jamf/Setup-Manager
1
0
Fork 0
mirror of https://github.com/jamf/Setup-Manager.git synced 2026-02-03 14:13:24 +00:00
Code Issues 37 Actions Packages Projects Releases Wiki Activity

Compare commits

base: jamf:v1.2.1
Branches Tags
jamf:main jamf:beta
jamf:v1.4.2 jamf:v1.4.1 jamf:v1.4 jamf:v1.4beta2 jamf:v1.4beta jamf:v1.3.1 jamf:v1.3 jamf:v1.3beta jamf:v1.2.2 jamf:v1.2.1 jamf:v1.2 jamf:v1.2beta3 jamf:v1.2beta2 jamf:v1.2beta jamf:v1.1.1 jamf:v1.1 jamf:v1.1beta jamf:v1.0 jamf:v1.0rc jamf:v0.9.1-306
...
compare: jamf:v1.3
Branches Tags
jamf:main jamf:beta
jamf:v1.4.2 jamf:v1.4.1 jamf:v1.4 jamf:v1.4beta2 jamf:v1.4beta jamf:v1.3.1 jamf:v1.3 jamf:v1.3beta jamf:v1.2.2 jamf:v1.2.1 jamf:v1.2 jamf:v1.2beta3 jamf:v1.2beta2 jamf:v1.2beta jamf:v1.1.1 jamf:v1.1 jamf:v1.1beta jamf:v1.0 jamf:v1.0rc jamf:v0.9.1-306

6 Commits
v1.2.1 ... v1.3

Author SHA1 Message Date
Armin Briegel
dd25148186 Merge branch 'beta' 2025-07-08 10:06:42 +02:00
Armin Briegel
552f8e7fc1 updated for v1.3 2025-07-08 10:03:20 +02:00
Armin Briegel
290c68cfe2 documentation updates 2025-05-28 13:32:15 +02:00
Armin Briegel
44f4c4513c minor fixes for 1.3beta 2025-05-27 16:03:22 +02:00
Armin Briegel
29489d9b6f updated for v1.3beta 2025-05-27 16:00:06 +02:00
Armin Briegel
9368026e74 updated for v1.2.2 2025-04-17 09:00:40 +02:00
9 changed files with 538 additions and 34 deletions
Expand all files Collapse all files

154
ChangeLog.md
View File

@@ -1,5 +1,159 @@
# Setup Manager - Change Log
## 1.3
(2025-07-08)
Notes added since 1.3beta are marked with '(release)'
### New Features
- Logging
- log output format has been cleaned up
- Install log and Jamf Pro log (when available) can now be viewed in the Log window (#78, #130)
- now also logs to macOS unified logging
- new top-level default key to control action output logging
- Network Monitoring
- changes to network interfaces are now logged, see the Notes section for details (#15)
- network status can be shown in the top-right corner of the Setup Manager window
- new flag file `/private/var/db/.JamfSetupStarted`, which is created when Setup Manager starts. You can use this to scope Mac App Store apps and Jamf App Installers, which prevents these apps from installing early in the enrollment, slowing down the Jamf Pro configuration
- added [a specific webhook to send a message to Slack](Docs/WebHooks.md#Slack) (#104)
- two new defaults keys `finishedScript` and `finishedTrigger` allow to run custom behavior when Setup Manager has finished
- new option `none` for `finalAction` (#115)
- (release) Polish localization (Thanks to @bsojka)
### Fixes and Improvements
- Jamf Pro: improved monitoring for Jamf Pro to complete its setup after enrollment
- webhook log entries correctly show status
- added `-skipAppUpdates` option to list of options for Jamf Pro policy actions, this should avoid some false "error 57" reports
- Jamf Pro policy will trigger 'Recurring Check-in' policies on empty string value
- (release) added name for macOS Tahoe 26
- (release) minor localization and UI fixes
- (release) disabled some undesirable keyboard shortcuts (#125)
- (release) arguments in `installomator` actions are now processed correctly
- (release) output to log is flushed immediately to avoid truncation on restart/shutdown (#129)
- (release) MDM Server address shown in extended "About this Mac" (#127)
### Deprecations and Removals
- (1.3) the minimum macOS requirement for Setup Manager is now macOS 13.5
- (1.2) `showBothButtons` option removed and non-functional, there will always be just one final action button displayed
- the method for providing localized texts in the configuration profile changed in version 1.1. The previous method (by appending the two letter language code to the key) is considered deprecated. It will continue to work for the time being but will be removed in a future release. It is _strongly_ recommended to change to the [new dictionary-based solution](ConfigurationProfile.md#localization)
### Notes
#### Logging
The format of the Setup Manager log file (in `/Library/Logs/Setup Manager.log`) has changed. The new format should be easier to read and parse with other tools. There are four columns:
- timestamp (in ISO8601)
- log level (default, error or fault)
- category (general, install, network, jamfpro)
- message
Setup Manager 1.3 also logs to the macOS unified system log. The subsystem is `com.jamf.setupmanager`. You can use the `log` command line tool to read the log.
