Since our SCCM server got updated, the old sccm mac client won't working anymore ( needs to support El Caption), and our certificate expired as well…so basically I have to uninstall the old sccm mac client, and remove the old certificate. and then re-install the new mac sccm client and do the sccm enrollment to generate the certificate again.
At this time we already have Casper, so I just use a single shell script to do this task. here is the script:
#!/bin/sh
# Download & Extract Installation Files
cd /tmp
curl -LOk http://abc.com/downloads/sccm-mac.zip
sudo unzip -o sccm-mac.zip# Uninstall current SCCM agent
sudo ./tools/CMUninstall -c# Delete current SCCM certificates
security find-certificate -c “SCCM” -a -Z | sudo awk ‘/SHA-1/{system(“security delete-certificate -Z “$NF)}'# Install Mac SCCM Client
sudo installer -package /tmp/CMClient.pkg -target /# SCCM Enrollment
/usr/bin/expect << EOFset timeout 60
spawn /tmp/tools/CMEnroll -s abc.com -ignorecertchainvalidation -u domain_name\\\username
expect “Please enter your password.”
send raw_password
expect “Successfully enrolled.”EOF
# Delete All the temp files
sudo rm -rf tools
sudo rm -f sccm-mac.zip
sudo rm -f enroll.sh
sudo rm -f CMClient.pkg
A few points:
1. To use expect script inside a shell script, there are a few ways to do it, I just use this format:
/usr/bin/expect << EOF
spawn
expect
send
EOF
2. Inside the expect script, if you want to do the escape for the domain username, the format should be domain_name\\\username
3. If you want to enable debug mode in expect script, just add -d in the end, such as “/usr/bin/expect -d <<EOF”
4. wget is not installed by default on Macs, however we can use curl, and to download the zip file, use curl -LOk
5. To complete unisntall sccm mac client, use -c switch.