55:00 +02:00
Armin Briegel
4aabab6033 updated ReadMe 2024-08-29 10:04:44 +02:00
Armin Briegel
475f8e013a updated ReadMe 2024-08-29 09:59:45 +02:00
Anthony Reimer
08b36bf6ed Fix minor formatting error in ConfigurationProfile.md 
In totalDownloadBytes, the information about the parameters for the value appears on the same line as the header, unlike the rest of the document. This commit fixes that formatting (ever the editor…).
 2024-07-24 14:05:35 -06:00
Armin Briegel
246372c4a4 Merge pr #10 2024-07-08 09:18:35 +02:00
Elliot Jordan
dc233bb393 Use $appPath variable and quote whoami output 2024-07-05 14:16:24 -07:00
Elliot Jordan
f68ce643da plutil -convert xml1 2024-07-05 14:16:08 -07:00
Elliot Jordan
44742d97c9 Remove unreferenced screenshot 2024-07-05 14:15:58 -07:00
Elliot Jordan
7c509ccc60 Various spelling and formatting fixes for markdown files 2024-07-05 14:15:46 -07:00
Armin Briegel
6ea7365dc0 v1.0 2024-07-01 12:51:02 +02:00
Armin Briegel
640672b945 added .gitignore 2024-07-01 12:47:18 +02:00
macnotes
035796c035 Create LICENCE.md 2024-06-19 08:29:25 -04:00
18 changed files with 839 additions and 381 deletions
Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.DS_Store

188
ChangeLog.md
View File

@@ -1,72 +1,106 @@
# Setup Manager - Change Log
## v1.1beta
(2024-09-09)
### New Features
- new action [`waitForUserEntry`](ConfigurationProfile.md#waitforuserentry) which allows for two-phase installation workflows in Jamf Pro. When Setup Manager reaches this action it will wait for the user entry to save the data entry, then it will run a recon/Update Inventory. Policy actions that follow this, can then be scoped to data from the user entry. (#11)
- Setup Manager can now run over Login Window, instead of immediately after installation. This also allows Setup Manager to work with AutoAdvance. Use the new `runAt` key in the profile to determine when Setup Manager runs (#18)
- data from user entry, is now written to a file when Setup Manager submits data. See details in [User Entry](Extras.md#user-data-file) (#9)
- use token substitution in the `title`, `message`, and action `label` values (as well as `computerNameTemplate`)
- token substitution can extract center characters with `:=n`
- localization in the configuration profile has been simplified. The previous method still works, but is considered deprecated. [Details](ConfigurationProfile.md#localization)
### Fixes and improvements
- icons using `symbol:` that end in `.app` now work properly
- Elapsed time is shown in "About this Mac…" Start time is shown with option key
- svg and pdf images used for `icon`s should now work
- general fixes in user entry setup
- improved rendering in Help View (#12)
- fixes to json schema
- improved and updated documentation
- included Installomator script updated to [v10.6](https://github.com/Installomator/Installomator/releases/v10.6)
- added Setup Manager version and macOS version and build to tracking ping
- fixed UI glitch in macOS Sequoia
## v1.0
(2024-07-01)
- updated to new Jamf Concepts Use Agreement
- updated German and Swedish localizations
- added name for macOS 15
- new `hideActionLabels` and `hideDebugLabel` keys
- 'Jamf ID' is now only visible in the extended 'About this Mac' View (reachable when holding the option key)
- messaging when Setup Manager is launched in user space or with missing configuration
- UI tweaks
## v1.0RC
(2024-03-11)
- various minor fixes to localization, documentation, and small UI tweaks (#128)
- better error handling and display for some edge cases (#52, #53, #120)
- added ReadMe and License to installer pkg (#126)
- various minor fixes to localization, documentation, and small UI tweaks
- better error handling and display for some edge cases
- added ReadMe and License to installer pkg
## v0.9.1
(2023-11-20)
- Norwegian and Swedish localizations, thanks to Sam Wennerlund (#111, #112)
- refactored process launching code, this should help with some stalling issues (#95)
- shutdown button should not stall anymore (#118)
- Setup Manager now caches the defaults at launch. This makes it more resilient to its configuration profile "disappearing" because the computer is not scope. (We still recommend scoping the Setup Manager Configuration profile as well as adding it to the Prestage.) This also addresses the custom UI "flickering" while it runs. (#99, setup-manager/setup-manager#21)
- Norwegian and Swedish localizations, thanks to Sam Wennerlund
- refactored process launching code, this should help with some stalling issues
- shutdown button should not stall anymore
- Setup Manager now caches the defaults at launch. This makes it more resilient to its configuration profile "disappearing" because the computer is not scope. (We still recommend scoping the Setup Manager Configuration profile as well as adding it to the Prestage.) This also addresses the custom UI "flickering" while it runs. (#21)
## v0.9
(2023-10-26)
- Help button
- new key `help` shows a help button (circled question mark) in the lower right corner. The "Continue" and/or "Shutdown" buttons will replace the "Help" when the appear (#113)
- new key `help` shows a help button (circled question mark) in the lower right corner. The "Continue" and/or "Shutdown" buttons will replace the "Help" when the appear
- see [Configuration Profile documentation](ConfigurationProfile.md#help) for more detail
- "About this Mac" info window
- now shows network connection status. (#116) With the option key, the info window shows the interface name (#90) and IP address (#106)
- to keep the info window clean, some (more) items are now only shown when opening the info window while holding option keys (#115) (Jamf Pro and Setup Manager version)
- updated Installomator to v10.5 (#107)
- added new defaults key `overrideSerialNumber` to display a preset serial number (#100), this is useful for creating screenshots or recordings
- main window is not resizable (#103, setup-manager/setup-manager#26)
- user entry with options menu would be empty unless manually set (#110, setup-manager/setup-manager#23)
- item progress indicators are now more distinct (#109, setup-manager/setup-manager#25)
- added "Powered by Jamf" and icon in button bar (#117)
- Setup Manager rearranges windows properly when a screen is attached or removed (#105)
- now shows network connection status. With the option key, the info window shows the interface name and IP address
- to keep the info window clean, some (more) items are now only shown when opening the info window while holding option keys (Jamf Pro and Setup Manager version)
- updated Installomator to v10.5
- added new defaults key `overrideSerialNumber` to display a preset serial number, this is useful for creating screenshots or recordings
- main window is not resizable (#26)
- user entry with options menu would be empty unless manually set (#23)
- item progress indicators are now more distinct (#25)
- added "Powered by Jamf" and icon in button bar
- Setup Manager rearranges windows properly when a screen is attached or removed
- app and pkg are now signed and notarized with Jamf Developer certificates
- many more bug fixes and improvements (#98, #102)
- many more bug fixes and improvements
## v0.8.2
(2023-09-19)
- local files are now shown correctly with `icon` (#93)
- download speed is shown in macOS Sonoma (#94)
- fixed a strange race condition that led to large installomator installations stalling with Jamf School (#80)
- 'Shutdown' button is now hidden by default, since it breaks some of the workflows (#25). You can unhide it by setting the `finalAction` key to `shutdown` (this will hide the continue button) or setting the `showBothButtons` key to `true` which will show both buttons.
- local files are now shown correctly with `icon`
