Step 6 postinstall script
jworkmanjc edited this page May 27, 2020
·
7 revisions
Use the postinstall script or create a new postinstall file with the following payload. The LaunchDaemon must be moved to a system's /Library/LaunchDaemons/ directory in the postinstall script.
#!/bin/sh
# Enter the ENROLLMENT_USER within the '' of ENROLLMENT_USER=''
ENROLLMENT_USER=''
# Enter the ENROLLMENT_USER_PASSWORD within the '' of ENROLLMENT_USER_PASSWORD='' with the credentials of the admin with a secure token
ENROLLMENT_USER_PASSWORD=''
cat <<-EOF >/var/run/JumpCloud-SecureToken-Creds.txt
$ENROLLMENT_USER;$ENROLLMENT_USER_PASSWORD
EOF
# Set Permissions
# Install script should be placed in /var/tmp if we want to account for restarts
# files in private/tmp will be deleted by macOS
chmod 744 /var/tmp/jumpcloud_bootstrap_template.sh
chown root:wheel /var/tmp/jumpcloud_bootstrap_template.sh
chmod 644 /Library/LaunchDaemons/com.jumpcloud.prestage.plist
chown root:wheel /Library/LaunchDaemons/com.jumpcloud.prestage.plist
# load the LaunchDaemon
launchctl load -w /Library/LaunchDaemons/com.jumpcloud.prestage.plist
Populate the ENROLLMENT_USER='' and the ENROLLMENT_USER_PASSWORD='' with the values specified for this account in Step 2
Example:
#!/bin/sh
# Enter the ENROLLMENT_USER within the '' of ENROLLMENT_USER=''
ENROLLMENT_USER='Welcome'
# Enter the ENROLLMENT_USER_PASSWORD within the '' of ENROLLMENT_USER_PASSWORD='' with the credentials of the admin with a secure token
ENROLLMENT_USER_PASSWORD='Welcome1!'
cat <<-EOF >/var/run/JumpCloud-SecureToken-Creds.txt
$ENROLLMENT_USER;$ENROLLMENT_USER_PASSWORD
EOF
# Set Permissions
# Install script should be placed in /var/tmp if we want to account for restarts
# files in private/tmp will be deleted by macOS
chmod 744 /var/tmp/jumpcloud_bootstrap_template.sh
chown root:wheel /var/tmp/jumpcloud_bootstrap_template.sh
chmod 644 /Library/LaunchDaemons/com.jumpcloud.prestage.plist
chown root:wheel /Library/LaunchDaemons/com.jumpcloud.prestage.plist
# load the LaunchDaemon
launchctl load -w /Library/LaunchDaemons/com.jumpcloud.prestage.plist
The presences of the JumpCloud-SecureToken-Creds.txt file is require to install the JumpCloud agent with the JumpCloud Service Account. The JumpCloud Service Account is mandatory to manage Secure Tokens and FileVault enabled users. The JumpCloud-SecureToken-Creds.txt is deleted by the agent install process and removed from the system.