“Setup Your Mac aims to simplify initial device configuration by leveraging swiftDialog and Jamf Pro Policy Custom Events to allow end-users to self-complete Mac setup post-enrollment”

IMPORTANT: Please follow the latest update in this series by using this link: https://techitout.xyz/ade-sym/

Dan Snelson has used Bart R’s swiftDialog to create the next evolution in notifying end-users about current progress while their Mac gets its initial configuration. Huge shoutout and thanks to Bart and Dan for all their contributions to the community! In the past, DEPNotify was incredibly useful here. It consisted of installing an app on the computer (DEPNotify) then using a script to show a GUI to the end-user and custom policy triggers in Jamf Pro to install certain items on the computer before the user is able to use the computer. As of this writing, the current version of DEPNotify is 1.1.6 which was released 2 years ago. Since there is no on-going development of DEPNotify, I was looking for something else to replace it. That’s where Setup Your Mac comes into play. When I first saw Dan’s posts about it, I loved how the interface looked to the end user, what information could be collected by the program, the validation for policies, and the fact that I could use swiftDialog for more than just Setup Your Mac.

Dan’s initial use for Setup Your Mac involves the end-user opening Self Service and running the policy to become compliant within his organization. This is a great option, but I was looking to replace DEPNotify with my Automated Device Enrollments. What I came up with was a hybrid of how DEPNotify was being used and how Setup Your Mac was being used. I’ll post everything here that you will need in order to get the same setup for your automatic enrollments.

To get started, we will need to get the following:
– The latest version of swiftDialog (https://github.com/bartreardon/swiftDialog/releases/)
– The latest version of Dan’s Setup Your Mac script (https://github.com/dan-snelson/dialog-scripts/tree/main/Setup%20Your%20Mac)
– The Jamf Composer application

Creating a Signed Certificate

In order to install a package in the Prestage, the package must be signed. Use the following steps to create a signed package:

• On your Mac, open Keychain Access
• Go to the Keychain Access menu, choose Certificate Assistant, then choose Request a Certificate From a Certificate Authority…

• In the Certificate Information window, for User Email Address, enter an organizational email address.
• In the Common Name field, enter your organization’s name
• Select ‘Saved to disk’
• Click Continue

• Choose a destination to save to, then click Save.
• In the Conclusion message, click Done. A private key is automatically generated and saved in your login keychain.

• Locate the file that you created, control-click it, then choose to Open With Text Editor.

• Copy the entire content of the file. We will be supplying this to Jamf Pro to create our certificate.

• Now, navigate to your Jamf Pro Server > Settings > Global > PKI Certificates

• Click Management Certificate Template, then click Create Certificate from CSR

• Paste in your value into the CSR field, change the certificate type to Web Server Certificate, then click Create

• The signed certificate will be downloaded to your browser’s default location. Once you have the download signed certificate, you can close your browser.
• In Finder, find the location of the newly signed certificate. Open the .pem file.

• If prompted to add the certificate to a keychain, select your login keychain, then click Add.
• In Keychain Access toolbar at the top, click My Certificates. To confirm that the certificate you just imported is displayed with the private key, select the certificate and click the disclosure triangle. At this point your Mac is the only place where your private key is stored.

• If your certificate does not show trusted, double click the certificate, click the disclosure triangle next to Trust, click the menu next to “When using this certificate” and choose “Always Trust”

Use Composer to create a signed package

Now that you have a signing certificate in your Keychain, you can use that certificate to sign packages that can be installed in your Prestage.

