“Sometimes magic is just someone spending more time on something than anyone else might reasonably expect.” ~Teller
Magicians spend a lot of time perfecting skills that if, done right, can’t be seen by their audiences. If we do our job well, the deployment of our Apple devices can look like magic to our end users. If we do it poorly, it just looks like a sad man pulling a long scarf out of his sleeve.
In this first part of our series on creating magic with endpoint provisioning, we are going to follow in the footsteps of my favorite magicians, Penn and Teller, and start with the the flourish, the “prestige,” the “ta da!” and work our way backwards to cover the pieces, the “gaffs”, along the rest of the series.
We are going to start with the workflow that engages the user from the time they first log in to the time their computer is completely provisioned for use within your organization.
And if I may extend the magic metaphor a bit longer, there are many “artisans” in the magic world creating the gimmicks used by magicians; many that create the same effect just in different ways. So, too, are there many developers that create tools we could use to create our effect.
DEPNotify by Joel Rennich (aka MacTroll) – DEPNotify creates a UI where all elements of the screen (title, text, progress bar, etc.) are controlled by adding lines of commands to the end of a log file.
Octory by Amaris Software (formerly SplashBuddy and Ceremony) – Octory provides a nice interface and includes a precise visual indicator to your users as to what has been installed and what remains to be completed. But as per the documentation, it has very specific requirements on how your packages and policies are named in order to work; and if these clash with your existing standards and documentation guidelines, it will feel out of place.
Mac @ IBM Enrollment App by IBM – When IBM presented their workflow at JNUC, they received a lot of requests by the community to share their tools, which they did. And while they did release it, as of this writing it is still written for their use. From their guide: “Although it is possible for any mac admin to adopt this project, some Swift application development experience will certainly aid in crafting a well polished application around your organization’s brand and requirements.”
We have chosen DEPNotify because it provides most of the UI elements of the other two including the ability to have the user accept your organization’s acceptable use policy and register their device with their name and department as needed. It also allows you to customize the appearance with your own branding and logo to present a unified experience.
But where DEPNotify excels beyond the others is in the simplicity of control. The application monitors a temporary log file and changes the UI when it sees any one of a wide range of commands. This allows a single policy-driven script to interact with the user and control the installation/provisioning workflow.
Feel free to follow along. Download DEPNotify and install it on your computer. The application gets placed in /Applications/Utilities to keep it out of view of prying eyes.
Launch DEPNotify.app and you will be greeted with this screen:
Is this your card?! No? Let’s keep going.
Note: In our final workflow, we are going to be launching DEPNotify from a script, along the lines of: “/Applications/Utilities/DEPNotify.app/Contents/MacOS/DEPNotify -fullScreen” which will cover the whole screen and keep the user at bay while we complete our provisioning magic.
Open Terminal and put your terminal window and the DEPNotify window alongside each other.
In Terminal, type the following:
echo "Command: MainTitle: Ta Da" >> /var/tmp/depnotify.log
You should now see the following screen:
Okay, okay. We’re still pulling endless handkerchiefs out of sleeves, aren’t we? But hopefully you can see just how easy this is coming together. Let’s try a few more commands:
echo "Command: Image: /System/Library/CoreServices/Setup Assistant.app/Contents/Resources/Assistant.icns" >> /var/tmp/depnotify.log
echo "Command: MainText: Is THIS your card" >> /var/tmp/depnotify.log
echo "Status: Thank you, ladies and gentlemen." >> /var/tmp/depnotify.log
And now we have:
The GitLab page for DEPNotify has a full tutorial on all the commands you can use, but among the most powerful are:
Command: Image: [path to image file] – Change the image up top
Command: MainTitle: [text] – Change the header text
Command: MainText: [text] – Change the big body of text. (can include newline characters for longer text)
Status: [text] – The text along the bottom that tells the user what is going on. (most commonly used throughout your script)
There are also commands to display a web page (e.g. “Welcome to the company”) or a video (Local, online, or YouTube), display alerts, and notifications.
There are additional commands to create an EULA agreement and a registration page with buttons, drop down menus, and text boxes. For deployments that need to, you can pull information from the Jamf Pro API to make drop down menus of your buildings and departments. Then the choices the user makes can be sent back through the API to populate the computer record and update smart groups for policies.
All this by watching a log file!
There is an additional flag for various MDMs, including Jamf! By adding the “-jamf” flag, DEPNotify will also read the /var/log/jamf.log and look for keywords to automatically generate “Status: “ lines for you.
And that, ladies and gentlemen, is known as “Provisioning Prestidigitation!” Okay, the name needs work, but you have to admit: we are just getting started with some serious hocus pocus to dazzle our users.
For our next trick (blog post) we will pull back another curtain and take a look at the script and policy we use to make this work in our workflow:
留言