- download speed is shown in macOS Sonoma
- fixed a strange race condition that led to large installomator installations stalling with Jamf School
- 'Shutdown' button is now hidden by default, since it breaks some of the workflows. You can unhide it by setting the `finalAction` key to `shutdown` (this will hide the continue button) or setting the `showBothButtons` key to `true` which will show both buttons.
## v0.8
(2023-09-05)
- Italian and Spanish localizations (Thanks to Nicola Lecchi, Andre Vilja and Javier Tetuan) (#71, #85)
- fixed crashing bug when `background` is set (#73)
- 'Save Button' in User Entry now enables properly (#76)
- UI layout improvements (#74, #75, #88)
- main `icon` now properly displays wide aspect images (#82)
- watchPath actions time faster in DEBUG mode (#70)
- unloads Jamf Pro background check-in during workflow (#81)
- About this Mac…
- downloand speed (measured with `networkQuality`) and esitmated download time (#84)
- Jamf Pro version (#43)
- Italian and Spanish localizations (Thanks to Nicola Lecchi, Andre Vilja and Javier Tetuan)
- fixed crashing bug when `background` is set
- 'Save Button' in User Entry now enables properly
- UI layout improvements
- main `icon` now properly displays wide aspect images
- watchPath actions time faster in DEBUG mode
- unloads Jamf Pro background check-in during workflow
- About this Mac…
- Download speed (measured with `networkQuality`) and estimated download time
- Jamf Pro version
- new preference keys (see [config profile documentation for details](ConfigurationProfile.md))
- `accentColor` (#83)
- `totalDownloadBytes` (#91)
- `userEntry.showForUserIDs` (#87)
- `accentColor`
- `totalDownloadBytes`
- `userEntry.showForUserIDs`
## v0.7.1
@@ -82,25 +116,25 @@
- added macOS Sonoma to list of known macOS releases
- added documentation for Jamf School
- added changelog and some more updates to documentation (#68, #67)
- computer name can now be generated wihtout UI from a template (#8, #69)
- added changelog and some more updates to documentation
- computer name can now be generated without UI from a template
- added slight scale animation and edge fade to action list
- user entry fields can now be validated with a regular expression and localized message (#6, #7)
- battery widget now display correctly on Macs without a battery (#66)
- user entry fields can now be validated with a regular expression and localized message
- battery widget now display correctly on Macs without a battery
## v0.6
(2023-06-05)
- launchd plist is now removed when app launches and flag file is present. This will prevent further accidental restarts after the app has been re-installed (#54)
- improved logging when parsing an action fails (#55)
- added Pendo integration to track app launches (#57, #58)
- hitting cmd-L multiple times would open multiple log windows (#61)
- log window now auto-scrolls to latest entry (#62)
- command-W no longer closes main window (#63)
- launchd plist is now removed when app launches and flag file is present. This will prevent further accidental restarts after the app has been re-installed
- improved logging when parsing an action fails
- added Pendo integration to track app launches
- hitting cmd-L multiple times would open multiple log windows
- log window now auto-scrolls to latest entry
- command-W no longer closes main window
- added French localization
- fixed some typos in Dutch localization
- Warning screen appears when battery drops below 20% (#37, #38) and disappears when charger is connected
- Warning screen appears when battery drops below 20% and disappears when charger is connected
- you can show/hide battery status with cmd-B
- updated built-in Installomator to v10.4
- fixed some logic errors in the Jamf Pro workflow that were introduced when adding Jamf School support
@@ -109,9 +143,9 @@
(2023-05-09)
- should now support Jamf School, this required major changes throughout the code, please test everything, also on Jamf Pro (#47, #48)
- added installomator as an option for actions (mostly for Jamf School, but this also works with Jamf Pro) (#49)
- changed packaging script so that Jamf School can parse the pkg (#46)
- should now support Jamf School, this required major changes throughout the code, please test everything, also on Jamf Pro
- added installomator as an option for actions (mostly for Jamf School, but this also works with Jamf Pro)
- changed packaging script so that Jamf School can parse the pkg
- while rebuilding everything found a few edge cases that weren't handled very well
- holding the option key when clicking "About this Mac…" will now show some extra info (want to add more data there going forward)
- added SwiftLint to the project
@@ -120,42 +154,42 @@
(2023-04-05)
- disk size is shown in "About this Mac…" (#30)
- display and Mac will not sleep during installations (#28)
- Setup Manager will ignore non-managed enrollmentActions when not in Debug mode (#32)
- Setup Manager shows when Debug mode is enabled (#39)
- command-Q no longer quits the app (you can use shift-control-command-E) instead (#29)
- disk size is shown in "About this Mac…"
- display and Mac will not sleep during installations
- Setup Manager will ignore non-managed enrollmentActions when not in Debug mode
- Setup Manager shows when Debug mode is enabled
- command-Q no longer quits the app (you can use shift-control-command-E) instead
## v0.3
(2023-03-10)
- localization (English, German, Dutch)
- DEBUG mode now does something (#10)
- added flag requiresRoot to shell action (#42)
- Prerequisites now wait for Jamf keychain (#41)
- About this Mac info should work for Intel Macs (#41)
- Connected Shutdown button (#1)
- Setup Manager creates a flag file at /private/var/db/.JamfSetupEnrollmentDone when it finishes. (#2)
- when this file exists when Setup Manager launches, the app will terminate immediately and do nothing. (#3)
- new defaults key finalCountdown which automatically continues (or shuts down) after a timer (#27)
- DEBUG mode now does something
- added flag requiresRoot to shell action
- Prerequisites now wait for Jamf keychain
- About this Mac info should work for Intel Macs
- Connected Shutdown button
- Setup Manager creates a flag file at /private/var/db/.JamfSetupEnrollmentDone when it finishes
- when this file exists when Setup Manager launches, the app will terminate immediately and do nothing.
- new defaults key finalCountdown which automatically continues (or shuts down) after a timer
- new defaults key finalAction which can set 'shut down' as the action when the timer runs out
- started out with localization (#23)
- background window and log window work over Setup Assistant #22
- show Jamf Computer ID in Info Window #13 and re-worked Info View
- user input configurable in profile #4
- added department, building and room as options for input #5
- started out with localization
- background window and log window work over Setup Assistant
- show Jamf Computer ID in Info Window and re-worked Info View
- user input configurable in profile
- added department, building and room as options for input
## v0.2
- app should now work with macOS Monterey #9
- window not movable #18
- main window centered correctly #17
- menu bar hidden #20
- removed coverflow effect from main action list #14
- app should now work with macOS Monterey
- window not movable
- main window centered correctly
- menu bar hidden
- removed coverflow effect from main action list
known issues:
- log window and background image window don't open when run over login window #22
- user input not yet optional #4
- shutdown button does not work yet #1
- log window and background image window don't open when run over login window
- user input not yet optional
- shutdown button does not work yet