For example:
```
sudo log show --last 30m --predicate 'subsystem="com.jamf.setupmanager"'
```
To clean up the log a little, Setup Manager 1.3 will only write the output of actions to the Setup Manager log file when an error occurred. You can control this behavior with a new top-level preference key `actionOutputLogging`.
#### Installation and Jamf Pro logs and summaries
The Log window (open with command-L) gained a new "Install" tab, which shows the system's installation log file (`/var/log/install.log`). When enrolling with Jamf Pro, there is another new "Jamf" tab, which shows the Jamf log (`/var/log/jamf.log`). By default, the Log window will be summarized to events relevant to the enrollment workflow. You can see the full log content by unchecking the 'Summarize' option.
Note that both logs will show events that were not initiated by Setup Manager. Nevertheless, these events may be relevant to your enrollment workflow.
These summarized events will also appear in the Setup Manager log tab and file, as well as the universal log entries. Having these events in context at the time they occur in the Setup Manager log is very helpful when trouble-shooting enrollment workflows.
#### Network change logging
Setup Manager 1.3 adds logging for changes to network interfaces. It is possible that there will multiple entries in the log with regards to the same network change. Most changes logged will be neutral and should not affect your deployment negatively.
However, it is possible that changes to the network configuration of a device can influence the deployment workflow. For example, when a configuration profile with the access information for a secure corporate Wifi is installed on the device, then the download access to required resources might change. Another example are security tools that might lead to restricted access for downloads (Installomator uses `curl` to download data, which might trigger security tools.)
Checking the log for network changes or outages during enrollment can be useful for troubleshooting.
#### Network Status icon/menu
Network status can also show with a new icon in the top-right corner of the Setup Manager window.
Note that Network Relay will only protect traffic to certain configured servers and services, not all traffic.
By default, the network icon will _not_ be shown. You can activate it manually with the command-N keystroke.
When you click on the Network status icon, a popup will show:
- the current active network interface
- IPv4 and IPv6 addresses
- download and upload bandwidth (will take a while to appear)
- Network Relay hosts (when network relay profile is present)
- list of additional custom hosts, configured in the profile
Note that the connectivity check is quite basic and might not catch all functionality that is required for a service to work. It should provide an indication whether a service is reachable, but deeper trouble-shooting and monitoring might be required for reliable diagnostics.
Seen["Network Connectivity"](https://github.com/jamf/Setup-Manager/Docs/Network.md) for more detail.
#### Finished Script and Trigger
Setup Manager now includes functionality to launch a script or Jamf Pro custom policy trigger in a separate process when the main Setup Manager process is finished. This is useful for installations that might unexpectedly restart the computer or the context that Setup Manager is running in (most commonly, Setup Manager is running at login window, which the Jamf Connect installer will kill).
There are two keys relevant for this: `finishedScript` and `finishedTrigger`.
See ["Running Scripts and Policies when Setup Manager finishes"](https://github.com/jamf/Setup-Manager/Docs/Extras.md#running-scripts-and-policies-when-setup-manager-finishes) for detail.
## v1.3beta
(2025-05-27)
### New Features
- Logging
- log output format has been cleaned up
- Install log and Jamf Pro log (when available) can now be viewed in the Log window (#78)
- now also logs to macOS unified logging
- new top-level default key to control action output logging
- Network Monitoring
- changes to network interfaces are now logged, see the Notes section for details (#15)
- network status can be shown in the top-right corner of the Setup Manager window
- new flag file `/private/var/db/.JamfSetupStarted`, which is created when Setup Manager starts
- added [a specific webhook to send a message to Slack](Docs/WebHooks.md#Slack) (#104)
- two new defaults keys `finishedScript` and `finishedTrigger` allow to run custom behavior when Setup Manager has finished
- new option `none` for `finalAction` (#115)
### Fixes and Improvements
- Jamf Pro: improved monitoring for Jamf Pro to complete its setup after enrollment
- webhook log entries correctly show status
- added `-skipAppUpdates` option to list of options for Jamf Pro policy actions
- Jamf Pro policy will trigger 'Recurring Check-in' policies on empty string value
### Deprecations and Removals
- (1.3) the minimum macOS requirement for Setup Manager is now macOS 13.5
- (1.2) `showBothButtons` option removed and non-functional, there will always be just one final action button displayed
- the method for providing localized texts in the configuration profile changed in version 1.1. The previous method (by appending the two letter language code to the key) is considered deprecated. It will continue to work for the time being but will be removed in a future release. It is _strongly_ recommended to change to the [new dictionary-based solution](ConfigurationProfile.md#localization)
## v1.2.2
(2025-04-17)
- signed a helper script that could lead to unexpected background item prompts
- disabled command-W keystroke
- fixed a stall in `waitForUserEntry` with Jamf School
- fixed link to computer record in Teams message (#110)
- minor documentation fixes
## v1.2.1
(2025-04-02)
- updated included Installomator script to [v10.8](https://github.com/Installomator/Installomator/releases/tag/v10.8)
- now tries for 15 seconds to reload local `background` image file (#105), this should help in situations where the image file is installed after Setup Manager
- improved monitoring of Jamf Pro enrollment process and completion during the "Getting Ready" phase
- minor documentation fixes (#106)
## v1.2.2
(2025-04-17)
- signed a helper script that could lead to unexpected background item prompts
- disabled command-W keystroke
- fixed a stall in `waitForUserEntry` with Jamf School
- fixed link to computer record in Teams message (#110)
- minor documentation fixes
## v1.2.1
(2025-04-02)

139
ConfigurationProfile.md
View File

@@ -5,6 +5,7 @@ The project some sample files to get you started:
- [sample plist](Examples/sample-waitForUserEntry.plist) for Jamf Pro with [two phase workflow](Docs/JamfPro-TwoPhase.md)
- [configuration profile](Examples/sample-jamfschool.mobileconfig) for Jamf School
**Important:** all keys and values are **case-senstive**.
## Top-level keys
@@ -74,6 +75,20 @@ Example:
`Please be patient.` will be bold. More detail on [Markdown here](#markdown).
During the "Getting Ready" phase up to three lines of text will be shown. When the action icon progress list is shown, text will be truncated to a single line.
Use actual line breaks in the XML for line breaks in this text. (`\n` escape sequence will _not_ work in XML)
Example:
```xml
<key>message</key>
<string>Please be patient…
This line of text will be truncated when the action icon list is shown.</string>
```
#### `background`
(String, optional, localized, dark mode)
@@ -84,11 +99,9 @@ When this key is set, Setup Manager treats it as an image/[icon source](#icon-so
(String, optional, default: `enrollment`)
**Beta:** We believe the run at login window feature may require more testing, especially in some edge cases. When, after thorough testing, you believe this works in your workflow, feel free to deploy it, and please let us know about your success or any issues you might encounter.
This value determines when Setup Manager should launch. There are two values: `enrollment` (default) and `loginwindow`. When set to `enrollment` Setup Manager will launch immediately when its installation package is installed. This is the setting to use for automated device enrollment (without Auto Advance) and user-initiated enrollment.
This value determines when Setup Manager should launch. There are two values: `enrollment` (default) and `loginwindow`. When set to `enrollment` Setup Manager will launch immediately when the pkg is installed. This is the setting to use for automated device enrollment (without Auto Advance) and user-initiated enrollment.
When the `runAt` value is set to `loginwindow` Setup Manager will launch only when the login window is shown. This is useful for fully automated enrollments using Auto Advance.
When the `runAt` value is set to `loginwindow` Setup Manager will launch only when the login window is shown. This is useful for fully automated enrollments using Auto Advance and some workflows involving Jamf Connect or similar tools.
A setting of `loginwindow` will only work with enrollment setups that eventually end on the login window (i.e. a user has to be created automatically, the device is bound to a directory, etc).
@@ -148,7 +161,7 @@ Example:
(Number/integer, optional, default: `60`)
This key changes the duration (in seconds) of the "final countdown" before the app automatically performs the `finalAction` (continue or shut down). Set to `-1` (or any negative number) to disable automated execution.
This key changes the duration (in seconds) of the "final countdown" before the app automatically performs the `finalAction`. Set to `-1` to disable automated execution.
Example:
@@ -170,13 +183,16 @@ Disable the countdown:
This key sets the action and label for the button shown when Setup Manger has completed.
There are three options:
There are four options:
- `continue`: (default) merely quits Setup Manager and allows the user to continue (probably Setup Assistant or login window)
- `restart`: restarts the Mac
- `shut down`: (no space!) shuts down the Mac
- `shutdown`: (no space!) shuts down the Mac
- `none`: no button shown. (see note below)
**Warning:** `restart` and `shutdown` options will force their action immediately. If a user is logged in (after user-initiated enrollment), they may lose data from open, unsaved documents.
**Note on `none`:** the `none` option exists for workflows where the restart or continue is controlled by a process other than Setup Manager. For example, when installing additional software with a `finishedScript` or `finishedTrigger` which forces a restart. Having a `continue` or `restart` button would be confusing and might interrupt the installation in the finished process. However, having no button to end Setup Manager at all, might leave the user 'stuck' there, so be sure to always restart or kill Setup Manager. You can always use the keyboard shortcut `shift-control-command-E` to quit Setup Manager.
This is also the action that is performed when the `finalCountdown` timer runs out.
When the `DEBUG` preference is set, `shutdown` or `restart` will merely quit/continue.
@@ -188,11 +204,48 @@ Example:
<string>shutdown</string>
```
#### `finishedScript`
(String, optional)
A full path to a script file which will be executed _after_ Setup Manager has finished its workflow. This process runs independently of Setup Manager, so it can run installers or scripts that affect Setup Manager.
The script has to fulfill these criteria to be executed:
- owner: `root`, group: `wheel`
- executable bit set
- not writable for group or other (file mode `755` or `555`)
- no quarantine flag attached
The output of the finished script and trigger will be logged to `/private/var/log/setupManagerFinished.log`.
