Approve UAMDM and repush KEXT Profile

I recently came across a way to have our JAMF JSS resend a failed KEXT whitelist policy triggered from the client end (Retry a failed Profile from a client).  At that point I wasn’t sure how I wanted to deploy it during our provisioning process.  I now have a plan to prompt for UAMDM approval and then automatically resend the KEXT profile.

#!/bin/bash#!/bin/bash
while ! $(profiles status -type enrollment | grep -q "User Approved"); do 
 open /System/Library/PreferencePanes/Profiles.prefPane
 sleep 10
done
curl -sku "$apiuser":"$apipass" -H "Content-Type: application/xml" -d "<os_x_configuration_profile><general><redeploy_on_update>Newly Assigned</redeploy_on_update></general></os_x_configuration_profile>" "$jssurl"/JSSResource/osxconfigurationprofiles/id/$id -X PUT

You will need to supply the username, password, url, and the id number of your Kext profile in your script.

I install this script as a login-once action for Outset.  When the user or tech provisioning the Mac signs in after JAMF Imaging is complete, they will see warnings for unapproved kernel extensions.Screen Shot 2018-03-27 at 9.42.45 AM.png

But once the script runs, System Preferences will open to the Profiles pane and keep opening if the user closes it.  Once they approve the MDM Profile, the script triggers the JSS to resend the KEXT profile, which some applications notice immediately.Screen Shot 2018-03-27 at 9.44.22 AM.png

I may add a JAMF helper dialog explaining what to do and will probably add an OS version check as the profiles status line only works in 10.13.4 and above.

Thanks to Rich Trouton for a method to check for UAMDM.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s