Computer Naming earlier-on after Prestage; a computer naming at enrollment strategy

Rich Trouton just posted this article on Providing Jamf Pro computer inventory information via macOS configuration profile

This made me think this could be leveraged to name a computer very early in enrollments; so I tested by preloading my Jamf Server with a good inventory list

Jamf Inventory Preload

https://docs.jamf.com/10.28.0/jamf-pro/administrator-guide/Inventory_Preload.html

Naming a computer based on Asset Field script

as per Felix Goh. He (Felix) reports using this + Inventory preload in a Jamf policy.. to rename on enrollment, enforce on check-in to jamf. U can decide the frequency of run..

Variables required

Jamf Pro Server URL
Jamf Pro API Username
Jamf Pro API Password 

Author has a new version.
https://github.com/iMatthewCM/Jamf-Scripts/tree/master/macOSdocs.jamf.comdocs.jamf.com

setComputerName-AssetTag.sh
Script below:

#!/bin/bash
####################################################################################################
#
# THIS setComputerName-AssetTag.sh SCRIPT IS NOT AN OFFICIAL PRODUCT OF JAMF SOFTWARE
# AS SUCH IT IS PROVIDED WITHOUT WARRANTY OR SUPPORT
#
# BY USING THIS SCRIPT, YOU AGREE THAT JAMF SOFTWARE
# IS UNDER NO OBLIGATION TO SUPPORT, DEBUG, OR OTHERWISE
# MAINTAIN THIS SCRIPT
#
####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#	setComputerName-AssetTag.sh - Names computer to Asset Tag from Jamf Pro
#
####################################################################################################
#
# HISTORY
#
#	Version: 1.2
#
####################################################################################################
#
# DEFINE VARIABLES & READ IN PARAMETERS
#
####################################################################################################
server="$4" #Jamf Pro Server URL
username="$5" #Jamf Pro API Username
password="$6" #Jamf Pro API Password
####################################################################################################
# Courtesy of github dot com slash iMatthewCM
#Trim the trailing slash off if necessary
if [ $(echo "${server: -1}") == "/" ]; then
	jssURL=$(echo $server | sed 's/.$//')
fi
####################################################################################################
# Get the Serial Number
serialNumber=$(ioreg -l | grep IOPlatformSerialNumber | awk '{print $4}' | tr -d \")
echo "Serial Number is: $serialNumber"
# Get the Asset Tag from Jamf Pro
assetTag=$(curl -ksu "$username":"$password" -H "Accept: application/xml" "$server"/JSSResource/computers/serialnumber/"$serialNumber" | xmllint --xpath '/computer/general/asset_tag/text()' - )
​
if [[ "$assetTag" == "" ]]; then
	echo "Asset tag is null. Exiting."
	exit 1
fi
​
echo "Asset Tag is: $assetTag"
# Set Computer Name
/usr/sbin/scutil --set ComputerName "$assetTag"
# Set Local Host Name
/usr/sbin/scutil --set LocalHostName "$assetTag"
# Set Host Name
/usr/sbin/scutil --set HostName "$assetTag"
# Set the computer name with jamf binary (uncomment below if necessary)
# /usr/local/bin/jamf setComputerName -name "$assetTag"
# Flush DNS Cache (uncomment below if necessary)
# /usr/bin/dscacheutil -flushcache
# Recon the machine (uncomment below if necessary)
# /usr/local/bin/jamf recon

Jamf Pro User-Initiated Enrollment Settings

Management Account Creation During Computer Enrollment

When you enroll computers, you can specify a local administrator account called the “management account” that you will use to manage them. The management account can be used to perform the following tasks on the computer:

    Screen sharing

    Enable FileVault using a policy (when SecureToken is enabled on the management account)

    Add or remove users from FileVault using a policy (when SecureToken is enabled on the management account)

    Generate a personal recovery key using a policy (when SecureToken is enabled on the management account)

    Perform authenticated restarts using a policy (when SecureToken is enabled on the management account)

To enable the management account, you must enable user-initiated enrollment, and then configure the management account username and password. It is recommended that you choose the “Randomly generate passwords” option for maximum security. You can see if a computer is managed by the management account by viewing the Managed attribute field in the computer inventory information.

Link:
https://docs.jamf.com/10.28.0/jamf-pro/administrator-guide/User-Initiated_Enrollment_Settings.html

Inventory Preload – Jamf Pro Documentation | Jamf
The Inventory Preload setting allows you to upload computer and mobile device inventory data before devices are enrolled. The preloaded data will be applied to computers and mobile devices when …

Strategy, I followed these steps

1) Made sure I had a a good Inventory preload in Jamf that includes the Asset Tag field populated
2) Loaded the above script (setComputerName-AssetTag.sh)
3) Drew up a Jamf Policy: Executing – triggered Enrollment Complete a naming per asset policy enrollment
4) I loaded and scoped Rich’s Config Profile Computer Information

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *