Meraki

PaulF · ‎Jun 29 2021

I know that there's many of you that have workflows that involve the manual install of the SM agents on macOS, such as Silent installer for MacOS

However, with the changes in the SM agent 3.1.0 and above, instead of being able to do silent installs, you know have to specify your enrollment code manually, as per Mac Enrollment - Command Line Options

You can optionally specify the network enrollment code / string with the following command:

sudo launchctl unsetenv enrollment_code && sudo launchctl unsetenv organization_id && sudo launchctl setenv enrollment_code <network enrollment code or enrollment string> && sudo installer -pkg <path/to/package.pkg> -target / && sudo launchctl unsetenv enrollment_code && sudo launchctl unsetenv organization_id

There's two optional parameters here:

<network enrollment code or enrollment string> : This is the enrollment code that's quoted in Systems Manager > Add Devices, or Network Wide > General

<path/to/package.pkg> : This is the path to the SM agent installer

This is, understandably, unwieldy, primarily due to not being able to pass parameters to installers in macOS.

However, there is an alternative: You can actually build an installer that allows you for silent enrollments, and this is how

1. Download the Current SM Agent Installer

From Systems Manager > Add devices > macOS, download the SM agent

2. Create a new folder on your Desktop: SMAgent3.1.1 (for example)

3. Open Terminal and type the following

cd ~/Desktop/SMAgent3.1.1

mkdir Scripts

cd Scripts

touch postinstall

chmod a+x postinstall

cd ..

mkdir Content

cd Content

open .

This last command will open the Content directory

Move the previously download SM agent into here and rename it SMAgent.3.1.1.pkg

Go back to terminal and type

cd ..

cd Scripts

open .

This will open the Scripts directory in Finder.

4. Edit postinstall

With a suitable text editor, open the postinstall file and type:

#!/bin/bash

sudo launchctl unsetenv enrollment_code && sudo launchctl unsetenv organization_id && sudo launchctl setenv enrollment_code XXXX-XXXX-XXXX && sudo installer -pkg /tmp/SMAgent-3.1.1.pkg -target / && sudo launchctl unsetenv enrollment_code && sudo launchctl unsetenv organization_id

NOTE: Replace XXXX-XXXX-XXXX with the network enrollment code or string

Save this file

5. Create installer

Go back to Terminal and type:

cd ..

sudo pkgbuild --identifier com.meraki.smautoenroll --root Content --script Scripts --install-location /tmp com.meraki.SMAgent3.1.1-autoenroll.pkg

This should result in:

paulf@Paul-F-MBP-680 SM3.1.1pkg % sudo pkgbuild --identifier com.meraki.smautoenroll --root Content --script Scripts --install-location /tmp com.meraki.SMAgent3.1.1-autoenroll.pkg

Password:

pkgbuild: Inferring bundle components from contents of Content

pkgbuild: Adding top-level postinstall script

pkgbuild: Wrote package to com.meraki.SMAgent3.1.1-autoenroll.pkg

You should now have an installer that will silently install the SM agent without prompts!

ConnorL · ‎Jun 30 2021

This is brilliant, thank you @PaulF for sharing!

AdamT2

Hi @PaulF
Does this still work with the newer versions? It is now a .app files not .pkg

PaulF

You shouldn't need to do the above:

https://documentation.meraki.com/SM/Device_Enrollment/Systems_Manager_Agent_and_MDM_Profile_Enrollme...

AdamT2

How would we silently enroll an MDM profile or the agent now that it is an app rather than a package if we are using a 3rd party MDM? Such as either Jamf or Jumpcloud?