Menu Close

Setup Your Mac (1.5.0) via swiftDialog

Update: February 2023

Help mitigate zero-day attacks with the new “Outdated OS Action” in Setup Your Mac (1.7.0) which easily allows Mac Admins to specify a minimum OS version


Leverage customizable input fields to help provide your users a seamless post-enrollment experience when setting up their new Macs

Setup Your Mac (1.5.0) screencast (01:38; no audio; edited for time)

Introduction

Apple’s Automated Device Enrollment helps to streamline Mobile Device Management (MDM) enrollment and device Supervision during activation, enabling IT to manage enterprise devices with “zero touch.”

Setup Your Mac aims to simplify initial device configuration by leveraging swiftDialog and Jamf Pro Policy Custom Events to allow end-users to self-complete Mac setup post-enrollment via Jamf Pro’s Self Service.

Implementation

Setup Your Mac is designed to be executed via a Jamf Pro Self Service policy.

Prior to using Setup Your Mac, we were using Jamf Pro policies triggered by enrollmentComplete (i.e., “Enrollment Complete Immediately after a computer completes the enrollment process”), but the successful execution of these policies was too unreliable for our needs.

Policies with an Enrollment Complete trigger do not run upon completion of enrollment under certain circumstances.

Jamf Pro Known Issues PI100009 - PI-004775

Currently — as can be observed in the first several seconds of the Setup Your Mac screencast — a device is initially considered as “non-compliant” and is only offered two policies:

  • Setup Your Mac
  • Update Computer Inventory

The successful execution of Setup Your Mac results in a compliant Mac.

Additionally, we require login to Self Service (including Multi-Factor Authentication) for every other policy; enabling Setup Your Mac at Enrollment Complete would bypass the required user login on the very first policy the user experiences. (See also: Setup Your Mac, please.)

Prerequisites

If the core functionality of Setup Your Mac meets your needs, writing code should not be required.

However, you must be comfortable modifying scripts before implementing this approach in production (i.e., customizing existing settings for your use-case, reading and editing JSON, etc.).

The Jamf Training Catalog — free to all Jamf customers — is a great place to start learning the basics.

Configuration

Complete the following steps to provide your users a seamless post-enrollment experience when setting up their new Macs.

A. Conduct a dry-run of the Setup Your Mac script

Complete the following steps on an unenrolled, testing macOS virtual machine.

  1. Open the macOS Terminal.
  2. Download the latest production version of Setup Your Mac using the following command. (The script will be saved to your Downloads folder as Setup-Your-Mac-via-Dialog-reference.bash):
curl -o ~/Downloads/Setup-Your-Mac-via-Dialog-reference.bash https://raw.githubusercontent.com/dan-snelson/dialog-scripts/main/Setup%20Your%20Mac/Setup-Your-Mac-via-Dialog.bash
  1. Execute the Setup Your Mac script using the following command:
bash ~/Downloads/Setup-Your-Mac-via-Dialog-reference.bash
  1. Observe the output (i.e., This script must be run as root; exiting.)
/Users/dan/Downloads/Setup-Your-Mac-via-Dialog-reference.bash: line 45: dialog: command not found
2022-11-22 04:29:49.524 defaults[710:7192] 
The domain/default pair of (/Library/Preferences/com.jamfsoftware.jamf.plist, self_service_app_path) does not exist
This script must be run as root; exiting.
  1. Execute the Setup Your Mac script with elevated privileges via sudo !!:
sudo !!
  1. Wait while the latest production version of swiftDialog is automatically installed and the personalized “Welcome” dialog is displayed:
Setup Your Mac (1.5.0) "Welcome" dialog
Setup Your Mac (1.5.0) “Welcome” dialog
  1. After reviewing and interacting with the input fields, click Quit.
  2. Observe the output in Terminal (i.e., WELCOME DIALOG: dan clicked Quit at Welcome Screen):
sudo bash ~/Downloads/Setup-Your-Mac-via-Dialog-reference.bash
Password:
/Users/dan/Downloads/Setup-Your-Mac-via-Dialog-reference.bash: line 45: dialog: command not found
2022-11-22 04:30:42.926 defaults[732:7418] 
The domain/default pair of (/Library/Preferences/com.jamfsoftware.jamf.plist, self_service_app_path) does not exist
2022-11-22 04:30:43 - *** Created log file via script ***
2022-11-22 04:30:43 - 

