Jamf School Management System version 7.0 adds support for Scripting. This feature enables custom Bash and AppleScript scripts to run on macOS devices enrolled in your Jamf School environment.
Requires version 10.13.6 of higher of macOS to install the Scripting App
Disclaimer: This is an advanced feature, it is possible to create scripts that can break macOS. We are not responsible for any loss of (user) data from use of terminal commands and scripts.
Setting up Jamf School Scripting requires almost no effort, and it can be enabled from Jamf School. We’ve created a new and easy way to add features to Jamf School Management System. We refer to this as a module, which can be added to the environment. Simply navigate to Organisation -> Settings, and add the new Scripting module. Once added, a new Scripts item will appear in the left menu. Jamf School will handle the rest, this included installing the required Scripting package to macOS devices, as well as any Profiles needed. Jamf School will also handle the updating of Jamf School Scripting.
How it works:
Once you've enabled Jamf School Scripting for the environment, a couple of things automatically happen.
First, each enrolled macOS device receives a new certificate (com.zuludesk.scripting) on the device, which is used by Jamf School to encrypt and securely send scripts to devices without the end user being able to see the script contents.
Second, a package is pushed to the device which will setup and install the required programs and files for scripts to be run on the macOS device, and report the results of the script back to the ZMS.
The core contents of the package are:
- com.zuludesk.scriptmanager: a process which recieves new scripts and sorts when and how to run them. Only one of these processes should be running at a time.
- com.zuludesk.script: a process which runs the script and reports the results back to the ZMS. Each active script that is running will have it's own process.
- com.zuludesk.scripting.plist: a file which informs the OS to start running the com.zuludesk.scriptmanager process.
- ZDScripts.db: a database used by com.zuludesk.scriptmanager to determine what needs to run, updated, and deleted.
Additionally, the following directories are created on the system:
- /Library/Application Support/Jamf School Scripting
- /Library/Application Support/Jamf School
Once Jamf School has detected that Jamf School Scripting has been installed, scripts can start to be pushed to the device.
Creating and managing Scripts in Jamf School:
Once Scripting has been enabled you will see a new option in Jamf School left menu bar, called Scripts.
When you click on Scripts you will be taken to the Scripts overview page. Here you will see your scripts, with additional information such as the number of scoped devices.
Here you can:
- Delete an existing script by pressing the trash can icon at the end of the row.
- Edit an existing script by clicking on it's name in the row (highlighted in blue).
- Create a new script by pressing the blue "Create new script" button in the top right.
Next let's have a look at creating a new script.
Creating a new script:
Creating a script is fairly straight forward, we will quickly go over the basic fields, and then step a little deeper into the "On a schedule" setting.
- Name*: the title of your script
- Type: which kind of script you wish you run on the device.
- Description: a way to provide more information about what a script does.
- When to run: this lets the device know when the script should be carried out on the device.
- Never: The script will not run.
- Just once: The script will only run the current version once.
- When a user logs in: Every time a user logs in, the script will run. Additionally, if the user is already logged in when the script is pushed to the device, it will also run.
- When a user logs out: Every time a user logs out, the script will run. Additionally, if the user is already logged out when the script is pushed to the device, it will also run.
- On a schedule: Run scripts based on a given time, daily, or day of the week. Will run each time the requirement is met.
- Content*: The actual script that you would like to run on the device. Don't be shy, the textbox can take it.
Example of the "On a schedule" setting:
The following configuration will run the script:
- Every 30 minutes of the hour.
- Every day at midnight.
- Every Saturday at 05:00.
Pushing your script to devices:
If you are familiar with scoping apps, documents, or profiles in Jamf School, then this part will be a piece of cake. As you would setup scopes for those sections, you do the same for scripts. Simply click on one of the big plus signs in an empty box to add a new group to scope, select the group, and that's it:
You can preview which devices are in scope at the bottom of the page. Once you are happy with the results, press Save. The script will be saved and pushed to the selected scoped devices.
Viewing the script results:
Of course when running a script, especially when testing, you want to see the results of the script. You can do this for each script on each device. On the script details page (as shown above), find the device you are looking for in the scoping preview, and press the monitor icon at the end of the row. You will be presented with a window and display the results of the scripts, as well as the time of its execution.
How to remove Jamf School Scripting from a device:
To remove the scripting processes and files from a device, we've created an uninstaller which can be run on the device. The uninstaller will stop all scheduled scripts which where placed via Scripting, and cleanup all Scripting related process and files.
To successfully remove all Scripting files, the uninstaller must be ran by root.
Please note that the uninstaller cannot remove the com.zuludesk.scripting certificate from the device. However it will have no impact on the user or device if it remains.