Background
JNUC 2019 Your Internal Beta Test Program: Opt-in, Opt-out via Self Service
Opt-in > Files and Processes > Execute Command
We’ve added the following one-liner to the Files and Processes > Execute Command Payload for our Opt-in policy to force Self Service to refresh:
/usr/bin/su - "
/usr/bin/stat -f%Su /dev/console
" -c "/usr/bin/osascript -e 'tell application \"Self Service\" to activate' -e 'tell application \"System Events\" to key code 53' -e 'tell application \"System Events\" to keystroke \"r\" using {command down}'" ; /usr/local/bin/jamf manage -verbose
Opt-out > Files and Processes > Execute Command
A slight variation on the opt-in one-liner, if a user opts-out of our internal Beta Test program, we’ll also remove them from Apple’s. (Bbbbbuuuwwwahahahah!!!)
Add to the Files and Processes > Execute Command Payload for your Opt-out policy:
/usr/bin/su - "
/usr/bin/stat -f%Su /dev/console
" -c "/usr/bin/osascript -e 'tell application \"Self Service\" to activate' -e 'tell application \"System Events\" to key code 53' -e 'tell application \"System Events\" to keystroke \"r\" using {command down}'" ; /System/Library/PrivateFrameworks/Seeding.framework/Versions/A/Resources/seedutil unenroll ; /usr/sbin/pkgutil --forget com.apple.pkg.macOSCustomerBetaAccessUtility.16U2035 ; /usr/local/bin/jamf manage -verbose ; /usr/local/bin/jamf recon
(Special thanks to Kyle Flater, @floeter, for his racing-stripe of including the Escape key in case the user was viewing the Self Service Description.)
Privacy Preferences Policy Control Settings
You’ll also need the following two Privacy Preferences Policy Control settings nowadays:
Privacy Preferences Policy Control (Jamf) (1 of 2)
App Access (1 of 2)
- Identifier:
com.jamf.management.service
- Identifier Type:
Bundle ID
- Code Requirement:
anchor apple generic and identifier "com.jamf.management.service" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")
- App or Service:
Accessibility
- Access:
Allow
App Access (2 of 2)
- Identifier:
com.jamf.management.Jamf
- Identifier Type:
Bundle ID
- Code Requirement:
anchor apple generic and identifier "com.jamf.management.Jamf" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")
- App or Service:
Accessibility
- Access:
Allow
- App or Service:
AppleEvents
- Access:
Allow
- Receiver Identifier:
com.apple.systemevents
- Receiver Identifier Type :
Bundle ID
- Receiver Code Requirement:
identifier "com.apple.systemevents" and anchor apple
- Receiver Identifier:
Privacy Preferences Policy Control (Jamf) Workaround (2 of 2)
- Identifier:
com.jamf.management.service
- Identifier Type:
Bundle ID
- Code Requirement:
anchor apple generic and identifier "com.jamf.management.Jamf" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")
- App or Service:
AppleEvents
- Access:
Allow
- Receiver Identifier:
com.apple.systemevents
- Receiver Identifier Type :
Bundle ID
- Receiver Code Requirement:
identifier "com.apple.systemevents" and anchor apple
- Receiver Identifier: