Prerequisites
- The targeted machines should be enrolled in JAMF with the ability to manage Policies and Configuration Profiles.
- A Mac with a manually installed Agent is required to obtain baseline information.
Creating an Agent Installation Package
A separate Package is required for each version of the Mac Agent. Subsequent sections must correspond to the version of the Agent used in the installation package.
To create an Agent Installation Package:
- Log into JAMF Pro application.
- Click on Settings
from the top-right corner.
- The Settings page is displayed.
3. Select the Computer management tab and click on Packages.
4. Click New.
5. Provide the package’s Display Name.
6. Select the package’s Category.
7. Browse and select the required Agent PKG file for the Filename field.
Note: The remaining fields are optional and can be configured based on the user’s requirements.
8. Click Save.
Creating an Agent Uninstallation Script
The script mentioned in this section should be compatible with all versions of the Mac Agent.
To create an Agent Uninstallation Script:
- Log into JAMF Pro application.
- Click on Settings
from the top-right corner.
- The Settings page is displayed.
3. Select the Computer management tab and click on Scripts.
4. Click on New.
- The New Script page is displayed.
5. Provide the script’s Display Name.
6. Select the package’s Category.
7. Select the Script tab.
8. Select the Shell/Bash option for the Mode field.
9. Copy and paste the below provided script in the text area:
#!/bin/bash DATE=`date +%Y-%m-%d` TIME=`date +%H:%M:%S` LOG_PREFIX="[$DATE $TIME]" LOG_FILE=~/Library/Logs/AccessDataAgentUninstall.log log_info() { echo "${LOG_PREFIX} [INFO]" $1 >> $LOG_FILE } log_error() { echo "${LOG_PREFIX} [ERROR]" $1 >> $LOG_FILE } if (( $EUID != 0 )); then log_error "Script was not run as root. Exiting." exit fi PRODUCT=AccessDataAgent InstalledAgents=($(pkgutil --packages | grep $PRODUCT)) for i in "${InstalledAgents[@]}" do VERSION=$(pkgutil --pkg-info $i | grep version | cut -d ' ' -f 2 ) log_info "Removing $PRODUCT $VERSION" find "/usr/local/bin/" -name "$PRODUCT-$VERSION" | xargs rm if [ $? -eq 0 ] then log_info "Successfully deleted shortcut links" else log_error "Could not delete shortcut links" fi pkgutil --forget "org.$PRODUCT.$VERSION" > /dev/null 2>&1 if [ $? -eq 0 ] then log_info "Successfully deleted application informations" else log_error "Could not delete application information" fi launchctl stop /Library/LaunchDaemons/com.adg.managedagent.plist > /dev/null 2>&1 if [ $? -eq 0 ] then log_info "Successfully stopped the Agent service" else log_error "Could not stop the Agent service" fi launchctl unload /Library/LaunchDaemons/com.adg.managedagent.plist > /dev/null 2>&1 if [ $? -eq 0 ] then log_info "Successfully unloaded the Agent service" else log_error "Could not unload the Agent service" fi rm -rf "/Library/${PRODUCT}/${VERSION}" > /dev/null 2>&1 if [ $? -eq 0 ] then log_info "Successfully deleted source files" else log_error "Could not delete source files" fi done exit 0
Note: The remaining fields are optional and can be configured based on the user’s requirements.
10. Click Save.
Creating an Agent Deployment Policy
A Policy will be used to uninstall any existing Agent on a target machine and then install the specified Agent version.
To create an Agent Deployment Policy:
- Log into the JAMF Pro application.
- Click on Computers.
3. Click on Policies from the left pane.
4. Click on New.
- The New Policy page is displayed.
5. Provide a policy’s Display Name.
6. Check the Enabled option.
7. Select the policy’s Category.
8. Select the required Trigger events during when the policy should be deployed.
Note: You are recommended to select the Recurring Check-in trigger event.