208
ConfigurationProfile.md
View File

@@ -20,7 +20,7 @@ When in debug mode, you have to set the `simulateMDM` preference key to `Jamf Pr
#### `title`
(String, default: `Welcome to Setup Manager`, localized)
(String, default: `Welcome to Setup Manager`, localized, substitutions)
The main title over the window.
@@ -39,7 +39,7 @@ The icon shown at the top center of the window. There are many options to define
#### `message`
(String, default: `Setup Manager is configuring your Mac…`, localized)
(String, default: `Setup Manager is configuring your Mac…`, localized, substitutions)
The message shown below the title.
@@ -50,12 +50,27 @@ Example:
<string>Please wait a few moments while we install essential software…</string>
```
The message can use [substitutions](#substitutions).
Example:
```
<key>message</key>
<string>Preparing your new %model%. Please be patient.</string>
```
#### `background`
(String, optional, localized)
When this key is set, Setup Manager treats it as an image/[icon source](#icon-source) and displays the image in a screen covering background.
#### `runAt`
(String, optional, deafult; `enrollment`)
This value determines when Setup Manager should launch. There are two values: `enrollment` (default) and `loginwindow`. When set to `enrollment` Setup Manager will launch immediately when the pkg is installed. This is the setting to use for automated device enrollment (without AutoAdvance) and user-initiated enrollment. When the `runAt` value is set to `loginwindow` Setup Manager will launch when the login window is shown. This is useful for fully automated enrollments with AutoAdvance. A setting of `loginwindow` will only with enrollment setups that eventually end on the login window (i.e. a user has to be created automatically or the device is bound to a directory).
#### `enrollmentActions`
(Array of Dicts, required)
@@ -117,6 +132,8 @@ Example:
This key determines whether both the 'Shutdown' and 'Continue' are shown or just the button set in the `finalAction` key.
**Warning:** this key will be removed in a future version of Setup Manager
Example:
```
@@ -124,7 +141,9 @@ Example:
<true/>
```
#### `totalDownloadBytes` : (Integer, opitonal, default: 1000000000 or 1GB, v0.8)
#### `totalDownloadBytes`
(Integer, opitonal, default: 1000000000 or 1GB, v0.8)
Use this value to provide an estimate for the total size of all items that will be downloaded. Setup Manager will display and estimated download time for this sum in the "About this Mac..." popup window.
@@ -163,32 +182,20 @@ Example:
#### `computerNameTemplate`
(String, Jamf Pro only)
(String, Jamf Pro only, substitutions)
When this key is set, Setup Manager will generate the computer name from this template and set it. When this key is present, a `computerName` dict or string in `userEntry` will be ignored.
The template uses tokens, which begin and end with `%` character. The tokens will be replaced with data from the device or from user entry. For example, in the template `Mac-%serial%` the `%serial%` token will be replaced with the computer's serial number. (A double `%%` will be substituted with a single `%`, in case you need to represent this symbol in the computer name.)
The following tokens are available:
- `serial`: the computer's serial number
- `udid`: the computer's provisioning udid
- `model`: the computer's model name, e.g. `MacBook Air` or `Mac mini`
- `model-short`: the first word of `model` (no spaces), i.e. `MacBook`, `Mac` or `iMac`
- these values from user entry: `email`, `assetTag`, `building`, `department`, `room`
If the value for a token cannot be retrieved or is empty, it will be substituted with `%%%` (three percentage signs).
You can add a `:n` (where `n` is an integer number) to a token. This will substitute only the first `n` characters of the string. For example `%serial:5%` will be substituted with the first 5 characters of the serial number. When `n` is negative, it will substitute the _last_ `n` characters. For example, `%udid:-8%` will substitute the last eight characters of the udid.
The template uses substitution tokens, which begin and end with `%` character which will be substituted with data at run time. See [Substitutions](#substitutions) for details.
Example:
```
<key>computerNameTemplate</key>
<string>Mac-%serial:-6%</string>
<string>Mac-%serial:=6%</string>
```
This will set the computer name to `Mac-ABC123` where `ABC123` is the last six characters of the serial number
This will set the computer name to `Mac-DEF456` where `DEF456` are the center six characters of the serial number
#### `overrideSerialNumber`
@@ -196,13 +203,40 @@ This will set the computer name to `Mac-ABC123` where `ABC123` is the last six c
When set, the "About this Mac" info window will show this value instead of the real serial number. This is useful when making screen shots or recordings for documentation or presentations where you do not want to expose real serial numbers.
#### `hideActionLabels`
(Bool, default: `false`)
Hides the individual labels under each action's icon.
Example:
```
<key>hideActionLabels</key>
<true/>
```
#### `hideDebugLabel`
(Bool, default: `false`)
When set, suppresses display of the red 'DEBUG' label in debug mode. Useful for screenshots and recordings.
Example:
```
<key>hideDebugLabel</key>
<true/>
```
## Actions
All actions should have these keys:
#### `label`
(String, required, localized)
(String, required, localized, substitutions)
The label is used as the name of the action in display.
@@ -333,6 +367,28 @@ Example:
</dict>
```
### Wait for User Entry
#### `waitForUserEntry`
(String, value is ignored)
When Setup Manager reaches this action before the user entry has been completed, it will wait until the user entry is completed and the user has clicked 'Save.'
When the user entry is saved, this action will set the computer name, according to the `computerNameTemplate` or what was entered by the user and run a recon/Update Inventory which submits the user data.
This action allows for "two phase" installation workflows where the policies in the second phase are scoped to data from the user entry. After this action, smart groups in Jamf Pro should reflect the data entered and you can use scoping in subsequent policies to choose which policies should or should not run on this device.
Regardless of whether there is a `waitForUserEntry` action or not, Setup Manager will submit the user data and run a recon/Update Inventory after all actions are finished.
```xml
<dict>
<key>label</key>
<string>Wait for User Entry</string>
<key>waitForUserEntry</key>
<string/>
</dict>
```
### Jamf Inventory Update (recon)
@@ -355,7 +411,7 @@ Example:
### Installomator
This will run Installomator to install a given label.
This will run [Installomator](https://github.com/Installomator/Installomator) to install a given label.
Note: by default, Setup manager will add `NOTIFY=silent` to the arguments to suppress notfications. You can override this in the `arguments`.
@@ -427,7 +483,7 @@ When the icon source starts with `name:`, Setup Manager will get the icon with t
### SF Symbols:
When the icon source starts with `symbol:`, Setup Manager will create the icon using that symbols name. You can look up symbol names using the [SF Symbols app](https://developer.apple.com/sf-symbols/).
When the icon source starts with `symbol:`, Setup Manager will create the icon using that symbols name. You can look up symbol names using the [SF Symbols](https://developer.apple.com/sf-symbols/) app.
Note that the availability of SF Symbols will vary with the OS version and that some SF Symbols may look different in different localizations.
@@ -449,6 +505,10 @@ You can enable user entry for the following keys:
Any of the fields will only be shown when its key exists. If you were to create an empty `userEntry` dict, you get an empty user input screen with a 'Save' button - not a good user experience.
### User Data file
Data from user entry is written, together with some other data to a file when Setup Manager reaches a `waitForUserEntry` action and again when it finishes. The file is stored at `/private/var/db/SetupManagerUserData.txt`. [More details.](Extras.md#user-data-file)
#### `default`
(String, localized)
@@ -473,18 +533,8 @@ Example:
<dict>
<key>default</key>
<string>ABC12345</string>
</dict>
```
With the second, longer form you can have different default values per [localization](#localization).
```
<key>computerName</key>
<dict>
<key>default</key>
<string>Device-12345</string>
<key>default.de</key>
<string>Gerät-12345</string>
<key>validation</key>
<string>[A-Z]{3}\d{5}</string>
</dict>
```
@@ -568,13 +618,16 @@ The default validation message will show the regular expression the value is not
<key>validation</key>
<string>[A-Z]{3}\d{5}</string>
<key>validationMessage</key>
<string>Asset Tag needs to be of format 'ABC12345'</string>
<key>validationMessage.de</key>
<string>Etikett Nummer muss im Format 'ABC12345' sein</string>
<key>validationMessage.fr</key>
<string>L'étiquette d'actif doit être au format 'ABC12345'</string>
<key>validationMessage.nl</key>
<string>Asset Tag moet het formaat 'ABC12345' hebben</string>
<dict>
<key>en</key>
<string>Asset Tag needs to be of format 'ABC12345'</string>
<key>de</key>
<string>Etikett Nummer muss im Format 'ABC12345' sein</string>
<key>fr</key>
<string>L'étiquette d'actif doit être au format 'ABC12345'</string>
<key>nl</key>
<string>Asset Tag moet het formaat 'ABC12345' hebben</string>
</dict>
</dict>
```
@@ -647,22 +700,36 @@ Example:
The app will pick up the user choice of the UI language for the interface elements. Right now it supports English, French, German, Italian, Spanish, and Dutch. The app will fall back to English for other language choices.
You can provide localizations for the texts given in the configuration profile. You can do so by adding the two-letter language abbreviation (e.g. `de`, `fr`, or `nl`) to the key, separated with a `.` (dot or period character). The value of the key without a "language extension" is used for English and as a fallback value for other languages.
You can provide localizations for the texts given in the configuration profile.
Example:
**Note:** the method for providing localized texts in the configuration profile changed in version 1.1. The previous method will continue to work for the time being. Going forward, it is _strongly_ recommended to change to the new dictionary-based solution.
To provide a set of localizations for a value in the profile, change its type from `string` to `dict`. Inside the `dict`, provide a value for each localization for each localization with the language code as key.
For example, this unlocalized key-value pair
```
<key>title</key>
<string>Welcome!</string>
<key>title.de</key>
<string>Willkommen!</string>
<key>title.fr</key>
<string>Bienvenu!</string>
<key>title.nl</key>
<string>Welkom!</string>
```
is localized like this:
```
<key>title</key>
<dict>
<key>en</key>
<string>Welcome!</string>
<key>de</key>
<string>Willkommen!</string>
<key>fr</key>
<string>Bienvenu!</string>
<key>nl</key>
<string>Welkom!</string>
</dict>
```
If you do not provide or have deleted a `title.de` key and value, the app will choose the value of the `title` key even when in the German setting.
When there is no value for the localization, the app will fall back to the value of the `en` key.
The following keys can be localized:
@@ -673,26 +740,61 @@ The following keys can be localized:
- `icon`
- `background`
### Action keys
### Actions
- `label`
- `icon`
### User Entry keys
### User Entry
- `default`
- `placeholder`
- `validationMessage`
### Help
- `title`
- `message`
- `url`
Use these two-letter codes for these languages:
| Language | two-letter code |
|--------------------|-----------------|
| Dutch (Nederlands) | nl |
| English | en (default) |
| Dutch (Nederlands) | nl |
| French | fr |
| German | de |
| Italian | it |
| Norwegian | nb |
| Spanish | es |
| Swedish | sv |
## Substitution
Certain keys, such as `computerNameTemplate` can use tokens, which begin and end with `%` character. The tokens will be substituted with data from the device or from user entry. For example, in the template `Mac-%serial%` the `%serial%` token will be replaced with the computer's serial number. (A double `%%` will be substituted with a single `%`, in case you need to represent this symbol in the computer name.)
The following tokens are available:
- `serial`: the computer's serial number
- `udid`: the computer's provisioning udid
- `model`: the computer's model name, e.g. `MacBook Air` or `Mac mini`
- `model-short`: the first word of `model` (no spaces), i.e. `MacBook`, `Mac` or `iMac`
- these values from user entry, _after_ user entry has completed
- `email`
- `assetTag`
- `building`
- `department`
- `room`
If the value for a token cannot be retrieved or is empty, it will be substituted with `%%%` (three percentage signs).
You can add a `:n` (where `n` is an integer number) to a token. This will substitute only the first `n` characters of the string. For example `%serial:5%` will be substituted with the first 5 characters of the serial number. When `n` is negative, it will substitute the _last_ `n` characters. For example, `%udid:-8%` will substitute the last eight characters of the udid. When you use `:=n` the _center_ `n` characters will be picked.
These keys can use substitutions:
- `title`
- `message`
- `computerNameTemplate`
- actions: `label`

