Reset Networking and install .mobileconfig file

macdsl
New Contributor III

I'm trying to get a Self Service entry set up for my users that:
Removes a older .mobileconfig file that should no longer be used.
Installs a .mobileconfig file
Deletes 2 Wireless Networks for the user
Deletes the keychain entries for said 2 wireless Networks for the user

I have the various parts Working in ARD; but I don't know how to put it together in Casper to create a Self-Service entry.

Screenshots for: Copy .mobileconfig
Remove SSID's
Installs mobileconfig as root

I can get the .mobileconfig file installed into the JSS, that's no problem.

I'm trying to set up a Self Service Entry that a user could just click on, and all this is done for them.
Also excellent would be a pop-up afterwards saying "Now that your Wireless is reset, you have to log back on. Please select (WiFi Group) and enter your username (first.last@domain.org) and password"

My machines are all less than 1.5 years old Air's and Macbook Pro's Retina.
If you have any advice on putting this all together as a single self-service entry, it would be appreciated.

Thanks!

6658fb8ba571457bbbb86496798156bf
5827f02ae4e3452aa8ce50f49d0ceed1
9a10d3bed6ee4a079b218b9a32198c27

2 REPLIES 2

brandonusher
Contributor II

If you want to have the profile copied to the machine, rather than the JSS managing the mobileconfig profile you can do the following steps:

Prep Work:

  • Create a DMG with Composer of putting the profile in it's place
  • Create a script in the JSS for installing the profile from the /tmp/ location
  • Create a script in the JSS for removing the wireless network
  • Create an Extension attribute with a script that says whether or not the keychain has the wifi networks.
  • Create a Smart Group that is based on the extension attribute above, so if the computer has the profile installed then it's a part of the group. This will be known as the "Fixed Computers" for my purposes, but you can change the name to whatever you want
  • Create a Smart Group that is based on the extension attribute above, so if the computer is not a member of the Fixed Computers, they are in this one. This will be known as the "Unfixed Computers" for my purposes, but you can change the name to whatever you want

Setup:

  • Create a policy based on the Unfixed Computers and make it execute the script once per computer. Lay down the package you created with the new profile as well as make the after script the one to install the profile from the /tmp/ location
  • Create another policy based on the Fixed Computers and make it execute the script once per user and make it run the script to delete the settings from the keychain. See my modification below for a version of the script that can be run from the JSS and still run as the user

My Modified Script:

#!/bin/sh
loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`
sudo su $loggedInUser
<<enter the rest of your script>>

Edit: It should be noted that I wrote this up going off memory and without testing the script. I apologize ahead of time if this does not work on the first try.

bentoms
Release Candidate Programs Tester

@macdsl just a quick tip. JAMF commands/policies run as root.

So if testing via ARD run all as root.

The above screenshots you posted had some running as the user.

Also, accessing another users keychain can sometimes be problematic.