###
# DEBUG MODE | Dialog: v2.0.1.3814 • Setup Your Mac: v1.5.0
###

2022-11-22 04:30:43 - Waiting for Desktop …
2022-11-22 04:30:43 - Dialog not found. Installing...
installer: Package name is Dialog
installer: Installing at base path /
installer: The install was successful.
2022-11-22 04:30:59 - swiftDialog version 2.0.1.3814 installed; proceeding...
2022-11-22 04:30:59 - Caffeinating this script (pid=717)
2022-11-22 04:32:23 - WELCOME DIALOG: dan clicked Quit at Welcome Screen
2022-11-22 04:32:23 - Exiting …
2022-11-22 04:32:23 - De-caffeinate …
2022-11-22 04:32:23 - Attempting to terminate the 'caffeinate' process …
2022-11-22 04:32:23 - (Termination message indicates success.)
/Users/dan/Downloads/Setup-Your-Mac-via-Dialog-reference.bash: line 670:   774 Terminated: 15          caffeinate -dimsu -w $$
2022-11-22 04:32:23 - Removing /var/tmp/dialogWelcome.LM0 …
2022-11-22 04:32:23 - Removing /var/tmp/dialogSetupYourMac.2qN …
2022-11-22 04:32:23 - Removing /var/tmp/dialogFailure.bzb …
2022-11-22 04:32:23 - Removing default dialog file …
  1. Re-execute the Setup Your Mac script with elevated privileges by pressing the Up Arrow once and then pressing Return.
  2. Populate the input fields and click Continue:
Setup Your Mac (1.5.0) "Welcome" dialog with input fields populated
Setup Your Mac (1.5.0) “Welcome” dialog with input fields populated
  1. Wait while Setup Your Mac runs in Debug Mode (displayed in the bottom, left-hand corner) and observe the expected failures on the unenrolled VM:
Setup Your Mac (1.5.0) "Debug Mode" expected failures
Setup Your Mac (1.5.0) “Debug Mode” expected failures
Setup Your Mac (1.5.0) "Failure" screen with user instructions
Setup Your Mac (1.5.0) “Failure” screen with user instructions
Setup Your Mac (1.5.0) "Debug Mode" completionActionOption
Setup Your Mac (1.5.0) “Debug Mode” completionActionOption
  1. Review the log file in Console:
open /var/tmp/org.churchofjesuschrist.log 
B. Testing Tips

While Debug Mode can prove helpful during initial testing, eventually you’ll want to test-drive real-world scenarios (and, as you can imagine, testing forced-restarts includes some inherent inconvenience).

A trick I stumbled on is to first launch Terminal and elevate to root prior to testing. With an elevated Terminal, you’ll first be prompted for confirmation to forcibly quit Terminal, which you can cancel and continue testing.

Also while testing via Terminal, you may observe the Computer Inventory step taking longer than expected. Type Command k to quit the active dialog and you may find Terminal is requesting access to any number of user-specific items. After responding to each access request, proceed with your testing.

C. Review the default Welcome dialog

The input fields in the “Welcome” dialog are controlled by a single welcomeJSON variable (thanks to Bart Reardon) and you can add, modify or remove fields as required.

Note: The included input fields are examples only and should be thoroughly tested before being deployed in production.

####################################################################################################
#
# Welcome dialog
#
####################################################################################################

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# "Welcome" dialog Title, Message and Icon
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

welcomeTitle="Welcome to your new Mac, ${loggedInUserFirstname}!"
welcomeMessage="To begin, please enter the required information below, then click **Continue** to start applying settings to your new Mac.  \n\nOnce completed, the **Quit** button will be re-enabled and you'll be prompted to restart your Mac.  \n\nIf you need assistance, please contact the Help Desk: +1 (801) 555-1212."

# Welcome icon set to either light or dark, based on user's Apperance setting (thanks, @mm2270!) 
appleInterfaceStyle=$( /usr/bin/defaults read /Users/"${loggedInUser}"/Library/Preferences/.GlobalPreferences.plist AppleInterfaceStyle 2>&1 )
if [[ "${appleInterfaceStyle}" == "Dark" ]]; then
    welcomeIcon="https://cdn-icons-png.flaticon.com/512/740/740878.png"
else
    welcomeIcon="https://cdn-icons-png.flaticon.com/512/979/979585.png"
fi



# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# "Welcome" JSON (thanks, @bartreardon!)
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

welcomeJSON='{
    "title" : "'"${welcomeTitle}"'",
    "message" : "'"${welcomeMessage}"'",
    "icon" : "'"${welcomeIcon}"'",
    "iconsize" : "198.0",
    "button1text" : "Continue",
    "button2text" : "Quit",
    "infotext" : "'"${scriptVersion}"'",
    "blurscreen" : "true",
    "ontop" : "true",
    "titlefont" : "size=26",
    "messagefont" : "size=16",
    "textfield" : [
        {   "title" : "Comment",
            "required" : false,
            "prompt" : "Enter a comment",
            "editor" : true
        },
        {   "title" : "Computer Name",
            "required" : false,
            "prompt" : "Computer Name"
        },
        {   "title" : "User Name",
            "required" : false,
            "prompt" : "User Name"
        },
        {   "title" : "Asset Tag",
            "required" : true,
            "prompt" : "Please enter the seven-digit Asset Tag",
            "regex" : "^(AP|IP)?[0-9]{7,}$",
            "regexerror" : "Please enter (at least) seven digits for the Asset Tag, optionally preceed by either AP or IP."
        }
    ],
  "selectitems" : [
        {   "title" : "Department",
            "default" : "Please select your department",
            "values" : [
                "Please select your department",
                "Asset Management",
                "Australia Area Office",
                "Board of Directors",
                "Business Development",
                "Corporate Communications",
                "Creative Services",
                "Customer Service / Customer Experience",
                "Engineering",
                "Finance / Accounting",
                "General Management",
                "Human Resources",
                "Information Technology / Technology",
                "Investor Relations",
                "Legal",
                "Marketing",
                "Operations",
                "Product Management",
                "Production",
                "Project Management Office",
                "Purchasing / Sourcing",
                "Quality Assurance",
                "Risk Management",
                "Sales",
                "Strategic Initiatives & Programs",
                "Technology"
            ]
        },
        {   "title" : "Select B",
            "values" : [
                "B1",
                "B2",
                "B3"
            ]
        },
        {   "title" : "Select C",
            "values" : [
                "C1",
                "C2",
                "C3"
            ]
        }
    ],
    "height" : "635"
}'

# Write Welcome JSON for later processing
echo "$welcomeJSON" > "$welcomeCommandFile"

The processing of user input is handled later in the script and will most likely require additional customization, which, again, should be thoroughly tested before being deployed in production (i.e., see code comments UNTESTED, UNSUPPORTED "YOYO" EXAMPLE):

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Display Welcome dialog and capture user's input
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

if [[ "${welcomeDialog}" == "true" ]]; then

    welcomeResults=$( ${dialogApp} --jsonfile "$welcomeCommandFile" --json )
    if [[ -z "${welcomeResults}" ]]; then
        welcomeReturnCode="2"
    else
        welcomeReturnCode="0"
    fi

    case "${welcomeReturnCode}" in

        0)  # Process exit code 0 scenario here
            updateScriptLog "WELCOME DIALOG: ${loggedInUser} entered information and clicked Continue"

            ###
            # Extract the various values from the welcomeResults JSON
            ###

            comment=$(get_json_value_welcomeDialog "$welcomeResults" "Comment")
            computerName=$(get_json_value_welcomeDialog "$welcomeResults" "Computer Name")
            userName=$(get_json_value_welcomeDialog "$welcomeResults" "User Name")
            assetTag=$(get_json_value_welcomeDialog "$welcomeResults" "Asset Tag")
            department=$(get_json_value_welcomeDialog "$welcomeResults" "Department" "selectedValue")
            selectB=$(get_json_value_welcomeDialog "$welcomeResults" "Select B" "selectedValue")
            selectC=$(get_json_value_welcomeDialog "$welcomeResults" "Select C" "selectedValue")



            ###
            # Output the various values from the welcomeResults JSON to the log file
            ###

            updateScriptLog "WELCOME DIALOG: • Comment: $comment"
            updateScriptLog "WELCOME DIALOG: • Computer Name: $computerName"
            updateScriptLog "WELCOME DIALOG: • User Name: $userName"
            updateScriptLog "WELCOME DIALOG: • Asset Tag: $assetTag"
            updateScriptLog "WELCOME DIALOG: • Department: $department"
            updateScriptLog "WELCOME DIALOG: • Select B: $selectB"
            updateScriptLog "WELCOME DIALOG: • Select C: $selectC"



            ###
            # Evaluate Various User Input
            ###

            # Computer Name
            if [[ -n "${computerName}" ]]; then

                # UNTESTED, UNSUPPORTED "YOYO" EXAMPLE
                updateScriptLog "WELCOME DIALOG: Set Computer Name …"
                currentComputerName=$( scutil --get ComputerName )
                currentLocalHostName=$( scutil --get LocalHostName )

                # Sets LocalHostName to a maximum of 15 characters, comprised of first eight characters of the computer's
                # serial number and the last six characters of the client's MAC address
                firstEightSerialNumber=$( system_profiler SPHardwareDataType | awk '/Serial\ Number\ \(system\)/ {print $NF}' | cut -c 1-8 )
                lastSixMAC=$( ifconfig en0 | awk '/ether/ {print $2}' | sed 's/://g' | cut -c 7-12 )
                newLocalHostName=${firstEightSerialNumber}-${lastSixMAC}

                if [[ "${debugMode}" == "true" ]]; then

                    updateScriptLog "WELCOME DIALOG: DEBUG MODE: Renamed computer from: \"${currentComputerName}\" to \"${computerName}\" "
                    updateScriptLog "WELCOME DIALOG: DEBUG MODE: Renamed LocalHostName from: \"${currentLocalHostName}\" to \"${newLocalHostName}\" "

                else

                    # Set the Computer Name to the user-entered value
                    scutil --set ComputerName "${computerName}"

                    # Set the LocalHostName to `newLocalHostName`
                    scutil --set LocalHostName "${newLocalHostName}"

                    # Delay required to reflect change …
                    # … side-effect is a delay in the "Setup Your Mac" dialog appearing
                    sleep 5
                    updateScriptLog "WELCOME DIALOG: Renamed computer from: \"${currentComputerName}\" to \"$( scutil --get ComputerName )\" "
                    updateScriptLog "WELCOME DIALOG: Renamed LocalHostName from: \"${currentLocalHostName}\" to \"$( scutil --get LocalHostName )\" "

                fi

            else

                updateScriptLog "WELCOME DIALOG: ${loggedInUser} did NOT specify a new computer name"
                updateScriptLog "WELCOME DIALOG: • Current Computer Name: \"$( scutil --get ComputerName )\" "
                updateScriptLog "WELCOME DIALOG: • Current Local Host Name: \"$( scutil --get LocalHostName )\" "

            fi

            # User Name
            if [[ -n "${userName}" ]]; then
                # UNTESTED, UNSUPPORTED "YOYO" EXAMPLE
                reconOptions+="-endUsername \"${userName}\" "
            fi

            # Asset Tag
            if [[ -n "${assetTag}" ]]; then
                reconOptions+="-assetTag \"${assetTag}\" "
            fi

            # Department
            if [[ -n "${department}" ]]; then
                # UNTESTED, UNSUPPORTED "YOYO" EXAMPLE
                reconOptions+="-department \"${department}\" "
            fi

            # Output `recon` options to log
            updateScriptLog "WELCOME DIALOG: reconOptions: ${reconOptions}"

            ###
            # Display "Setup Your Mac" dialog (and capture Process ID)
            ###

            eval "${dialogSetupYourMacCMD[*]}" & sleep 0.3
            dialogSetupYourMacProcessID=$!
            ;;

        2)  # Process exit code 2 scenario here
            updateScriptLog "WELCOME DIALOG: ${loggedInUser} clicked Quit at Welcome dialog"
            completionActionOption="Quit"
            quitScript "1"
            ;;

        3)  # Process exit code 3 scenario here
            updateScriptLog "WELCOME DIALOG: ${loggedInUser} clicked infobutton"
            osascript -e "set Volume 3"
            afplay /System/Library/Sounds/Glass.aiff
            ;;

        4)  # Process exit code 4 scenario here
            updateScriptLog "WELCOME DIALOG: ${loggedInUser} allowed timer to expire"
            quitScript "1"
            ;;

        *)  # Catch all processing
            updateScriptLog "WELCOME DIALOG: Something else happened; Exit code: ${welcomeReturnCode}"
            quitScript "1"
            ;;

    esac

else

    ###
    # Display "Setup Your Mac" dialog (and capture Process ID)
    ###

    eval "${dialogSetupYourMacCMD[*]}" & sleep 0.3
    dialogSetupYourMacProcessID=$!

fi
D. Review the default Setup Your Mac configuration

The list of Jamf Pro policies to be executed is controlled by policy_array (thanks to James Smith).