• Open Composer
• Enter your login password if necessary
• If Composer displays the Snapshot dialog, click Cancel
• From the Composer menu at the top of the screen, choose Preferences.
• Click the checkbox for “Sign with”
• Click the menu and choose the appropriate certificate, click Save

• Download the latest swiftDialog installer from: (https://github.com/bartreardon/swiftDialog/releases/
• Open terminal, then create a folder for the installer using the following command:

sudo mkdir -p /usr/local/swiftdialog-with-installers

• Open the folder you just created, you can do this in Terminal using:

open /usr/local/swiftdialog-with-installers

• Drag the swiftDialog installer package that downloaded to the /usr/local/swiftdialog-with-installers folder (optionally, rename the package to swiftDialog.pkg)
• Open the /usr/local folder, drag the /usr/local/swiftdialog-with-installers folder to the Sources section of Composer. Be sure to drag the folder, not just the package inside the folder.
• In the main window of Composer, select the usr folder
• Click the disclosure triangle for the usr folder
• Click the disclosure triangle for the local folder
• Click the disclosure triangle for the swiftdialog-with-installers folder
• Confirm that the swiftDialog installer package is visible.

• Select the usr folder
• Click the Action menu and choose Apply Owner and Group to user and All Enclosed Items

• In the Sources section of Composer, click the disclosure triangle for the package.

• Right-click the Scripts folder then choose Add Shell Script, then choose postinstall

• In the left side of Composer, select the postinstall script

• In your browser, open https://github.com/robjschroeder/SetupYourMac/blob/main/postinstall-for-Composer-for-swiftDialog.zsh
• Click Raw, and copy the contents of the script. Paste over the current contents in the Composer postinstall script.

• Choose File > Save (or press Command-S)
• In the Sources section of Composer, select the package
• In the Composer toolbar, click “Build as PKG”
• Choose a location to save the pkg, click Save.
• In order to sign your package, Composer needs access to your private key. At each prompt enter your login password and click Allow.
• Quit Composer.

Upload the package to Jamf Pro

• Log into Jamf Pro and navigate to Settings > Computer Management > Packages

• Click New
• Click Choose File
• Select the pkg that you just created, click Choose
• Assign the package to a category, edit the Info and Notes if you’d like
• Click Save

Modify your PreStage

• Log into Jamf Pro and navigate to Computers > PreStage Enrollments
• Select the PreStage that you would like to add this workflow to
• Click Edit
• Click on the Packages payload, Click the + button
• Choose the package that you created and uploaded to Jamf Pro
• Select your distribution point, then click Save.

Add the Setup Your Mac script/policy to Jamf Pro

• Log into Jamf Pro, navigate to Settings > Computer Management > Scripts
• Click New
• Give the script a display name, then click on the Script tab

• Copy the script from: https://github.com/dan-snelson/dialog-scripts/blob/main/Setup%20Your%20Mac/Setup-Your-Mac-via-Dialog.bash and paste into your script contents

• You will need to modify the Setup Your Mac script to fit your needs, including which array of policies you would like ran and what you would like displayed to your end-users.
• Now you will need to create a policy that will run the Setup Your Mac script. Navigate to Jamf Pro > Computers > Policies, then click New
• Configure the following:
  • Display Name: Enrollment – Setup Your Mac
  • Add the policy to a category
  • Select ‘Custom Trigger’ as the trigger and use: swiftDialogStart
  • Execution Frequency can be set to Ongoing
  • Add a Script payload and add the Setup Your Mac script

Now you have an Automated Device Enrollment workflow that uses Set Up Your Mac by Dan S. When a computer runs through your PreStage, your enrollment package will install swiftDialog and the postinstall script will get everything set up and will call our enrollment policy in Jamf Pro using the custom trigger swiftDialogStart.

You will also need to create a clean up policy that is called via a custom trigger inside your Set Up Your Mac policy array. This policy will aid in removing all the temporary files created by the postinstall script in your enrollment package. If there is no clean up, it is possible for your users to be hit with the Set Up Your Mac screen again after they reboot. To set up a new policy for clean up, configure a new policy like:

Name: Cleanup swiftDialog Installers
Trigger: Custom Trigger: cleanup-swiftdialog-preinstaller
Scope: All Computers
Frequency: Once per Computer
Files and Processes settings:
Execute Command: Whatever your $uninstallerScriptPath is set to.

Thanks for checking it out!

To learn more about Set Up Your Mac, visit Dan’s page at: https://snelson.us/2023/01/setup-your-mac-via-swiftdialog-1-6-0/ and the #setup-your-mac channel on MacAdmins slack.