9. Select the Once per computer option from the Execution Frequency dropdown.
10. Check the Automatically re-run policy on failure option.
11. Select the Packages tab from the middle pane and click on Configure.
12. Click Add against the required package.
13. Select the Install option from the Action dropdown.
14. Select the Scripts tab from the middle pane and click on Configure.
15. Click Add against the required Agent Uninstallation Script.
16. Select the Before option from the Priority dropdown.
17. No Parameters should be added.
18. Select the Scope tab and click on Add.
19. Click on Add against the required target.
20. Click Save.
If the Recurring Check-in event was selected for Trigger, the new Policy will be run on targets the next time a user checks in to the JAMF application.
Obtaining the Code Requirements
Code Requirements are needed when creating a Profile to grant the necessary permissions to deployed Agents. The following should be done on a Mac where the desired Agent release has already been installed.
To obtain the Code Requirements:
- Open Terminal.
- Execute the following command:
codesign -dr - /bin/sh
3. Copy the value displayed against the designated field. This is the Code Requirement for sh.
4. Execute the following command:
codesign -dr - /bin/zsh
5. Copy the value displayed against the designated field. This is the Code Requirement for zsh.
6. Execute the following command:
codesign -dr - /System/Applications/Utilities/Terminal.app
7. Copy the value displayed against the designated field. This is the Code Requirement for Terminal.
8. Execute the following command:
codesign -dr - /System/Applications/Utilities/Console.app
9. Copy the value displayed against the designated field. This is the Code Requirement for Console.
10. Determine the installation folder for the installed Agent
Example: /Library/AccessDataAgent/<version>/
11. Execute the following command:
codesign -dr – [AgentInstallationFolder]/ADG.Agent.IndexingService
12. Copy the value displayed against the designated field. This is the Code Requirement for ADG.Agent.IndexingService.
13. Execute the following command:
codesign -dr – [AgentInstallationFolder]/ADG.ManagedAgentSvc
14. Copy the value displayed against the designated field. This is the Code Requirement for ADG.ManagedAgentSvc.
Creating a Configuration Profile
A Configuration Profile will be used to grant the Full Disk permissions necessary for the Agent to function correctly. Any permission overrides deployed by JAMF are not visible to users in System Preferences > Security & Privacy > Full Disk Access on the target machine(s). However, the pushed profile can be seen in system Preferences > Profiles.
To create a Configuration Profile:
- Log in to JAMF Pro application.
- Click on Computers.
3. Click on Configuration Profiles from the left pane and click on New.
- The New macOS Configuration Profile page is displayed.
4. Provide the profile’s Name.
5. Provide the Description of the profile.
6. Select the profile’s Category.
7. Select the Computer Level option from the Level drop-down.
8. Select the required option for Distribution Method.
Note: You are recommended to select Install Automatically.
9. Scroll down and select the Privacy Preferences Policy Control tab from the middle pane.
10. Click Configure.
11. Create six App Access sections by clicking on the button.
12. Provide following values for the corresponding fields in each App Access sections:
Identifier | Identifier Type |
/bin/sh | Path |
/bin/zsh | Path |
com.apple.Terminal | Bundle ID |
com.apple.Console | Bundle ID |
[AgentInstallationFolder]/ADG.Agent.IndexingService | Path |
[AgentInstallationFolder]/ADG.ManagedAgentSvc | Path |
Note: The values for the Code Requirement field can be obtained by following the steps provided in the Obtaining the Code Requirements section.
13. For each App Access section, follow the below steps:
i. Click Add and select the following values for the corresponding drop-down fields:
- App or Service - SystemPolicyAllFiles
- Access – Allow
iI. Click Save.
14. Click on the Scope tab and click on Add.
15. Add the scope that includes the required target(s).
16. Click Save.
If the Install Automatically option was selected for Distribution Method, the new profile will start showing up on the targets the next time users check in to JAMF. (Refer System Preferences > Profiles).