If you are unfortunate enough to be in a position where you are required to use SCCM 2012 R2 to manage your fleet of Mac OS X devices. Then you may already be aware that the process to enroll these devices on mass is not easily automated. Unlike other management products like Casper suite, where we have a QuickAdd.pkg which we can install on the client at firstboot or through ARD or any other number of methods that require no user intervention, SCCM is a little bit different. The installer package that is provided installs the client, but it doesn’t install any of the tools required to automate the enrollment via a script for example. Previously with SCCM 2012 SP1 it had been possible to automate the enrollment process by passing the username and password on the command line to the cmenroll binary (albeit in clear text)
Now it seems that MS would rather rely on the user to enter in their AD credentials in the new ConfigMgr GUI window in order to enroll. This is obviously a problem if you have a lab of Mac’s or wish to enroll a number of machines at imaging time using DeployStudio/Casper etc etc. So in this post I will show you how I was able to create a metapackage that contains all the required files and a postflight script which can automatically enroll the device using an AD service account.
From here I will assume that you already have the macclient.dmg which should look like this:
First we need to create a package that contains our Client Tools. If you have created packages before this should be a relatively straight forward process. I used Composer and ended up with something looking like this:
We now need to create an enrollment script, or two.
I have two scripts – these are on my github check there for current versions
The first script (sccm_enrollment.sh) defines our environment variables such as server address and then passes them as arguments to our second script (expect_enrollment.sh)
#!/bin/bash ## Calum Hunter ## 12-08-2014 ## DEC NSW SCCM PoC Project ## Version 0.1 ## ## Script to enroll the Mac OS X Device into Production SCCM Environment ## Define some variables server_address="YOUR SERVER ADDRESS" sccmusername="YOUR USERNAME" sccmpassword="YOUR PASSWORD" cmenroll="/Library/Application Support/Microsoft/CCM/Tools/CMEnroll" ## Now hand off to the expect script to perform the enrollment /tmp/expect_enrollment.sh $server_address $sccmusername $sccmpassword "$cmenroll" exit 0
The second script takes these arguments and then uses the expect shell to interactively respond to the password promopt
#!/usr/bin/expect ## Calum Hunter ## 12-08-2014 ## DEC NSW SCCM PoC Project ## Version 0.1 # Grab the variables from the sccm enrollment script set server_address [lindex $argv 0]; # Get the Server Address from the sccm_enrollment script set sccmusername [lindex $argv 1]; # Get the sccmuser name form the sccm_enrollment script set sccmpassword [lindex $argv 2]; # get the sccmpassword from the sccm_enrollment script set cmenroll [lindex $argv 3]; # get the cmenroll from the sccm_enrollment script # set a generous timeout set timeout 20 ## Do the script spawn $cmenroll -s $server_address -ignorecertchainvalidation -u $sccmusername expect "Please enter your password." send $sccmpassword send \n expect "Successfully enrolled" interact exit 0
So now we have these scripts we will need to package them up. So create another package.
So now we have should have 3 packages, our CMClient.pkg from MS and our two custom packages.
I use Packages from WhiteBox to create a Distribution package that contains all of our packages and a post flight.
So create a new Distribution Package, give it a name a location and create the project
Now ensure that you put in unique identifier and give it a useful version number. Also note that the CMClient.pkg requires a restart, so we will also require a restart here.
We can skip the Payload and move across to Scripts
Drag in the 3 packages to Additional Resources
Create a postflight script that installs our packages and then runs our enrollment script.
Mine is available on my github and it looks like this
#!/bin/sh ## Calum Hunter ## DEC SCCM PoC Project ## Version 0.1 ## 13/08/2014 ## Post flight script to install the packages ## then run the enrollment scripts ## Determine working directory install_dir=`dirname $0` ## Install the packages /usr/sbin/installer -dumplog -verbose -pkg $install_dir/"CMClient.pkg" -target "$3" /usr/sbin/installer -dumplog -verbose -pkg $install_dir/"SCCM_Enrollment_Scripts.pkg" -target "$3" /usr/sbin/installer -dumplog -verbose -pkg $install_dir/"SCCM_Mac_Client_Tools.pkg" -target "$3" ## Packages are installed so now run the enrollment script /tmp/sccm_enrollment.sh exit 0
set this as your post-installation script.
Now build the package (Build menu -> Build)
You should now have a package that you can deploy using pretty much any method that will install and enroll SCCM with out any user intervention and while the machine is unattended (Loginwindow)