80
Docs/Extras.md Normal file
View File

@@ -0,0 +1,80 @@
# Extras and Notes
## Custom JSON Schema for Jamf Pro
- create a new profile
- go to Application & Custom Settings
- select Jamf Applications
- click the + Add button
- in the Jamf Application Domain popup select com.jamf.setupmanager
- for the version select the version of Setup Manager you are using
- for the Variant, select Setup Manager.json
- fill in your fields!
Note that the custom schema can become confused when you switch between enrollment action types and you will need to clean up extra empty fields.
## Quit
The command-Q keyboard short cut to quit the app is disabled. You can use shift-control-command-E instead. This should only be used when debugging as it may leave the client in an undetermined state when installations are aborted.
## Logging
Setup Manager logs to `/Library/Logs/Setup Manager.log`. While Setup Manager is running you can open a log window with command-L.
## Debug mode
When you set the `DEBUG` key to `true` in the profile or locally with the `defaults` command Setup Manager will not perform any tasks that actually perform installations or otherwise change the system.
You will also be able launch the app as the user, by double-clicking the app in `/Applications/Utilities`. This is useful to test the look and feel of your custom icons, text and localization. When you use this to create screen shots for documentation, also note the `overrideSerialNumber` and `hideDebugLabel` keys.
## Flag file
Setup Manager creates a flag file at `/private/var/db/.JamfSetupEnrollmentDone` when it finishes. If this file exists when Setup Manager launches, the app will terminate immediately and without taking any action. You can use this flag file in an extension attribute in Jamf to determine whether the enrollment steps were performed. (Setup Manager does not care if the actions were performed successfully.)
When `DEBUG` is set to `true` in the defaults/configuration profile, the flag file is ignored at launch, but may still be created when done.
In Jamf Pro, you can create an Extension Attribute named "Setup Manager Done" with the script code:
```sh
if [ -f "/private/var/db/.JamfSetupEnrollmentDone" ]; then
echo "<result>done</result>"
else
echo "<result>incomplete</result>"
fi
```
And then create a Smart Group named "Setup Manager Done" with the criteria `"Setup Manager Done" is "done"`. This can be very useful for scoping and limitations.
## User Data file
The data from user entry is written to a file when Setup Manager reaches a `waitForUserEntry` step and again when it finishes. The file is stored at `/private/var/db/SetupManagerUserData.txt`. When `DEBUG` is enabled, the file will be written to `/Users/Shared/`.
The file is plain text with the following format:
```
start: 2024-08-14T13:52:56Z
userID: a.b@example.com
department: Sales
building: Example
room: ABC123
assetTag: XYZ888
computerName: MacBook-M7WGMK
submit: 2024-08-14T13:54:37Z
duration: 101
```
Start time (`start`) and finish/submission time (`submit`) are given in ISO8601 format, universal time (UTC).
Fields that were not set in user entry will not be shown at all. You can use this file in scripts or extension attributes. The easiest way would be to parse it with `awk`, e.g.
```
duration=$(awk -F ': ' '/duration: / {print $2}' /private/var/db/SetupManagerUserData.txt)
```
## Final action and shutdown
When the app is not running as root (for testing or from Xcode) or when the `DEBUG` preference is set, shutdown will merely quit.
## "About This Mac…" window
When you hold the option key when clicking on "About This Mac…" you will see more information.

35
Docs/FAQ.md Normal file
View File

@@ -0,0 +1,35 @@
# Frequently Asked Questions
## Is there are custom JSON Schema for Jamf Pro?
[Yes.](Extras.md#custom-json-schema-for-jamf-pro)
## Can you block the user desktop with user initiated enrollment?
Yes, use the top-level `background` key and point it to a local image file or a http URL to an image file. If you don't want custom branding, you can set `background` to `/System/Library/CoreServices/DefaultDesktop.heic` for the default image.
## Setup Manager is not launching after enrollment
There can be many causes for this. A few common causes are:
- Jamf Pro: check that Setup Manager is added to your prestage and the package does not have the label "Availability pending" in Settings> Packages
- Jamf Pro: do not install JamfConnect.pkg in prestage when you want to use Setup Manager. Install JamfConnect with Setup Manager instead
- you need at least one of the 'Setup Assistant Options' in the prestage to be set to _not_ skip. Location Services or 'Choose your Look' are common choices, that you generally want to leave up the user anyway. Otherwise Setup Assistant may quit before Setup Manager can launch and do its actions.
## Does Setup Manager require Jamf Connect
No.
Setup Manager will run fine without Jamf Connect. You can even build 'single-touch' style workflows with Setup Manager withough Jamf Connect. Some features, such as pre-assigning a device to a specific user require Jamf Connect, though.
## How can I use the icon for an app before the app is installed?
- preinstall icon files with a custom package installer in prestage. Set the priority of the media/branding package lower than that for Setup Manager, or give the branding/media package a name that is alphabetically earlier than Setup Manager, so it installs before Setup Manager
- use http(s) urls to the image files
- you can host them on a web server/service that you have control over
- you can add the icon as an icon for a self service policy in Jamf and then copy the url to the icon once uploaded
## What is happening during the "Getting Ready" steps?
During the "Getting Ready" phase, Setup Manager is waiting for the Jamf Pro configuration to be complete, and runs a recon, so that policies during the enrollment phase can already be scoped. You cannot change the steps in this phase. You can see the details and possibly failures in the Setup Manager log.

71
Docs/JamfPro-QuickStart.md Normal file
View File

@@ -0,0 +1,71 @@
# Jamf Pro: Setup Manager Quick Start
## Upload Setup Manager package
Download the latest version of the Setup Manager installation pkg from the [releases page](https://github.com/Jamf-Concepts/Setup-Manager/releases/latest).
In the Jamf Pro web interface, go to Settings > Packages. Create a new package and upload the Setup Manager installer pkg file to Jamf Pro. Save the package.
_Note:_ when the package is marked as 'pending' it will not work in prestage deployment. Wait with testing deployments until the 'pending' flag has disappeared.
## Prepare a Jamf Pro policy for use with Setup Manager
Setup Manager can trigger policies in Jamf Pro. By triggering a sequence of Jamf Pro policies all the required software and configurations will be installed on the device.
## Create the Setup Manager configuration profile
- Go to Computers > create a new profile
- Name the profile 'Setup Manager'
- assign a category, ensure the Level is set to 'Computer Level'
- in payload sidebar select 'Application & Custom Settings', then select 'Jamf Applications'
- click the '+ Add' button
- for the 'Jamf Application Domain' choose `com.jamf.setupmanager`
- for the version select the version of Setup Manager you are using
- for the 'Variant', select `Setup Manager.json`
### Profile values
- for the Icon Source, enter `name:NSComputer`. This is a special value that tells Setup Manager to use an image of the computer it is running on. There are many other options you can use as an icon source [documented here](../ConfigurationProfile.md#icon-source).
- for the Title, enter `Welcome to Setup Manager!`
- for the Message, enter `Please be patient while we set up your new Mac…`
### Enrollment
- under Enrollment Actions, click on 'Add Item'
- for item 1, from the 'Select Action Type' popup, choose "Installomator"
- for 'Action Label,' enter `Google Chrome`
- for 'Action Icon Source,' enter `symbol:network`
- for 'Installomator Label' enter `googlechromepkg`
- click 'Add Item'
- for item 2, from the 'Select Action Type' popup, choose "Shell Command"
- under 'Command Arguments', click 'Add argument', enter `-setTimeZone`
- click 'Add argument' again and enter your time zone in the format `Europe/Amsterdam` (the 'TZ identifier' [from this list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones))
- for 'Action Label,' enter `Set Time Zone`
- for 'Action Icon Source,' enter `symbol:clock`
- for 'Requires Root' select `true`
- for 'Shell Command Path' enter `/usr/sbin/systemsetup`
You can add more actions here. There are more types of actions available, you can use a 'Jamf Policy Trigger' action to run a policy with a custom trigger. You can also use a 'Watch Path' action to wait for an app to be installed from the Mac App Store or Jamf App Installers.
## Scoping and Prestage
- Scope the configuration profile to the computers you want to run Setup Manager on
- create a new Prestage or duplicate an existing one
- Add the Setup Manager pkg and the configuration profile to the Prestage
- if you have JamfConnect.pkg in the Prestage, remove it. You can later add an action to install JamfConnect using Setup Manager.
- ensure that 'Automatically advance through Setup Assitant' is _disabled_
- Have at least one option _disabled_ (so that _is_ displayed)
- ensure your test Mac(s) is (are) assigned to the Prestage
## Wipe the Test Mac
- on the test mac, choose 'Erase all Contents and Settings' in the Settings app or wipe the Mac using the 'Wipe Computer' remote management command in Jamf Pro
- click through the initial enrollment dialogs. After you approve the enrollment in your MDM, Setup Manger should appear and perform the actions you configured
- while the installations are progressing, click on "About this Mac…" for information, click again while holding down the option key for even more information
- hit command-L for a log window. You can also find this log info later at `/Library/Logs/Setup Manager.log`
## Next Steps
- add more actions to Setup Manager, you can use more Jamf Pro policies, Installomator labels, or shell actions
- add a computer name template key to the profile to automate computer naming
- add a `help` section to let the user know what is going on
- ideally automated deployments shouldn't require manual entry, but if necessary, you can configure a user entry section in the profile