First configure the setupYourMacPolicyArrayIconPrefixUrl to the fully qualified domain name of the server which hosts your icons (including any required sub-directories), then for each configuration step, specify:

  • listitem: The text to be displayed in the list
  • icon: The hash of the icon to be displayed on the left
  • progresstext: The text to be displayed below the progress bar
  • trigger: The Jamf Pro Policy Custom Event Name
  • path: The optional file path for validation
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# "Setup Your Mac" policies to execute (Thanks, Obi-@smithjw!)
#
# For each configuration step, specify:
# - listitem: The text to be displayed in the list
# - icon: The hash of the icon to be displayed on the left
#   - See: https://vimeo.com/772998915
# - progresstext: The text to be displayed below the progress bar 
# - trigger: The Jamf Pro Policy Custom Event Name
# - path: The filepath for validation
#
# shellcheck disable=1112
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# The fully qualified domain name of the server which hosts your icons, including any required sub-directories
setupYourMacPolicyArrayIconPrefixUrl="https://ics.services.jamfcloud.com/icon/hash_"

policy_array=('
{
    "steps": [
        {
            "listitem": "FileVault Disk Encryption",
            "icon": "f9ba35bd55488783456d64ec73372f029560531ca10dfa0e8154a46d7732b913",
            "progresstext": "FileVault is built-in to macOS and provides full-disk encryption to help prevent unauthorized access to your Mac.",
            "trigger_list": [
                {
                    "trigger": "filevault",
                    "path": "/Library/Preferences/com.apple.fdesetup.plist"
                }
            ]
        },
        {
            "listitem": "Sophos Endpoint",
            "icon": "c70f1acf8c96b99568fec83e165d2a534d111b0510fb561a283d32aa5b01c60c",
            "progresstext": "You’ll enjoy next-gen protection with Sophos Endpoint which doesn’t rely on signatures to catch malware.",
            "trigger_list": [
                {
                    "trigger": "sophosEndpoint",
                    "path": "/Applications/Sophos/Sophos Endpoint.app/Contents/Info.plist"
                }
            ]
        },
        {
            "listitem": "Palo Alto GlobalProtect",
            "icon": "fcccf5d72ad9a4f6d3a4d780dcd8385378a0a8fd18e8c33ad32326f5bd53cca0",
            "progresstext": "Use Palo Alto GlobalProtect to establish a Virtual Private Network (VPN) connection to Church headquarters.",
            "trigger_list": [
                {
                    "trigger": "globalProtect",
                    "path": "/Applications/GlobalProtect.app/Contents/Info.plist"
                }
            ]
        },
        {
            "listitem": "Microsoft Teams",
            "icon": "dcb65709dba6cffa90a5eeaa54cb548d5ecc3b051f39feadd39e02744f37c19e",
            "progresstext": "Microsoft Teams is a hub for teamwork in Office 365. Keep all your team’s chats, meetings and files together in one place.",
            "trigger_list": [
                {
                    "trigger": "microsoftTeams",
                    "path": "/Applications/Microsoft Teams.app/Contents/Info.plist"
                }
            ]
        },
        {
            "listitem": "Zoom",
            "icon": "be66420495a3f2f1981a49a0e0ad31783e9a789e835b4196af60554bf4c115ac",
            "progresstext": "Zoom is a videotelephony software program developed by Zoom Video Communications.",
            "trigger_list": [
                {
                    "trigger": "zoom",
                    "path": "/Applications/zoom.us.app/Contents/Info.plist"
                }
            ]
        },
        {
            "listitem": "Google Chrome",
            "icon": "12d3d198f40ab2ac237cff3b5cb05b09f7f26966d6dffba780e4d4e5325cc701",
            "progresstext": "Google Chrome is a browser that combines a minimal design with sophisticated technology to make the Web faster.",
            "trigger_list": [
                {
                    "trigger": "googleChrome",
                    "path": "/Applications/Google Chrome.app/Contents/Info.plist"
                }
            ]
        },
        {
            "listitem": "Final Configuration",
            "icon": "00d7c19b984222630f20b6821425c3548e4b5094ecd846b03bde0994aaf08826",
            "progresstext": "Finalizing Configuration …",
            "trigger_list": [
                {
                    "trigger": "finalConfiguration",
                    "path": ""
                },
                {
                    "trigger": "reconAtReboot",
                    "path": ""
                }
            ]
        },
        {
            "listitem": "Computer Inventory",
            "icon": "90958d0e1f8f8287a86a1198d21cded84eeea44886df2b3357d909fe2e6f1296",
            "progresstext": "A listing of your Mac’s apps and settings — its inventory — is sent automatically to the Jamf Pro server daily.",
            "trigger_list": [
                {
                    "trigger": "recon",
                    "path": ""
                }
            ]
        }
    ]
}
')

Hats off to James Smith for the excellent swiftEnrolment; thanks, Obi-@smithjw!

E. Customize the Setup Your Mac script

After adding Custom Events to your Jamf Pro Policies as required, use your favorite editor to modify ~/Downloads/Setup-Your-Mac-via-Dialog-reference.bash for your environment:

  1. “Welcome” dialog
    1. “Welcome” dialog Title, Message and Icon
    2. “Welcome” JSON
      • Note: Due to the variables included in welcomeJSON, external validation will most likely fail
  2. “Setup Your Mac” dialog
    1. “Setup Your Mac” dialog Title, Message, Overlay Icon and Icon
    2. “Setup Your Mac” dialog Settings and Features
    3. “Setup Your Mac” policies to execute
      1. setupYourMacPolicyArrayIconPrefixUrl (i.e., the fully qualified domain name of the server which hosts your icons, including any required sub-directories)
      2. policy_array
        • listitem: The text to be displayed in the list
        • icon: The hash of the icon to be displayed on the left
        • progresstext: The text to be displayed below the progress bar
        • trigger: The Jamf Pro Policy Custom Event Name
        • path: The optional file path for validation
        • Note: You can validate the JSON by copying everything between the beginning and ending curly braces { … } and pasting at jsonlint.com
  3. “Failure” dialog
    • “Failure” dialog Title, Message and Icon
    • “Failure” dialog Settings and Features
  4. finalise function
    • dialogUpdateSetupYourMac "title: Sorry ${loggedInUserFirstname}, something went sideways"
    • dialogUpdateFailure "message: A failure has been detected, ${loggedInUserFirstname}.
F. Add your customized Setup Your Mac script to your Jamf Pro server
  1. Add your customized script to your Jamf Pro server
  2. Specify the following for Options > Parameter Labels
    • Parameter 4: Script Log Location [ /var/tmp/org.churchofjesuschrist.log ]
    • Parameter 5: Debug Mode [ true (default) | false ]
    • Parameter 6: Welcome dialog [ true (default) | false ]
    • Parameter 7: Completion Action [ wait | sleep (with seconds) | Shut Down | Shut Down Attended | Shut Down Confirm | Restart | Restart Attended (default) | Restart Confirm | Log Out | Log Out Attended | Log Out Confirm ]
  3. Click Save
Setup Your Mac (1.5.0) Script Parameter Labels

Completion Actions

In addition to the previous wait and sleep options, Setup Your Mac (1.4.0) introduced the following Completion Action options:

Log OutRestartShut Down
 User is forcibly logged outComputer is forcibly restartedComputer is forcibly shut down
AttendedUser is forcibly logged out, after interacting with Setup Your Mac dialogsComputer is forcibly restarted, after user interacts with Setup Your Mac dialogsComputer is forcibly shut down, after user interacts with Setup Your Mac dialogs
ConfirmUser is prompted to Log Out via the dismissible, built-in macOS dialog boxUser is prompted to Restart via the dismissible, built-in macOS dialog boxUser is prompted to Shut Down via the dismissible, built-in macOS dialog box

Dynamic Button Label & Progress Text

Additionally, the label for the default button, button1text, and the message below the progress bar, progresstext, are dynamically updated based on the specified Completion Action:

Setup Your Mac dialogFailure dialog
SuccessfulFailure
Shut DownShutting Down …Continue …Shut Down
Shut Down AttendedShut Down
Shut Down Confirm
RestartRestarting …Restart
Restart AttendedRestart
Restart Confirm
Log OutLogging Out …Log Out
Log Out AttendedLog Out
Log Out Confirm

(Thanks for the thorough testing and suggestions, @iDrewbs!)

