Menu Close

Refresh Self Service when users Opt-in / Opt-out of your Internal Beta Test Program

Background

JNUC 2019 Your Internal Beta Test Program: Opt-in, Opt-out via Self Service

Opt-in > Files and Processes > Execute Command

We’ve added the following one-liner to the Files and Processes > Execute Command Payload for our Opt-in policy to force Self Service to refresh:

/usr/bin/su - "/usr/bin/stat -f%Su /dev/console" -c "/usr/bin/osascript -e 'tell application \"Self Service\" to activate' -e 'tell application \"System Events\" to key code 53' -e 'tell application \"System Events\" to keystroke \"r\" using {command down}'" ; /usr/local/bin/jamf manage -verbose

Opt-out > Files and Processes > Execute Command

A slight variation on the opt-in one-liner, if a user opts-out of our internal Beta Test program, we’ll also remove them from Apple’s. (Bbbbbuuuwwwahahahah!!!)

Add to the Files and Processes > Execute Command Payload for your Opt-out policy:

/usr/bin/su - "/usr/bin/stat -f%Su /dev/console" -c "/usr/bin/osascript -e 'tell application \"Self Service\" to activate' -e 'tell application \"System Events\" to key code 53' -e 'tell application \"System Events\" to keystroke \"r\" using {command down}'" ; /System/Library/PrivateFrameworks/Seeding.framework/Versions/A/Resources/seedutil unenroll ; /usr/sbin/pkgutil --forget com.apple.pkg.macOSCustomerBetaAccessUtility.16U2035 ; /usr/local/bin/jamf manage -verbose ; /usr/local/bin/jamf recon

(Special thanks to Kyle Flater, @floeter, for his racing-stripe of including the Escape key in case the user was viewing the Self Service Description.)

Privacy Preferences Policy Control Settings

You’ll also need the following two Privacy Preferences Policy Control settings nowadays:

Privacy Preferences Policy Control (Jamf) (1 of 2)

App Access (1 of 2)

  • Identifier: com.jamf.management.service
  • Identifier Type: Bundle ID
  • Code Requirement: anchor apple generic and identifier "com.jamf.management.service" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")
  • App or Service: Accessibility
  • Access: Allow

App Access (2 of 2)

  • Identifier:com.jamf.management.Jamf
  • Identifier Type: Bundle ID
  • Code Requirement: anchor apple generic and identifier "com.jamf.management.Jamf" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")
  • App or Service: Accessibility
  • Access: Allow
  • App or Service: AppleEvents
  • Access: Allow
    • Receiver Identifier: com.apple.systemevents
    • Receiver Identifier Type : Bundle ID
    • Receiver Code Requirement: identifier "com.apple.systemevents" and anchor apple
Privacy Preferences Policy Control (Jamf) (1 of 2)

Privacy Preferences Policy Control (Jamf) Workaround (2 of 2)

  • Identifier: com.jamf.management.service
  • Identifier Type: Bundle ID
  • Code Requirement: anchor apple generic and identifier "com.jamf.management.Jamf" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")
  • App or Service: AppleEvents
  • Access: Allow
    • Receiver Identifier: com.apple.systemevents
    • Receiver Identifier Type : Bundle ID
    • Receiver Code Requirement: identifier "com.apple.systemevents" and anchor apple
Privacy Preferences Policy Control (Jamf) (2 of 2)
Posted in Jamf Pro, Scripts, Tips & Tricks

Related Posts