60
Docs/JamfPro-TwoPhase.md Normal file
View File

@@ -0,0 +1,60 @@
# Jamf Pro: extra installations based on user data entry
In this simple example workflow, we run certain Jamf Pro policies depending on the department. This example can be expanded to other user entry data fields.
- create Setup Manager configuration profile
- create a `userEntry` key with a list of options for the department:
```xml
<key>userEntry</key>
<dict>
<key>department</key>
<dict>
<key>options</key>
<array>
<string>Sales</string>
<string>Development</string>
<string>IT</string>
<string>Marketing</string>
</array>
</dict>
</dict>
```
Note that you need to have the matching departments in Jamf Pro.
- add the `enrollmentActions` that should run on all computers first
- then add a `waitForUserEntry` action:
```xml
<dict>
<key>label</key>
<string>Submit entries</string>
<key>waitForUserEntry</key>
<string/>
</dict>
```
When Setup Manager reaches this action it will wait for the user data entry to be complete if it isn't already. Then Setup Manager will submit the data from the user entry to Jamf Pro and run a recon, so you can use the data for scoping subsequent policies.
Setup Manager also saves the data from user entry in a plain text file which you can use in policy scripts after the `waitForUserEntry` action. [See details here.](Extras.md#user-data-file)
- Insert this action
``` xml
<dict>
<key>icon</key>
<string>symbol:plus.app</string>
<key>label</key>
<string>Extra Apps for %department%</string>
</dict>
<key>policy</key>
<string>install_extra_apps</string>
</dict>
```
- for the policies you want run/install depending on the user entry:
- give the policy a custom trigger matching the trigger in 'Extra Apps' action: `install_extra_apps`
- scope the policy to the department(s) that should receive the installations
- repeat for every extra installation that depends on the user entry

22
JamfProConnect-SingleTouch.md → Docs/JamfProConnect-SingleTouch.md
View File

@@ -1,4 +1,4 @@
# Single Touch workflow with Jamf Pro and Jamf Connect
# Single Touch workflow with Jamf Pro and Jamf Connect
## What is Single Touch?
@@ -8,7 +8,7 @@ A single touch workflow can be as easy the tech unpacking the Mac (erasing it wi
You can use a combination of Jamf Pro, Setup Manager and Jamf Connector, to get a tighter deployment, user assignment and account creation process. This requires a bit more setup and configuration. This workflow allows the tech to monitor the Setup Manager workflow, enter device specific data such as an asset tag and assign _and lock_ the device to a different user, without requiring the end user's login credentials.
## What you need:
## What you need
- Jamf Pro
- Setup Manager
@@ -28,8 +28,7 @@ Setup Manager profile will require a `userEntry` field for `userID` to know whic
Example:
```
```xml
<key>userID</key>
<dict>
<key>placeholder</key>
@@ -56,7 +55,7 @@ When you upload the Jamf Connect pkg to Jamf Pro and add it to either the Presta
When you use Jamf App Installers you have no direct control over when the installation actually occurs. You should add a `watchPath` action at the end of your `enrollmentActions` array in the Setup Manager profile to ensure that Jamf Connect is installed before proceeding:
```
```xml
<dict>
<key>label</key>
<string>Jamf Connect</string>
@@ -75,7 +74,7 @@ The email entered for userID will be submitted to Jamf Pro at the end of the Set
Create an Extension attribute named "Setup Manager Done" with the script code:
```
```sh
if [ -f "/private/var/db/.JamfSetupEnrollmentDone" ]; then
echo "<result>done</result>"
else
@@ -89,15 +88,15 @@ Then create a Smart Group named "Setup Manager Done" with the criteria `"Setup M
Jamf Connect Login allows pre-configuring the user. Create a configuration profile named "Jamf Connect Enrollment User" to the preference domain `com.jamf.connect.login` with the following property list:
```
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnrollmentRealName</key>
<string>$REALNAME</string>
<key>EnrollmentUserName</key>
<string>$EMAIL</string>
<key>EnrollmentRealName</key>
<string>$REALNAME</string>
<key>EnrollmentUserName</key>
<string>$EMAIL</string>
</dict>
</plist>
```
@@ -105,4 +104,3 @@ Jamf Connect Login allows pre-configuring the user. Create a configuration profi
Scope this configuration profile the "Setup Manager Done" smart group you created earlier.
With this setup, the configuration profile that presets the user in Jamf Connect Login will be pushed out after Setup Manager finishes its final recon, which sets the user information to the Mac in Jamf Pro.

166
Docs/JamfSchool-Setup.md Normal file
View File

@@ -0,0 +1,166 @@
# Installation and Configuration: Jamf School
## Selecting Deployment Method
Jamf Setup Manager can be deployed to run at two different points during a device deployment. Right after enrollment (the default) and at login window. You must select which method is appropriate for your deployment before configuring the Jamf Setup Manager Workflow in Jamf School
### At Enrollment (Default)
Jamf Setup Managers default deployment action is to run at `Setup Assistant`.
Setup Manager will appear and during `Setup Assistant` allowing the user to continue to configure `Setup Assistant` after Setup Manager has completed its tasks.
_**This method is recomended for 1:1 environments**_
Example
> You deploy 1:1 MacBooks, want to ensure that critical software installed prior to the user working on the device but also require the user to configure TouchID and create a user account during the onboarding.
> The user will connect the MacBook to the network and enroll into MDM. After a short delay Setup Manger will run and complete its tasks and install critical software
> Once complete the user will be released back to Setup Assistant where they will be able to use the Setup Assistant panes to configure TouchID and create a user
With this default method you will require an Automated Device Enrollment Profile configured with
- At least one setup assistant pane configured
- *“Wait for the configuration to be applied before continuing the Setup Assistant”* box checked
- An admin account should be configured as required
- Other ADE profile setting should be set as required
- _**Do Not**_ select `Auto Advance`
> If the user skips through all of the Setup Assistant panes before Setup Manager launches or Auto Advance is selected. and the device lands on the login screen, Setup Manager will not launch
### At Login Window
Jamf Setup Manager can be configured to run at `Login Window`.
Setup Manager will appear once the device has ran through `Setup Assistant` and is waiting at the login screen and run through its tasks. Releasing back to the login window once complete.
_**This method is recommended for lab environment**_
Example
> You are deploying a lab of iMacs ready for the new academic year. You wish to connect iMacs to the network with ethernet, power on and leave the devices to enroll and build while you complete other tasks.
> After configuring an ADE profile with Auto Advance an iMac will enroll into Jamf School and move through Setup Assistant without any user interaction. Once at the login Window Setup Manager will run and complete its tasks.
> Once Setup Manager is complete the build is complete
To run Setup Manager at `Login Window` you will require
1. A Setup Manager Profile with the key `runAt` and `String Value` of `loginwindow`
2. An Automated Device Enrollment Profile configured with
- An admin account
- `Auto Advance` configured
- Other ADE profile setting should be set as required
---
## Jamf Setup Manager Workflow Requirements
In order to configure the workflow in Jamf School you will need
- A Jamf Setup Manager Configuration Profile (customized for your deployment, example profile below) uploaded to Jamf School
- Jamf Setup Manager package installer (available from Jamf Concepts) uploaded to Jamf School
- An Automated Device Enrollment Profile with the correct settings for your chosen deployment method (`default` or `LoginWindow`)
---
**Step 1: Configuration Profile**
Create a Payload-less Profile for Smart Group Targeting
- Navigate to profiles and create a new macOS Profile
- Name it *“Jamf Setup Manager Installed”*
- Do not scope the profile and do not configure any payloads. Simply save the profile
---
**Step 2: Smart Group for Setup Manger Config Profile**
Create a Smart Group to target your required Macs
- Navigate to `Devices → Device Groups` and create a new group. Ensure you select `Smart Group`
- Name the Group *“Jamf Setup Manager Profile”* skip all other panes until members
- In members select `Automated Device Enrollment Profile` `equals` and then select the ADE profile that you created as part of the requirements step. This will target any and all devices that enrol using that ADE profile
> If you only want to select a subset of macOS devices, for example Lab Mac devices and not 1:1 devices, configure this group to target additional critera the desired devices in your environment will have
- `Save` Scope
- Next in the `Profiles` tab add the Jamf Setup Manager Configuration Profile that you uploaded to Jamf School
---
**Step 3: Smart Group to install Setup Manager**
Create a Smart Group to target devices with Jamf Setup Manager Profile Installed to deploy the Setup Manager pkg
- Navigate to `Devices``Device Groups` and create a new group. Ensure you select `Smart Group`
- Name the Group *“Install Jamf Setup Manager”*, skip all other panes until members
- In members select `Managed Profile (Installed)` `equals` and then select the Jamf Setup Manager Configuration Profile that you uploaded to Jamf School
- `Save` Scope
- Next in the `Apps` tab add the Jamf Setup Manager pkg and in the `Profiles` tab select the *“Jamf Setup Manager Installed”* profile you created in Step 1
> If you named your profile in step 1 something different, be sure to select that profile in this step
---
**Step 4: Smart Group for all other apps and configurations**
Create a Smart Group to target devices with the “Jamf Setup Manager Installed” profile installed and deploy the rest of the profile and apps
- Navigate to `Devices``Device Groups` and create a new group. Ensure you select `Smart Group`
- Name the group *“macOS Management & Apps”*, skip all other panes until members
In members select `Managed Profile (Installed)` `equals` and then select *"Jamf Setup Manager Installed"* profile that you created in Step 1
> If you named your profile in step 1 something different, be sure to select that profile in this step
- Next in the `Apps` tab add any apps or packages that will not be installed via Installomator as part of the Jamf Setup Workflow and in the `Profiles` tab any any and all config needed to manage your Macs
- If you install packages or App Store apps through Jamf School, and you want to report on them as part of the Jamf Setup Manager workflow be sure to add `Watchpaths` for the apps / content into the Jamf `Setup Manager Configuration Profile` before uploading to Jamf School
---
### Workflow
These chained amart group actions then perform the following flow
- Scope the Jamf Setup Manager Config profiles to all macOS devices enrolled with a given ADE profile
- Once the Profile is reported as installed by Jamf School, it will then install the Jamf Setup Manager pkg (since we 100% know the config profile is on the device before the pkg, we know itll be configured in the correct manner) and the *“Jamf Setup Manager Installed”* profile
- Only when the device reports back that it has *“Jamf Setup Manager Installed”* profile will it move into the next smart group where it will receive the `commands` to install further apps / packages and the rest of the configuration profiles.
With this flow we are controlling, the best we can, that the first thing the device does is install Jamf Setup Manager and the required config. This is rather than having Jamf Setup Manager queued further down a list of apps that are installing.
> You can view the device activity log in the Jamf School console to ensure that the InstallEnterpriseApp command for Setup Manager is received before other app commands, for testing and troubleshooting.
---
### Workflow Considerations and Warnings
The Jamf Setup Manager workflow for Jamf School has been designed to take advantage of profile installation reporting in smart groups and in part to tackle the fact that Jamf School does not have a concept of *“Pre-Stage Packages”*. As such the workflow relies on chaining together smart groups where membership of one group is dependent on an action of the previous step.
Example
> You can view the device activity log in the Jamf School console to ensure that the InstallEnterpriseApp command for Setup Manager is received before other app commands, for testing and troubleshooting.
>
If an admin to accidentally unscoped the *“Jamf Setup Manager Installed”* profile from a device it would then fall out of scope of the *“macOS Management & Apps”* group, as its membership criteria requires the *“Jamf Setup Manager Installed”* profile to be installed on the device.
> Since the *“macOS Management & Apps”* group is where all of the management and App Store apps are scoped removal from this group means the device has the profiles and App Store apps removed, resulting in a device in an unexpected state.
Therefore it is essential that the device maintains this chained smart group flow throughout its deployment.
Should you need to `update`, `amend` or `edit` the `Jamf Setup Manager Configuration Profile` that controls Setup Manager, you will need to do this locally and then re-upload to Jamf School.
For best results we recommend the following workflow
- Navigate to the current profile in Jamf School in the `Profiles` -> `Configuration Profiles` menu
- Click the `pencil icon` to edit
- Click `replace profile`
- Drag local updated profile to the revealed box or click on the box to navigate to the profile
- Click `save`
Following this workflow keeps the name of the profile in Jamf School the same as the previous version and there is no need to edit / add a different or new profile the the scope in `Step 2` or change the criteria for the name of the installed profile in `Step 3`
Should you want to keep different versions of the Jamf Setup Manager Configuration Profile in Jamf School in order to switch between different Setup Manager actions please ensure that you update the profile in `Step 2` and `Step 3` to match the desired Jamf Setup Manager Configuration Profile prior to deploying devices. Failure to do this could result in the breaking of the smart group chain required for Jamf School resulting in devices in an unexpected state (ie not with the desired configurations and/or apps)