Example:
```xml
<key>finishedScript</key>
<string>/Library/Management/finishedScript.sh</string>
```
#### `finishedTrigger`
(String, optional, Jamf Pro only)
A custom policy trigger which will be executed _after_ Setup Manager has finished its workflow. This process runs independently of Setup Manager, so it can run installers or scripts that affect Setup Manager.
The output of the finished script and trigger will be logged to `/private/var/log/setupManagerFinished.log`.
Example:
```xml
<key>finishedTrigger</key>
<string>setup_manager_finished</string>
```
#### `totalDownloadBytes`
(Integer, opitonal, default: 1000000000 or 1GB, v0.8)
(Integer, optional, default: 1000000000 or 1GB, v0.8)
Use this value to provide an estimate for the total size of all items that will be downloaded. Setup Manager will display and estimated download time for this sum in the "About this Mac..." popup window.
Use this value to provide an estimate for the total size of all items that will be downloaded. Setup Manager will display an estimated download time for this sum in the "About this Mac..." popup window.
Example:
@@ -218,7 +271,7 @@ Example:
(String, Jamf Pro only)
Set this to `$EMAIL` in the configuration profile. This communicates the user who logged in to customized enrollment to Setup Manager. This can be used together with the `userEntry.showForUserIDs` key to control which users see the user entry UI.
Set this to `$EMAIL` in the configuration profile. This communicates the user who logged in to customized enrollment to Setup Manager. This can be used together with the [`userEntry.showForUserIDs`](#conditionally-show-the-user-entry-for-certain-users) key to control which users see the user entry UI.
Example:
@@ -291,6 +344,26 @@ Example:
When debug mode is enabled, you can set the `simulateMDM` preference key to `Jamf Pro` or `Jamf School`. This allows you to do test runs on un-enrolled Macs.
#### `actionOutputLogging`
(string, optional, default: `error`)
This key controls whether the output of actions is written to the Setup Manager log file.
There are three options:
- `always`: output and exit code are always written to the log file
- `error`: (default) output and exit code are only written on errors
- `never`: output and exit are never written to the log file
Setup Manager's log window will always show the output, regardless of this setting.
Example:
```xml
<key>actionOutputLogging</key>
<string>always</string>
```
## Actions
All actions should have these keys:
@@ -358,7 +431,7 @@ Example:
This will run the Jamf Pro policy or polices with the given trigger name. This is the equivalent of running
```
jamf policy -event <triggername> -verbose -forceNoRecon -doNotRestart -noInteraction
jamf policy -event <triggername> -verbose -forceNoRecon -doNotRestart -noInteraction -skipAppUpdates
```
Note: Jamf Pro policies can do a lot of different things and fail in many different ways. Setup Manager does _not_ check for all possible failure modes. It only checks for failed installer pkgs and policy scripts that return non-zero exit codes, which should cover most uses of policies for initial deployment.
@@ -376,6 +449,20 @@ Example:
</dict>
```
Note: You can trigger policies attached to "Recurring Check-in" by leaving the string value empty:
```xml
<dict>
<key>icon</key>
<string>symbol:arrow.trianglehead.2.clockwise.rotate.90</string>
<key>label</key>
<string>Check-in</string>
<key>policy</key>
<string/>
</dict>
```
### Watch Path
#### `watchPath`
@@ -476,9 +563,9 @@ Example:
### Installomator
This will run [Installomator](https://github.com/Installomator/Installomator) to install a given label.
Setup Manager includes the [Installomator](https://github.com/Installomator/Installomator) script to simplify installations. This action will run [Installomator](https://github.com/Installomator/Installomator) to install a given label.
Note: by default, Setup manager will add `NOTIFY=silent` to the arguments to suppress notfications. You can override this in the `arguments`.
Note: by default, Setup manager will add `NOTIFY=silent` to the arguments to suppress notifications. You can override these variables and add more with the `arguments` key.
#### `installomator`
@@ -505,6 +592,21 @@ Example:
</dict>
```
with arguments:
```xml
<dict>
<key>label</key>
<string>Example App</string>
<key>installomator</key>
<string>example</string>
<key>arguments</key>
<array>
<string>downloadURL=https://example.com/alternativeURL</string>
</array>
</dict>
```
## Icon Sources
@@ -824,6 +926,10 @@ Example:
Setup Manager can send web hooks to servers and services to trigger workflows there. You can read [details on how to configure and use WebHooks here](Docs/Webhooks.md).
## Network Connectivity
Setup Manager can check and display the network status and connectivity to a list of hosts. You can read [the details on how to configure this here](Docs/Network.md).
## Localization
The app will pick up the user choice of the UI language for the interface elements. (Table of currently available languages below.) The app will fall back to English for other language choices.
@@ -886,6 +992,10 @@ The following keys can be localized:
- `message`
- `url`
### Network Check
- `label`
Use these two-letter codes for these languages:
| Language | two-letter code |
@@ -894,9 +1004,10 @@ Use these two-letter codes for these languages:
| Dutch (Nederlands) | nl |
| French | fr |
| German | de |
| Italian | it |
| Hebrew | he |
| Italian | it |
| Norwegian | nb |
| Polish | pl |
| Spanish | es |
| Swedish | sv |

77
Docs/Extras.md
View File

@@ -1,5 +1,19 @@
# Extras and Notes
## Keyboard Shortcuts
Note that the Setup Manager window does not activate to receive keystrokes automatically when running over Setup Manager. You have to click in the Setup Manager window first.
| shift-control-command E | ["exit"/quit Setup Manager](#Quit), use only in emergencies as it will leave installations in an indeterminate state |
| command-L | open [Log window](#Logging) |
| command-B | toggle Battery status icon in Setup Manager window |
| command-N | toggle [Network status icon](Network.md) in Setup Manager window |
| space | show [serial number bar code window](#scannable-serial-number-barcode) |
| i | show "About this Mac" popup |
| h | show "Help" popup, when present |
| hold option key when clicking "About this Mac" | shows more info |
## Custom JSON Schema for Jamf Pro
- create a new profile
@@ -23,7 +37,30 @@ The command-Q keyboard shortcut to quit the app is disabled. Use `shift-control-
## Logging
Setup Manager logs to `/Library/Logs/Setup Manager.log`. While Setup Manager is running you can open a log window with command-L.
While Setup Manager is running you can open a log window with command-L.
There are two or three tabs, one for the main Setup Manager log, one showing output from `/var/log/install.log` and (Jamf Pro only) one tab showing output from `/var/log/jamf.log`. By default, these log tabs will be summarized to events relevant to the enrollment workflow. You can see the full log content by unchecking the 'Summarize' option.
Note that both logs will show events that were not initiated by Setup Manager. Nevertheless, these events may be relevant to your enrollment workflow.
These summarized events will also appear in the Setup Manager log tab and log file, as well as the universal log entries. Having these events in context at the time they occur in the Setup Manager log is very helpful when trouble-shooting enrollment workflows.
Setup Manager logs to `/Library/Logs/Setup Manager.log`. There are four columns:
- timestamp (in ISO8601)
- log level (default, error or fault)
- category (general, install, network, jamfpro)
- message
To clean up the main log a little, Setup Manager will only write the output of actions to the Setup Manager log file when an error occurred. You can control this behavior with a new top-level preference key `actionOutputLogging`.
Setup Manager also logs to the macOS unified system log. The subsystem is `com.jamf.setupmanager`. You can use the `log` command line tool to read the log.
For example:
```
sudo log show --last 30m --predicate 'subsystem="com.jamf.setupmanager"'
```
## Debug mode
@@ -108,3 +145,41 @@ Setup Manager will unload and remove its LaunchAgent and LauchDaemon files upon
If you still want to remove Setup Manager after successful enrollment, there is [a sample uninstaller script in the Examples folder](../Examples/uninstall.sh).
## (Jamf Pro): Useful Smart Groups
You can create smart groups to coordinate installations of Configuration profiles. Some useful examples are:
### Setup Manager Installed
Criteria: 'Application Bundle ID' is `com.jamf.setupmanager`
You can use this smart group to scope or limit configuration profiles, Mac App Store/VPP apps, and Jamf App Installer apps. This way their installation will not occur immediately after enrollment, potentially slowing down the installation of essential Jamf Pro components and extending the "Getting Ready" phase.
### Setup Manager Done
Create an Extension attribute named "Setup Manager Done" with the script code:
```sh
if [ -f "/private/var/db/.JamfSetupEnrollmentDone" ]; then
echo "<result>done</result>"
else
echo "<result>incomplete</result>"
fi
```
Then create a Smart Group named "Setup Manager Done" with the criteria `"Setup Manager Done" is "done"`.
You can use this to scope configuration profiles and policies so that they are installed or run _after_ Setup Manager is complete.
## Running Scripts and Policies when Setup Manager finishes
Generally, you want to coordinate tasks, configurations, and installations with Setup Manager actions. However, in some situations the installations might interfere with the Setup Manager workflow itself. This is most relevant with software that needs to reload the login window process, which will also kill Setup Manager. (e.g Jamf Connect Login)
Setup Manager provides a LaunchDaemon which monitors the `.JamfEnrollmentSetupDone` flag file. It then launches a script or a custom Jamf Pro policy trigger. Since this LaunchDaemon runs independently from Setup Manager, so it can run installers or scripts that might quit login window or Setup Manager.
However, if you have set Setup Manager to automatically shut down or restart at the end, this will interrupt the finished script or policy, unless the automated delay is long enough. Use the [`finalAction`](../ConfigurationProfile.md#finalAction) value of `none` to remove the button and countdown from the Setup Manager UI. However, now it the responsibility of the finishing process to restart the Mac or quit the Setup Manager process, otherwise Setup Manager will keep blocking the UI.
The finished script or custom trigger are configured in the Setup Manager configuration profile, with the [`finishedScript`](../ConfigurationProfile.md#finishedScript) and [`finishedTrigger`](../ConfigurationProfile.md#finishedTrigger) keys.
The SetupManagerFinished daemon logs its output (and the output of the policy and scripts to `/private/var/log/setupManagerFinished.log`.

