-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathBootstraptoken_Escrow_Fix.sh
More file actions
executable file
·87 lines (74 loc) · 2.36 KB
/
Bootstraptoken_Escrow_Fix.sh
File metadata and controls
executable file
·87 lines (74 loc) · 2.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#!/bin/zsh
# Jason Filice
# jfilice@csumb.edu
# Technology Support Services in IT
# California State University, Monterey Bay
# https://csumb.edu/it
#
# This script requires a supervised Mac managed by MDM server.
# Run it with 2 arguments:
# volume owner account
# volume owner password
#
# Use as script in Jamf JSS.
#
SCRIPTNAME=`/usr/bin/basename "$0"`
SCRIPTDIR=`/usr/bin/dirname "$0"`
# Jamf JSS Parameters 1 through 3 are predefined as mount point, computer name, and username
pathToScript=$0
mountPoint=$1
computerName=$2
userName=$3
shift 3
# Shift off the $1 $2 $3 parameters passed by the JSS so that parameter 4 is now $1
echo "pathToScript=$pathToScript"
echo "mountPoint=$mountPoint"
echo "computerName=$computerName"
echo "userName=$userName"
# ##### Debugging flags #####
# debug bash script by enabling verbose “-v” option
# set -v
# debug bash script using noexec (Test for syntaxt errors)
# set -n
# identify the unset variables while debugging bash script
# set -u
# debug bash script using xtrace
# set -x
# Add parameter validation
if [[ -z "${1}" ]] || [[ -z "${2}" ]]; then
echo "Error: Volume owner account and password are required"
exit 1
fi
# Show secure token status for additional info
/usr/sbin/sysadminctl -secureTokenStatus "${1}"
echo "Check Bootstrap Token status..."
bootstrap=$(/usr/bin/profiles status -type bootstraptoken)
echo ${bootstrap}
if [[ $bootstrap == *"supported on server: YES"* ]]; then
if [[ $bootstrap == *"escrowed to server: YES"* ]]; then
echo "Bootstrap escrowed."
echo "Updating the Bootstrap Token APFS record and escrowing to the MDM server..."
else
echo "Bootstrap not escrowed."
echo "Creating the Bootstrap Token APFS record and escrowing to the MDM server..."
fi
# Used to verify the password
# authenticate the account without actually logging into anything
# account authenticates in any way it will have a SecureToken enabled on the account
if ! /usr/bin/dscl . authonly "${1}" "${2}"; then
echo "Error: Authentication failed"
exit 1
fi
sleep 1
# Add error handling for profiles command
if ! /usr/bin/profiles install -type bootstraptoken -user "${1}" -password "${2}" -verbose; then
echo "Error: Failed to install bootstrap token"
exit 1
fi
sleep 1
/usr/bin/profiles status -type bootstraptoken
else
echo "Bootstrap token not supported on server"
result="NOT SUPPORTED"
fi
exit 0