142
sample-com.jamf.setupmanager.plist → Examples/sample-com.jamf.setupmanager.plist
View File

@@ -2,34 +2,6 @@
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>userEntry</key>
<dict>
<key>department</key>
<dict>
<key>options</key>
<array>
<string>Sales</string>
<string>R&amp;D</string>
<string>IT</string>
</array>
</dict>
<key>computerName</key>
<string>Mac-12345</string>
<key>userID</key>
<dict>
<key>placeholder</key>
<string>first.last@example.com</string>
<key>placeholder.de</key>
<string>vorname.nachname@example.com</string>
<key>placeholder.nl</key>
<string>voornaam.achternaam@example.com</string>
</dict>
<key>assetTag</key>
<dict>
<key>placeholder</key>
<string>ABC12345</string>
</dict>
</dict>
<key>enrollmentActions</key>
<array>
<dict>
@@ -41,17 +13,20 @@
<key>icon</key>
<string>symbol:clock</string>
<key>label</key>
<string>Set Time Zone</string>
<key>label.es</key>
<string>Establecer zona horaria</string>
<key>label.fr</key>
<string>Définir le fuseau horaire</string>
<key>label.it</key>
<string>Imposta il fuso orario</string>
<key>label.de</key>
<string>Zeitzone setzen</string>
<key>label.nl</key>
<string>Tijdzone instellen</string>
<dict>
<key>de</key>
<string>Zeitzone setzen</string>
<key>en</key>
<string>Set Time Zone</string>
<key>es</key>
<string>Establecer zona horaria</string>
<key>fr</key>
<string>Définir le fuseau horaire</string>
<key>it</key>
<string>Imposta il fuso orario</string>
<key>nl</key>
<string>Tijdzone instellen</string>
</dict>
<key>requiresRoot</key>
<true/>
<key>shell</key>
@@ -92,35 +67,72 @@
<string>/Applications/JamfProtect.app</string>
</dict>
</array>
<key>icon</key>
<string>name:AppIcon</string>
<key>finalCountdown</key>
<integer>30</integer>
<key>message</key>
<string>Please be patient while Setup Manager configures your new Mac.</string>
<key>message.es</key>
<string>Por favor espere mientras Setup Manager configura tu nuevo Mac.</string>
<key>message.it</key>
<string>Sii paziente mentre Setup Manager configura il tuo nuovo Mac.</string>
<key>message.fr</key>
<string>Veuillez être patient pendant que Setup Manager configure votre nouveau Mac.</string>
<key>message.de</key>
<string>Bitte etwas Geduld während Setup Manager deinen neuen Mac konfiguriert.</string>
<key>message.nl</key>
<string>Even geduld terwijl Setup Manager je nieuwe Mac configureert.</string>
<key>title</key>
<string>Welcome!</string>
<key>title.es</key>
<string>¡Bienvenido!</string>
<key>title.it</key>
<string>Benvenuto!</string>
<key>title.fr</key>
<string>Bienvenu!</string>
<key>title.de</key>
<string>Willkommen!</string>
<key>title.nl</key>
<string>Welcom!</string>
<key>icon</key>
<string>name:AppIcon</string>
<key>jssID</key>
<string>$JSSID</string>
<key>message</key>
<dict>
<key>de</key>
<string>Bitte etwas Geduld während Setup Manager deinen neuen Mac konfiguriert.</string>
<key>en</key>
<string>Please be patient while Setup Manager configures your new Mac.</string>
<key>es</key>
<string>Por favor espere mientras Setup Manager configura tu nuevo Mac.</string>
<key>fr</key>
<string>Veuillez être patient pendant que Setup Manager configure votre nouveau Mac.</string>
<key>it</key>
<string>Sii paziente mentre Setup Manager configura il tuo nuovo Mac.</string>
<key>nl</key>
<string>Even geduld terwijl Setup Manager je nieuwe Mac configureert.</string>
</dict>
<key>title</key>
<dict>
<key>de</key>
<string>Willkommen!</string>
<key>en</key>
<string>Welcome!</string>
<key>es</key>
<string>¡Bienvenido!</string>
<key>fr</key>
<string>Bienvenu!</string>
<key>it</key>
<string>Benvenuto!</string>
<key>nl</key>
<string>Welcom!</string>
</dict>
<key>userEntry</key>
<dict>
<key>assetTag</key>
<dict>
<key>placeholder</key>
<string>ABC12345</string>
</dict>
<key>computerName</key>
<string>Mac-12345</string>
<key>department</key>
<dict>
<key>options</key>
<array>
<string>Sales</string>
<string>R&amp;D</string>
<string>IT</string>
</array>
</dict>
<key>userID</key>
<dict>
<key>placeholder</key>
<dict>
<key>de</key>
<string>vorname.nachname@example.com</string>
<key>en</key>
<string>first.last@example.com</string>
<key>nl</key>
<string>voornaam.achternaam@example.com</string>
</dict>
</dict>
</dict>
</dict>
</plist>