60
Docs/FAQ.md
View File

@@ -12,9 +12,10 @@ Yes, use the top-level `background` key and point it to a local image file or a
There can be many causes for this. A few common causes are:
- Jamf Pro: check that Setup Manager is added to your prestage and the package does not have the label "Availability pending" in Settings> Packages
- Jamf Pro: do not install JamfConnect.pkg in prestage when you want to use Setup Manager. Install JamfConnect with Setup Manager instead
- you need at least one of the 'Setup Assistant Options' in the prestage to be set to _not_ skip. Location Services or 'Choose your Look' are common choices that you generally want to leave up the user anyway. Otherwise, Setup Assistant may quit before Setup Manager can launch and do its actions.
- you need at least one of the 'Setup Assistant Options' in the prestage to be set to _not_ skip. Location Services is a good choice that you generally want to leave up the user anyway. Otherwise, Setup Assistant may quit before Setup Manager can launch and do its actions.
- Jamf Pro:
- check that Setup Manager is added to your prestage and the package does not have the label "Availability pending" in Settings> Packages
- in Prestage > Enrollment Packages verify that the Distribution Point is set correctly (it resets to "none" when you remove the last enrollment package)
## Does Setup Manager require Jamf Connect
@@ -27,7 +28,7 @@ Setup Manager will run fine without Jamf Connect. You can even build 'single-tou
- preinstall icon files with a custom package installer in prestage. Set the priority of the media/branding package lower than that for Setup Manager, or give the branding/media package a name that is alphabetically earlier than Setup Manager, so it installs before Setup Manager
- use http(s) urls to the image files
- you can host them on a web server/service that you have control over
- you can add the icon as an icon for a Self Service policy in Jamf and then copy the url to the icon once uploaded
- you can add the icon to a Self Service policy in Jamf and then copy the url to the icon once uploaded
## What is happening during "Getting Ready" and "Finishing"?
@@ -38,11 +39,33 @@ When enrolled into Jamf Pro, Setup Manager runs (among other things) a recon/Upd
You can open the log window (command-L) or review the [log file](Extras.md#logging) for detail for each step. Should Setup Manager stall during one of these steps, you can [quit](Extras.md#quit) out of Setup Manager and review the [log file](Extras.md#logging) after completing the setup.
## (Jamf Pro) Getting Ready is taking very long (several minutes). What is happening and can I do something to make it faster?
The "Getting Ready" phase prepares some steps and waits for all essential Jamf Pro components (the jamf binary, certificates, Jamf.app, etc.) to be installed and configured before starting with the actual enrollment workflow. Depending on the network connection this might take a while.
Note that you can see the individual steps and the timing for each step in the [Setup Manager log file](Extras.md#logging)].
Once Jamf Pro's enrollment workflow is complete, Setup Manager runs a full update inventory/recon. In general, if the recon takes a long time, you should review the inventory collection settings. Calculating home directory sizes and gathering fonts can take a lot of time and CPU power, and speed up things significantly when turned off, not just during enrollment with Setup Manager. You should also review extension attributes, for how long each one runs.
Mac App Store/VPP and Jamf App Installer apps that are scoped to the computer will also begin installing _immediately_ after enrollment. Since macOS will only perform one installation at a time, these might delay the installation of essential Jamf Pro components. You can create smart groups to defer these installations.
With Setup Manager 1.3 and higher, you can check whether apps are getting installed before Setup Manager starts the actions in the Setup Manager log.
## Can I set the wallpaper/desktop picture or dock with Setup Manager?
The settings for the dock and wallpaper/desktop picture are _user_ settings. Since the user account usually does not yet exist when Setup Manager runs, you cannot affect those settings.
What you can do is run a script at login which sets the desktop (using [desktoppr](https://github.com/scriptingosx/desktoppr) ) or the dock (using [dockutil](https://github.com/kcrawford/dockutil) or a similar tool). You can use the Jamf Pro login trigger for this, or create a custom LaunchAgent or use [outset](https://github.com/macadmins/outset/)
What you can do is run a script at login which sets the desktop (using [desktoppr](https://github.com/scriptingosx/desktoppr) ) or the dock (using [dockutil](https://github.com/kcrawford/dockutil) or a similar tool).
## If Setup Manager cannot do it, how can I run scripts at first login
There are several options:
- custom launch agent
- [outset](https://github.com/macadmins/outset/)
- Jamf Pro: [Self Service macOS Onboarding](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/macOS_Onboarding.html)
- Jamf Pro: [policy with a login trigger](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Login_Events.html)
## Can Setup Manager run at first login, rather than right after enrollment?
@@ -52,6 +75,33 @@ With Jamf Pro, you can set the Setup Manager pkg to install at the `login` trigg
This is not, however, the primary workflow for Setup Manager and not something that we will test or verify. We believe running right after enrollment over Setup Assistant is the preferable deployment.
With Jamf Pro, you should consider [macOS Onboarding in Self Service](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/macOS_Onboarding.html) or a [login trigger](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Login_Events.html) instead.
## Installer or Policy Script is failing with access errors
For some policy scripts or installers it may be necessary to give the Setup Manager app Full Disk Access or some other exemptions with a PPPC Profile.
## Installomator actions are all failing
The log shows exit code 4, which means the download was rejected.
Installomator uses Gatekeeper to verify the downloads. When Gatekeeper is set to allow Mac App Store apps only it will reject all third party apps and installers and the verification will fail.
## Can I set Installomator variables?
Yes. The `installomator` action has an `arguments` key, which takes an array strings, one for each argument. With this, you can override variables in Installomator.
Example:
```xml
<dict>
<key>label</key>
<string>Example App</string>
<key>installomator</key>
<string>example</string>
<key>arguments</key>
<array>
<string>downloadURL=https://example.com/alternativeURL</string>
</array>
</dict>
```

12
Docs/JamfPro-QuickStart.md
View File

@@ -47,12 +47,12 @@ You can add more actions here. There are more types of actions available, you ca
## Scoping and Prestage
- Scope the configuration profile to the computers you want to run Setup Manager on
- scope the configuration profile to the computers you want to run Setup Manager on
- create a new Prestage or duplicate an existing one
- Add the Setup Manager pkg and the configuration profile to the Prestage
- if you have JamfConnect.pkg in the Prestage, remove it. You can later add an action to install JamfConnect using Setup Manager.
- add the Setup Manager pkg and the configuration profile to the Prestage
- when installing and using Jamf Connect Login, ensure you have the latest version
- ensure that 'Automatically advance through Setup Assitant' is _disabled_
- Have at least one Setup Assistant option _disabled_ (so that _is_ displayed)
- have at least one Setup Assistant option which shows before user creation _disabled_ (so that _is_ displayed), we recommend the Location Services or Terms and Conditions pane
- ensure your test Mac(s) is (are) assigned to the Prestage
## Wipe the Test Mac
@@ -66,5 +66,5 @@ You can add more actions here. There are more types of actions available, you ca
- add more [actions](../ConfigurationProfile.md#actions) to Setup Manager, you can use more Jamf Pro policies, Installomator labels, or shell actions
- automate computer naming with a [computer name template key](../ConfigurationProfile.md#computerNameTemplate)
- add [a `help` section](../ConfigurationProfile.md#help) to let the user know what is going on
- ideally automated deployments shouldn't require manual entry, but if necessary, you can configure a [user entry](../ConfigurationProfile.md#user-entry) section in the profile
- optionally, add [a `help` section](../ConfigurationProfile.md#help) to let the user know what is going on
- ideally automated deployments shouldn't require manual data entry, but if necessary, you can configure a [user entry](../ConfigurationProfile.md#user-entry) section in the profile

80
Docs/Network.md Normal file
View File

@@ -0,0 +1,80 @@
# Network Connectivity
Setup Manager can display the current network status in the top right corner of the main window.
By default, the icon will only appear when
- there is no network connection
- Network Relay is configured
- the `networkCheck` array is present in the profile
You can always manually toggle the visibility of the network status icon with command-N.
The icon will show the network "globe" icon when the network is connected, the icon with a slash when it is disconnected, and the icon with a small shield when it is connected and Network Relay is configured.
You can click on the icon for more detailed information:
- network connection name
- IP addresses (IPv4 and IPv6, when present)
- Network Bandwidth information (these take a while to appear, be patient)
- When Network Relay is configured, it will show the connectivity to the HTTP3/QUIC and HTTP2 hosts
- Connectivity to certain hosts
- by default, the Jamf Server will be shown
- You can add a list of custom hosts in the configuration profile
### `networkCheck`
(array of dict, optional)
Provides a list of hosts to check connectivity to. These will be shown in the 'Connectivity' section in the network info pane.
Each dict in this array represents a check for a connection to a host. The dict can contain the following keys:
#### `host`
(string)
The host name, e.g. `host.example.com` (no url scheme) to test a connection to.
#### `port`
(integer, optional, default: `443`)
The port to test a connection to.
#### `protocol`
(string, optional, default: `tcp`)
The connection protocol to test: `tcp` or `udp`.
#### `label`
(string, localizable, optional)
A display label for the connection test.
Example:
```xml
<key>networkCheck</key>
<array>
<dict>
<key>host</key>
<string>map.wandera.com</string>
<key>label</key>
<string>Intranet Maps</string>
<key>port</key>
<integer>443</integer>
<key>protocol</key>
<string>tcp</string>
</dict>
</array>
```
## Network Change logging
Setup Manager 1.3 adds logging for changes to network interfaces. It is possible that there will multiple entries in the log with regards to the same network change. Most changes logged will be neutral and should not affect your deployment negatively.
However, it is possible that changes to the network configuration of a device can influence the deployment workflow. Changes to network or Wi-Fi configurations and other network or security tools might disrupt the network connectivity during enrollment. This might interrupt or cancel downloads.
For example, when a configuration profile with the access information for a secure corporate Wifi is installed on the device, then the download access to required resources might change. Another example are security tools that might lead to restricted access for downloads (Installomator uses `curl` to download data, which might trigger security tools.)