G. Create a Jamf Pro Policy to Setup Your Mac
Setup Your Mac (1.5.0) Jamf Pro Policy Overview
  1. Create a new Jamf Pro Policy, using the following as a guide for Options > General:
    • Set Display Name to Enrollment: @Setup Your Mac (1.5.0)
    • Set Execution Frequency to Ongoing
  2. Select the Scripts payload and add your customized _Setup Your Mac via swiftDialog (1.5.0) script, specifying the following Parameter Values
    • Script Log Location: /var/log/com.company.log
    • Debug Mode: true
    • Welcome dialog: true
    • Completion Action: Restart Attended
Setup Your Mac (1.5.0) Jamf Pro Policy Script Payload
  1. Specify Scope as desired
    • Targets: All Computers
    • Limitations: No Limitations
    • Exclusions:
      • All Jamf Pro Compliant Computers
      • macOS 10.15.Catalina and earlier
      • Setup Your Mac: Complete
  2. Use the following for Self Service
    • Self Service Display Name: Setup Your Mac (1.5.0)
    • Button Name Before Initiation: Setup
    • Button Name After Initiation: Setup
    • Icon: Setup Your Mac icon (download)
    • Description:
## Welcome to your new Mac!
  
Please click **Setup** to apply Church settings to your Mac. (Once completed, you'll be prompted to restart your Mac.)
  
Use this app, the **Workforce App Store**, to install your Church-assigned software and to configure your Mac.
    
**FileVault** is built-in to macOS and provides full-disk encryption using XTS-AES-128 encryption with a 256-bit key to help prevent unauthorized access to the information on your startup disk.
  
You'll enjoy next-gen protection with **Sophos Endpoint** which doesn’t rely on signatures to catch malware and means it catches zero-day threats without adversely affecting the performance of your device. You'll be protected before exploits even arrive.
  
Use **Palo Alto GlobalProtect** to establish a Virtual Private Network (VPN) connection to Church headquarters.
  
**Microsoft Teams** is a hub for teamwork in Office 365. Keep all your team’s chats, meetings, files, and apps together in one place.
  
**Zoom** is a videotelephony software program developed by Zoom Video Communications.
  
**Google Chrome** is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
  
**Pro Tip:** By default, the listing of your computer's currently installed apps and system settings — its inventory — is automatically sent to the Jamf Pro server daily.
Setup Your Mac (1.5.0) Jamf Pro Policy Self Service Configuration
  1. Click Save

With Inspiration and Code from

Invaluable Testing Feedback by

Support & Feature Requests

Please submit support and feature requests on GitHub.

Note: While all requests are welcome, finding available cycles to custom-code features we won’t use in our production environment is always challenging.

“YOYO” Code

To the best of my recollection, this is the first time I’ve publicly posted code which I consider to be knowingly incomplete and not fully untested (for the simple reason that we don’t need the additional input fields included in version 1.5.0 in our environment).

The code blocks include the following comment:

# UNTESTED, UNSUPPORTED "YOYO" EXAMPLE

While I have no problem telling any of our children “you’re on your own” for dinners on Friday nights — Date Night — for some reason, I can’t seem to do the same with my code (perhaps toxic perfectionism).

This “mental block” prevented me from the timely implementation of much-needed features and I express appreciation to the Mac Admins community for their patience and to Graham Pugh and Armin Briegel for their sage advice.

Updates

Setup Your Mac via swiftDialog (1.5.1)

Feature History

1.5.1 (07-Dec-2022)

  • Updates to “Pre-flight Checks”
    • Moved section to start of script
    • Added additional check for Setup Assistant (for Mac Admins using an “Enrollment Complete” trigger)

1.5.0 (28-Nov-2022)

  • 🆕 Prompt user for additional fields at Welcome dialog
    • New fields are included in a single welcomeJSON variable (thanks for all your efforts and feedback, @drtaru and @iDrewbs!)
    • Dynamic reconOptions based on user’s input at Welcome dialog
    • Thanks for your patience, @remusache, @midiman1000, @erikmadams, @colorenz, @benphilware
  • 🔥 Breaking Changes 🔥 (for users of Setup Your Mac prior to 1.5.0)
    • Script Parameter Reordering (sorry; I’ll strive not to ever do this again)
      • Parameter 4: Script Log Location [ /var/tmp/org.churchofjesuschrist.log ]
      • Parameter 5: Debug Mode [ true (default) | false ]
      • Parameter 6: Welcome Screen [ true (default) | false ]
      • Parameter 7: Completion Action [ wait | sleep (with seconds) | Shut Down | Shut Down Attended | Shut Down Confirm | Restart | Restart Attended(default) | Restart Confirm | Log Out | Log Out Attended | Log Out Confirm ]
  • Miscellaneous Improvements
    • Moved code blocks and variables to better reflect the Welcome > Setup Your Mac > Failure workflow
    • Random code clean-up

1.4.0 (21-Nov-2022)