68
sample-jamfschool.mobileconfig → Examples/sample-jamfschool.mobileconfig
View File

@@ -25,13 +25,16 @@
<key>icon</key>
<string>symbol:clock</string>
<key>label</key>
<string>Set Time Zone</string>
<key>label.de</key>
<string>Zeitzone setzen</string>
<key>label.fr</key>
<string>Définir le fuseau horaire</string>
<key>label.nl</key>
<string>Tijdzone instellen</string>
<dict>
<key>de</key>
<string>Zeitzone setzen</string>
<key>en</key>
<string>Set Time Zone</string>
<key>fr</key>
<string>Définir le fuseau horaire</string>
<key>nl</key>
<string>Tijdzone instellen</string>
</dict>
<key>requiresRoot</key>
<true/>
<key>shell</key>
@@ -46,13 +49,16 @@
<key>icon</key>
<string>symbol:cpu</string>
<key>label</key>
<string>Install Rosetta</string>
<key>label.de</key>
<string>Rosetta installieren</string>
<key>label.fr</key>
<string>Installer Rosetta</string>
<key>label.nl</key>
<string>Rosetta installeren</string>
<dict>
<key>de</key>
<string>Rosetta installieren</string>
<key>en</key>
<string>Install Rosetta</string>
<key>fr</key>
<string>Installer Rosetta</string>
<key>nl</key>
<string>Rosetta installeren</string>
</dict>
<key>requiresRoot</key>
<true/>
<key>shell</key>
@@ -78,21 +84,27 @@
<key>icon</key>
<string>name:AppIcon</string>
<key>message</key>
<string>Setup Manager is configuring your Mac…</string>
<key>message.de</key>
<string>Setup Manager konfiguriert deinen Mac…</string>
<key>message.fr</key>
<string>Setup Manager configure votre Mac…</string>
<key>message.nl</key>
<string>Setup Manager configureert je Mac…</string>
<dict>
<key>de</key>
<string>Setup Manager konfiguriert deinen Mac…</string>
<key>en</key>
<string>Setup Manager is configuring your Mac…</string>
<key>fr</key>
<string>Setup Manager configure votre Mac…</string>
<key>nl</key>
<string>Setup Manager configureert je Mac…</string>
</dict>
<key>title</key>
<string>Welcome!</string>
<key>title.de</key>
<string>Willkommen!</string>
<key>title.fr</key>
<string>Bienvenu!</string>
<key>title.nl</key>
<string>Welkom!</string>
<dict>
<key>de</key>
<string>Willkommen!</string>
<key>en</key>
<string>Welcome!</string>
<key>fr</key>
<string>Bienvenu!</string>
<key>nl</key>
<string>Welkom!</string>
</dict>
</dict>
</dict>
</array>

4
uninstall.sh → Examples/uninstall.sh
View File

@@ -24,7 +24,7 @@ bundleID="com.jamf.setupmanager"
appPath="/Applications/Utilities/${appName}.app"
if [ $(whoami) != "root" ]; then
if [ "$(whoami)" != "root" ]; then
echo "needs to run as root!"
exit 1
fi
@@ -35,7 +35,7 @@ if launchctl list | grep -q "$bundleID" ; then
fi
echo "removing files"
rm -rfv /Applications/Utilities/"$appName".app
rm -rfv "$appPath"
rm -v /Library/LaunchDaemons/"$bundleID".plist
pkgutil --forget "$bundleID"

BIN
Images/setup-manager-progress-screenshot.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 536 KiB

After

Width:  |  Height:  |  Size: 617 KiB

BIN
Images/setup-manager-progress-screenshot_old.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 94 KiB

2
LICENSE.md Normal file
View File

@@ -0,0 +1,2 @@
Offered under the terms of the [Jamf Concepts Use Agreement](https://resources.jamf.com/documents/jamf-concept-projects-use-agreement.pdf).

79
README.md
View File

@@ -1,16 +1,20 @@
![Setup Manager Icon](Images/SetupManager250.png)
# Setup Manager
# Setup Manager
_"Every Assistant has a Manager"_
![Setup Manager Logo](https://img.shields.io/badge/macOS-12%2B-success)
Please report issues, feature requests [as an issue.](https://github.com/setup-manager/setup-manager/issues)
Please report issues, feature requests [as an issue.](https://github.com/jamf-concepts/setup-manager/issues)
We have opened the [discussions](https://github.com/setup-manager/setup-manager/discussions) area for questions and more generic feedback.
We have opened the [discussions](https://github.com/jamf-concepts/setup-manager/discussions) area for questions and more generic feedback.
Updates will be published in the '[Releases](https://github.com/setup-manager/setup-manager/releases)' section of the repo. There you can also [download the latest pkg installer](https://github.com/setup-manager/setup-manager/releases/latest). You can subscribe to notifications for the repo using the 'Watch' button above.
Updates will be published in the '[Releases](https://github.com/jamf-concepts/setup-manager/releases)' section of the repo. There you can also [download the latest pkg installer](https://github.com/jamf-concepts/setup-manager/releases/latest). You can subscribe to notifications for the repo using the 'Watch' button above.
There is also a [`#jamf-setup-manager`](https://macadmins.slack.com/archives/C078DDLKRDW) channel on the [MacAdmins Slack](https://macadmins.org).
![setup manager progress dialog](Images/setup-manager-progress-screenshot.png)
## What it does
@@ -19,72 +23,47 @@ There are many enrollment progress tools available for Mac admins, each with the
Setup Manager offers many of the same features of these utilities but is especially useful for the case where an IT department or provisioning depot wants to ensure that a new Mac is properly configured and assigned before sending the device to its new user. It runs over Setup Assistant before a user is created so it won't interfere with MDM-capable user or the secure token flow for FileVault. You can control which policies and installations Setup Manager runs with a configuration profile.
Setup Manager provides:
- a nice modern UI
- configuration with a configuration profile, no need to modify shell scripts or json
- works with different deployment workflows
- zero-touch (user-driven)
- single-touch (tech-driven)
- user initiated enrollment
- handsfree deployment with auto advance
- customized branding
- localized interface and custom text
- support for Jamf Pro and Jamf School
![setup manager progress dialog](Images/setup-manager-progress-screenshot.png)
## Installation and Configuration
### Jamf Pro
1. Upload the Setup Manager installer pkg file to Jamf Pro
2. Create a custom configuration profile with the preference domain `com.jamf.setupmanager`. See documentation for the profile contents [here](ConfigurationProfile.md).
3. Scope the configuration profile to the computers
4. Add the pkg and the configuration profile to the Prestage
Setup Manager can be used for various zero-touch and tech-driven single-touch deployments with Jamf Pro and (optionally) Jamf Connect. One single-touch workflow with Jamf Connect where the tech can re-assign the Mac to a different end user [is described here](JamfProConnect-SingleTouch.md).
### Jamf School
[Setup with Jamf School](Setup-JamfSchool.md)
- Jamf Pro
- [JamfPro-Quick Start](Docs/JamfPro-QuickStart.md)
- zero-touch and user-initiated deployments (forthcoming)
- [extra installations based on user data entry](Docs/JamfPro-TwoPhase.md)
- [Single-touch workflow with user re-assignment using Jamf Connect](Docs/JamfProConnect-SingleTouch.md)
- handsfree deployment with auto advance and Setup Manager at login window (forthcoming)
- [Jamf School](Docs/JamfSchool-Setup.md)
- [Extras and Notes](Extras.md)
- [Frequently Asked Questions](FAQ.md)
## Configuration Profile
The structure of the configuration profile [is documented here](ConfigurationProfile.md).
## Notes
### Requirements
## Requirements
Setup Manager requires macOS 12.0.0 or higher. It will work only with Jamf Pro or Jamf School.
### Known Issues
## Known Issues
- Setup Manager will **_not_** launch with Auto-Advance enabled
- Setup Manager may **_not_** launch when you disable _all_ Setup Assistant screens
- Setup Manager will **_not_** launch at enrollment with Auto-Advance enabled, use the option to run at login window
- Setup Manager may **_not_** launch or launch and quit quickly when you disable _all_ Setup Assistant screens, leave at least one Setup Assistant option enabled
- When you install **_Jamf Connect_** during the Prestage together with Setup Manager, you may see Setup Assistant for some time before Setup Manager launches or Setup Manager may not launch at all. Remove Jamf Connect from the Prestage and install it with Setup Manager policy or installomator action.
- Policies that are triggered by `enrollmentComplete` may disrupt Setup Manager running from Prestage/Automated Device Enrollment. Disable or unscope policies triggered by `enrollmentComplete` on devices using Setup Manager.
- In some deployments, Setup Manager attempts to start while Jamf Pro is still installing. Try adding a 30-60 second `wait` action as the first action. We are working on a solution.
- With Jamf School, there will a few seconds after the remote management dialog where Setup Assistant shows before Setup Manager launches. With the Jamf School enrollment architecture, this is unavoidable.
### Quit
---
The command-Q keyboard short cut to quit the app is disabled. You can use shift-control-command-E instead. This should only be used when debugging as it may leave the client in an undetermined state when installations are aborted.
### Logging
Setup Manager logs to `/Library/Logs/Setup Manager.log`.
While it is running you can open a log window with command-L.
### Flag file
Setup Manager creates a flag file at `/private/var/db/.JamfSetupEnrollmentDone` when it finishes. If this file exists when Setup Manager launches, the app will terminate immediately and withour taking any action. You can use this flag file in an extension attribute in Jamf to determine whether the enrollment steps were performed. (Setup Manager does not care if the actions were performed successfully.)
When DEBUG is set to YES in the defaults/configuration profile, the flag file is ignored at launch, but still created when done.
### Final action and shutdown
When the app is not running as root (for testing or from Xcode) or when the `DEBUG` preference is set, shutdown will merely quit.
### "About This Mac…" window
When you hold the option key when clicking on "About This Mac…" you will see more information.
Please report issues, feature requests, and feedback (positive and negative) [as an issue.](https://github.com/setup-manager/setup-manager/issues)
Please report issues, feature requests, and feedback (positive and negative) [as an issue.](https://github.com/Jamf-Concepts/Setup-Manager/issues)

71
Setup-JamfSchool.md
View File

@@ -1,71 +0,0 @@
# Setup with Jamf School
## Setting Jamf Setup Manager Workflow in Jamf School
In order to configure the workflow in Jamf School you will need
- A Jamf Setup Manager Configuration Profile (configured for your deployment, example profile below) uploaded to Jamf School
- Jamf Setup Manager PKG (available from GitHub) uploaded to Jamf School
- An Automated Device Enrolment Profile with at least one setup assistant pane configured, “Wait for the configuration to be applied before continuing the Setup Assistant” box checked and an admin account configured as required and “skipped user creation” pane
- Other ADE profile setting should be set as required but Do Not select Auto Advance (see below)
### Step 1
- Create a Payloadless Profile for Smart Group Targeting
- Navigate to profiles and create a new macOS Profile.
- Name it “Jamf Setup Manager Installed”
- Do not scope the profile and do not configure any payloads. Simply save the profile
### Step 2
- Create a Smart Group to target your required Macs
- Navigate to Devices → Device Groups and create a new group. Ensure you select “Smart Group”
- Name the Group “Jamf Setup Manager Profile” skip all other panes until members
- In members select “Operating System” “equals” “Any” and then leave the min and max OS blank. This will target any and all macOS devices in my environment
- If you only want to select a subset of macOS devices, for example Lab Mac devices and not 1:1 devices, configure this group to target the desired devices in your environment
- Save Scope
### Step 3
- Create a Smart Group to target devices with Jamf Setup Manager Profile Installed to deploy JSM pkg
- Navigate to Devices → Device Groups and create a new group. Ensure you select “Smart Group”
- Name the Group “Install Jamf Setup Manager”, skip all other panes until members
- In members select “Managed Profile (Installed)” “equals” and then select the Jamf Setup Manager Configuration Profile that you uploaded to Jamf School
- Save Scope
- Next in the Apps tab add the Jamf Setup Manager pkg and in the Profiles tab select the “Jamf Setup Manager Installed” profile you created in Step 1
- If you named your profile in step 1 something different, be sure to select that profile in this step
### Step 4
- Create a Smart Group to target devices with the “JSM Installed” profile installed and deploy the rest of the profile and apps
- Navigate to Devices → Device Groups and create a new group. Ensure you select “Smart Group”
- Name the group “macOS Management & Apps”, skip all other panes until members
- In members select ““Managed Profile (Installed)” “equals” and then select “Jamf Setup Manager Installed” profile that you created in Step 1
- If you named your profile in step 1 something different, be sure to select that profile in this step
- Next in the Apps tab add any apps or packages that will not be installed via Installomator as part of the Jamf Setup Workflow and in the Profiles tab any any and all config needed to manage your Macs
- If you install packages or App Store apps through Jamf School, if you want to report on them as part of the Jamf Setup Manager workflow be sure to add Watchpaths for the apps / content into the Jamf Setup Manager Configuration Profile before uploading to Jamf School
These chained Smart group actions then perform the following flow
- Scope the Jamf Setup Manager Config profiles to all macOS devices
- Once the Profile is reported as installed by Jamf School, it will then install the Jamf Setup Manager pkg (since we 100% know the config profile is on the device before the pkg, when know itll be configured in the correct manner) and the “Jamf Setup Manager Installed” profile
- Only when the device reports back that it has “Jamf Setup Manager Installed” profile will it move into the next smart group where it will receive the commands to install further apps / packages and the rest of the configuration profiles
With this flow we are controlling the best we can that the first thing the device does it install Jamf Setup Manager and the required config rather than having Jamf Setup Manager queued rather down a list of apps that are installing.
This activity log shows the order in which Jamf School issues and the device receives the commands. We can see that theres not a huge amount of time between all the actions but long enough that we can be sure that the device gets the Enterprise Install command to install Jamf Setup Manager before anything other apps
## Workflow Warnings
Since the Jamf Setup Manager workflow is very “specific” for Jamf School it shouldnt be a surprise that there are some warnings, or gotchas. All mainly around the way that weve chained together the smart groups based on installed profiles, although it gives us the flow that we need it's also a little fragile.
For example if you were to accidentally unscope the “Jamf Setup Manager Installed” profile from a device it would then fall out of scope of the “macOS Management & Apps” group, which is where all of the management and App Store apps are scoped.
…and of course that means the device has the profiles removed and App Store apps removed AKA disaster 💥💥💥
The second smart group we create also is looking for a profile that is installed. Youre likely not going to unscope by accident this profile (although if you did is would mean the device has profiles removed and App Store app removed AKA disaster 💥💥💥) what is more likely to happen is that you UPDATE or REPLACE the “Jamf Setup Manager Configuration Profile”
Let's say you upload your JSM configure Profile and call its “JSM Setup V1” and this is the profile that you select in the smart group in Step 1 above. You then edit the config profile and call it JSM Setup V1.1, maybe even delete the JSM Setup V1 from Jamf School.
The smart group is still looking for a profile called “JSM Setup V1”.
Depending on your setup and how youve managed your profiles in Jamf School your deployed devices might not longer have JSM Setup V1 installed, which means it falls out of the “Install Jamf Setup Manager” group which in turn will fall out of the “macOS Management & Apps” group….which is where all of the management and App Store apps are scoped.
Again, of course that means the device has the profiles removed and App Store apps removed AKA disaster 💥💥💥
Also newly deployed devices might not run through the workflow correctly as they are now have JSM Setup V1.1 installed and the smart group is looking for JSM Setup V1.
Bottom line here is be mindful about the name of your Jamf Setup Manager Profile and if you amend the config and upload a new version, scope that FIRST, then EDIT the smart group, wait for it to deploy and then remove the old profile.
Although targeting the profile is what makes this workflow successful in Jamf School, its also a house of cards

23
TermsOfUse.md
View File

@@ -1,23 +0,0 @@
# Jamf Setup Manager Terms of Use
## Non-Product/Add-On Software
This application is an add-on utility that may enhance your use of Jamf Pro. However, it is not a part of the Jamf Product Line and as such is not eligible for support via our normal product support channels. It has not been tested or validated by Jamf's internal compliance, security, and quality processes. We make no representation about when or if the utility will become a part of the Jamf Product line or when or in what form its functionality might be integrated into other Jamf Products.
## Privacy
We send an anonymous event notification to our monitoring system whenever the app is launched. The collected data is used to measure the project's adoption and helps us prioritize future development.
The data format of the event record is as follows: {"uuid": "<uuid>", "event": "Setup Manager - Launch"}. The "uuid" value is randomly-generated. The application will not collect or transmit information about you, your organization, your users, or anything related to the device being used or the data it contains.
## Testing
We make no representation that the software will perform or continue to perform as intended in your environment. You agree to test the software in a non-production environment and independently evaluate its functionality prior to any use that may impact your operations.
## "As-Is"
THIS SOFTWARE IS PROVIDED "AS-IS," WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL JAMF SOFTWARE, LLC OR ANY OF ITS AFFILIATES BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT, OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OF OR OTHER DEALINGS IN THE SOFTWARE, INCLUDING BUT NOT LIMITED TO DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES AND OTHER DAMAGES SUCH AS LOSS OF USE, PROFITS, SAVINGS, TIME OR DATA, BUSINESS INTERRUPTION, OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES.
## Copyright notice
Jamf-developed portions of the project are ©2023-2024, JAMF