Checking the log for network changes or outages during enrollment can be useful for troubleshooting.

15
Docs/Webhooks.md
View File

@@ -113,3 +113,18 @@ Use this webhook format in the Setup Manager profile:
```
This `dict` replaces the simple `string` syntax.
### Slack
You can also [configure Slack to receive messages on webhook url](https://api.slack.com/messaging/webhooks).
Use this webhook format in the Setup Manager profile:
```xml
<dict>
<key>kind</key>
<string>slack</string>
<key>url</key>
<string>--insert url from Slack here--</string>
</dict>
```

24
Examples/sample-com.jamf.setupmanager.plist
View File

@@ -15,7 +15,7 @@
<key>label</key>
<dict>
<key>de</key>
<string>Zeitzone setzen</string>
<string>Zeitzone einstellen</string>
<key>en</key>
<string>Set Time Zone</string>
<key>es</key>
@@ -28,6 +28,12 @@
<string>Imposta il fuso orario</string>
<key>nl</key>
<string>Tijdzone instellen</string>
<key>sv</key>
<string>Ställ in tidszon</string>
<key>nb</key>
<string>Angi tidssone</string>
<key>pl</key>
<string>Ustal strefę czasową</string>
</dict>
<key>requiresRoot</key>
<true/>
@@ -91,6 +97,12 @@
<string>Sii paziente mentre Setup Manager configura il tuo nuovo Mac.</string>
<key>nl</key>
<string>Even geduld terwijl Setup Manager je nieuwe Mac configureert.</string>
<key>pl</key>
<string>Prosimy o cierpliwość, podczas gdy Setup Manager konfiguruje Twojego nowego Maca.</string>
<key>sv</key>
<string>Ha tålamod medan Setup Manager konfigurerar din nya Mac.</string>
<key>nb</key>
<string>Vær tålmodig mens Setup Manager konfigurerer den nye Mac-en din.</string>
</dict>
<key>title</key>
<dict>
@@ -99,15 +111,21 @@
<key>en</key>
<string>Welcome!</string>
<key>es</key>
<string>¡Bienvenido!</string>
<string>¡^[^[Bienvenido](inflect: true)](inflectionAlternative: &apos;Te damos la bienvenida&apos;)!</string>
<key>fr</key>
<string>Bienvenu!</string>
<key>he</key>
<string>ברוכים הבאים!</string>
<key>it</key>
<string>Benvenuto!</string>
<string>^[Benvenuto](inflect: true, inflectionAlternative: &quot;Ciao&quot;)!</string>
<key>nl</key>
<string>Welcom!</string>
<key>pl</key>
<string>Witamy!</string>
<key>sv</key>
<string>Välkommen</string>
<key>nb</key>
<string>Velkommen</string>
</dict>
<key>userEntry</key>
<dict>

11
README.md
View File

@@ -4,8 +4,8 @@
_"Every Assistant has a Manager"_
![Setup Manager Logo](https://img.shields.io/badge/macOS-12%2B-success)
![Setup Manager Logo](https://img.shields.io/badge/macOS-13.5%2B-success)
Updates are published in the '[Releases](https://github.com/jamf-concepts/setup-manager/releases)' section of the repo. There you can also [download the latest pkg installer](https://github.com/jamf-concepts/setup-manager/releases/latest). You can subscribe to notifications for the repo using the 'Watch' button above.
Please report issues, feature requests [as an issue.](https://github.com/jamf-concepts/setup-manager/issues)
@@ -47,6 +47,7 @@ Setup Manager provides:
- [Extras and Notes](Docs/Extras.md)
- [Frequently Asked Questions](Docs/FAQ.md)
- [Webhooks](Docs/Webhooks.md)
- [Network Connectivity Checks](Docs/Network.md)
## Configuration Profile
@@ -56,13 +57,13 @@ There is also a [custom schema for Jamf Pro](Docs/Extras.md#custom-json-schema-f
## Requirements
Setup Manager requires macOS 12.0.0 or higher. It will work only with Jamf Pro or Jamf School.
Setup Manager requires macOS 13.5 or higher. It will work only with Jamf Pro or Jamf School.
## Known Issues
- Setup Manager will **_not_** launch at enrollment with Auto-Advance enabled, use the option to run at login window
- Setup Manager may **_not_** launch or launch and quit quickly when you disable _all_ Setup Assistant screens, leave at least one Setup Assistant option enabled, or use the option to run at login window
- Policies that are triggered by `enrollmentComplete` may delay or even disrupt Setup Manager running from Prestage/Automated Device Enrollment. Disable or unscope policies triggered by `enrollmentComplete` on devices using Setup Manager.
- Setup Manager may **_not_** launch or launch and quit quickly when you disable _all_ Setup Assistant screens and skip user creation, leave at least one Setup Assistant option that shows _before_ the user creation enabled, or use the option to run at login window
- Policies that are triggered by `enrollmentComplete` may delay or even disrupt Setup Manager running from Prestage/Automated Device Enrollment. Disable or un-scope policies triggered by `enrollmentComplete` on devices using Setup Manager.
---