  • Significantly enhanced Completion Action options
    • ✅ Addresses Issue 15 (thanks, @mvught, @riddl0rd, @iDrewbs and @master-vodawagner)
    • 🎉 Dynamically set button1text based on the value of completionActionOption (thanks, @jared-a-young)
    • 🥳 Dynamically set progresstext based on the value of completionActionOption (thanks, @iDrewbs)
    • 🆕 Three new flavors: Shut DownRestart or Log Out
      • 🚨 Forced: Zero user-interaction
        • Added brute-force killProcess "Self Service"
        • Added hack to allow Policy Logs to be shipped to Jamf Pro server
      • ⚠️ Attended: Forced, but only after user-interaction (thanks, @owainiorwerth)
        • Added hack to allow Policy Logs to be shipped to Jamf Pro server
      • 👤 Confirm: Displays built-in macOS user-dismissible dialog box
    • Sleep
    • Wait (default)
  • Improved Debug Mode behavior
    • 🐛 DEBUG MODE | now only displayed as infotext (i.e., bottom, left-hand corner)
    • completionAction informational-only with simple dialog box (thanks, @_____???)
    • Swapped blurscreen for moveable
    • General peformance increases
  • Miscellaneous Improvements
    • Removed jamfDisplayMessage function and reverted dialogCheck function to use osascript (with an enhanced error message)
    • Replaced “Installing …” with “Updating …” for recon-flavored trigger
    • Changed “Updating Inventory” to “Computer Inventory” for recon-flavored listitem
    • Changed exit code to 1 when user quits “Welcome” screen
    • Changed welcomeIcon URLs
    • Changed URL for Harvesting Self Service icons screencast (thanks, @nstrauss)

1.3.0 (09-Nov-2022)

  • Script Parameter Changes:
    • ⚠️ Parameter 4: debug mode enabled by default
    • 🆕 Parameter 7: Script Log Location
  • 🆕 Embraced drastic speed improvements in 🚅swiftDialog v2💨
  • Caffeinated script (thanks, @grahampugh!)
  • Enhanced wait exiting logic
  • Personalized dialogs
  • General script standardization

1.2.10 (05-Oct-2022)

  • Modifications for swiftDialog v2 (thanks, @bartreardon!)
    • Added I/O pause to dialog_update_setup_your_mac
    • Added list: show when displaying policy_array
    • Re-ordered Setup Your Mac progress bar commands
  • More specific logging for various dialog update functions
  • Confirm Setup Assistant complete and user at Desktop (thanks, @ehemmete!)

1.2.9 (03-Oct-2022)

  • Added setupYourMacPolicyArrayIconPrefixUrl variable (thanks for the idea, @mani2care!)
  • Removed unnecessary listitem icon updates (thanks, @bartreardon!)
  • Output swiftDialog version when running in debug mode
  • Updated URL for Zoom icon

1.2.8 (19-Sep-2022)

  • Replaced “ugly” completionAction if … then … else with “more readabale” case statement (thanks, @pyther!)
  • Updated “method for determining laptop/desktop” (thanks, @acodega and @scriptingosx!)
  • Additional tweaks discovered during internal production deployment

1.2.7 (10-Sep-2022)

1.2.6 (29-Aug-2022)

  • Adjust I/O timing (for policy_array loop)

1.2.5 (24-Aug-2022)

  • Resolves #3 (thanks, @pyther!)

1.2.4 (18-Aug-2022)

  • Swap “Installing …” and “Pending …” status indicators (thanks, @joncrain)

1.2.3 (15-Aug-2022)

  • Updates for switftDialog v1.11.2
  • Report failures in Jamf Pro Policy Triggers

1.2.2 (07-Jun-2022)

  • Added “dark mode” for logo (thanks, @mm2270)
  • Added “compact” for --liststyle

1.2.1 (01-Jun-2022)

  • Made Asset Tag Capture optional (via Jamf Pro Script Paramter 5)

1.2.0 (30-May-2022)

  • Changed --infobuttontext to --infotext
  • Added regex and regexerror for Asset Tag Capture
  • Replaced @adamcodega’s apps with @smithjw’s policy_array
  • Added progress update
  • Added filepath validation

1.1.0 (19-May-2022)

  • Added initial “Welcome Screen” with Asset Tag Capture and Debug Mode

1.0.0 (30-Apr-2022)

  • First “official” release
Posted in Device Management, Jamf Pro, macOS, Scripts, Tips & Tricks

Related Posts