update help, update readme, cleanup code

README.md

@@ -8,17 +8,17 @@ Easily migrate a computer from one Jamf server to another.
 
 
 Use ReEnroller to build a package to take a macOS device enrolled in one Jamf server and enroll it into another.
-* Ability to add (and then remove) a profile to the package.  This can help maintain a WiFi connection while migrating.
+* Ability to add (and then remove) a wifi profile to the package.  This can help maintain a WiFi connection while migrating.
 * Machine attempts to fail back to original server if enrollment in the new server fails.
 * Specify the number of attempts and interval between attempts for enrolling in the new server.
 * Can also be used for initial enrollments.
 * Enroll into a specific site.
 * Can automatically create a policy to verify enrollment in the new server.
 * Select a policy to run after a successful enrollment.
-* Deploy the package with policy or push it to an individual machine from within the app.
 
 Important: 
 
+* When deploying to machines running macOS 13+ be sure to deploy ReEnrollerNotifications.mobileconfig before the package.
 * After enrolling in the new server the user must approve the MDM profile for macOS 10.13 and above.
 * Big Sur and later that fail back to the source server will not automatically (re)install the MDM profile.
 
@@ -27,8 +27,10 @@ Important:
 Thanks @fauxserve for coming up with the idea and initial bash version.
 
 ## History
+- 2022-11-07: Add ability to suppress notifications about a background process ReEnroller installs.
+
 - 2022-02-25: Change default options for management account to not create and not hide (mdm enrollment will handle the management account).  Support bearer token authentication for API access in Jamf Pro 10.35 and later.
-- 
+
 - 2021-09-08: Fixed issue where re-enrollment would not complete.
 
 - 2021-09-05: Fixed issue where an attempt to backup/restore existing configuration profiles was done and shouldn't be.

ReEnroller.xcodeproj/project.pbxproj

@@ -367,7 +367,7 @@
 				CODE_SIGN_IDENTITY = "-";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3;
+				CURRENT_PROJECT_VERSION = 4;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_TEAM = PS2F6S478M;
 				ENABLE_HARDENED_RUNTIME = YES;
@@ -393,7 +393,7 @@
 				CODE_SIGN_IDENTITY = "-";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3;
+				CURRENT_PROJECT_VERSION = 4;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_TEAM = PS2F6S478M;
 				ENABLE_HARDENED_RUNTIME = YES;

ReEnroller/ViewController.swift

@@ -845,7 +845,6 @@ class ViewController: NSViewController, URLSessionDelegate {
                             self.unverifiedFallback()
                             exit(1)
                         } else {
-                            // Verify the enrollment
                             self.verifyNewEnrollment()
                         }
                     }
@@ -863,8 +862,12 @@ class ViewController: NSViewController, URLSessionDelegate {
                 } else {
                     self.removeMDMProfile(when: "After") {
                         (result: String) in
-                        // Verify the enrollment
-                        self.verifyNewEnrollment()
+                        if ( result != "After - failed" ) {
+                            self.verifyNewEnrollment()
+                        } else {
+                            self.unverifiedFallback()
+                            exit(1)
+                        }
                     }
                 }
             }
@@ -1683,7 +1686,7 @@ class ViewController: NSViewController, URLSessionDelegate {
 
         WriteToLog().message(theMessage: "\(message)")
         if message != "" {
-            WriteToLog().message(theMessage: "profile list: \n\(String(describing: profileList))")
+            WriteToLog().message(theMessage: "Found existing MDM profile")
         }
 
         let mdmCount = Int(profileList.trimmingCharacters(in: .whitespacesAndNewlines))!

ReEnroller/help/help.html

@@ -150,6 +150,7 @@ <h1 id="Heading1">ReEnroller</h1></div>
 <div id="main_body" style="position:relative;">
 <div style="font-family:Arial;font-size:13px;line-height:15px;color:#000000;">
     <div>Use the ReEnroller app to generate a custom Quickadd package for your clients to (re)enroll the Mac.  Packages can be created to help migrate from one server to another or perform an initial enrollment.  The process, if successful, will enroll the machine into the new Jamf Pro server so that policies can be run.  To enable MDM functionality additional steps are required.</div>
+    <div><strong>Important:</strong> If deploying the package to macOS 13+ be sure to deploy the ReEnrollerNotification.mobileconf before deploying the package to suppress unwanted notifications.</div>
 <ul style="margin-left:17px;line-height: 1.4;">
     <li>Enter the URL and Jamf administrator credentials, or an account with at least enrollment privileges, for the new Jamf server.</li>
     <li>If you wish to retain the existing management account and the password enter those credentials.&nbsp; If you wish to change the management account and or password, or wish to use a random password a new management account must be entered.&nbsp; This must be an account not currently on the machine, it will be created during (re)enrollment.&nbsp;&nbsp; </li>
@@ -160,8 +161,11 @@ <h1 id="Heading1">ReEnroller</h1></div>
     <li>To automatically create the policy used on the destination server to verity enrollment check the 'Create Migration Complete policy' box.</li>
     <li>If APNs is not being used on the destination server, or you wish to skip the APNs test for some other reason, check the box 'Skip MDM verification'.</li>
     <li>If you'd like to run a specific policy after migration has been verified and recon is complete select the option to do so.  Be sure to use the correct policy id from the policy on the destination server.</li>
+    <li>If calling device enrollment be sure the devicd has been assigned to a prestage in the new environment.</li>
+    <li>You can mark the machine as migrated by updating an attribute in the device record in the old server.</li>
+    <li>Select when to remove the MDM profile installed by the old Jamf Pro server, or leave it on the machine to be removed later.</li>
     <li>By default the package cleans up once migration is complete.&nbsp; If you'd like to keep things in place uncheck the box for removing the ReEnroller folder.</li>
-    <li>If desired set the number of time the client will try the enrollment process in the event it fails for some reason.  Leaving the field blank will set the client to keep retrying until successful.</li>
+    <li>If desired set the number of times the client will try the enrollment process in the event it fails for some reason.  Leaving the field blank will set the client to keep retrying until successful.</li>
     <li>Set an interval for the process to retry re-enrollment (5 minutes or greater) in the event it fails, or keep the default of 30 minutes.  You are able to separate the launch daemon/postinstall script from the re-enrollment application by checking the box, 'Create Separate Package'.  With the box checked 2 packages will be created, one with the launchdaemon and postinstall script, the other with the re-enrollment application and settings.  This allows one to stage the application then deploy the launch daemon at a later date, or create a custom launch daemon, say to repair enrollments that have failed over time.</li>
     </ul>
 <div>Once everything is configured click Build.</div>
@@ -388,7 +392,7 @@ <h1 id="Heading1">ReEnroller</h1></div>
 <div id="jpsImage2">
 <img src="images/mdmRemove_script.png" alt=""></div>
 </div>
-    The script could also be added to the policy that deploys the reEnrollment package. Be mindful that once the MDM profile is removed all other profiles will be removed, potentially impacting the user experience. 
+    The script could also be added to the policy that deploys the reEnrollment package, if you'd like the profile removed before the new enrollment. Be mindful that once the MDM profile is removed all other profiles will be removed, potentially impacting the user experience. 
 <div><hr></div>
 </div>
 </body>

ReEnrollerNotification.mobileconfig

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>ReEnroller Notification</string>
+			<key>PayloadIdentifier</key>
+			<string>com.apple.servicemanagement.A765458C-44D7-4CD4-9DF3-8D2AED3C42CD</string>
+			<key>PayloadType</key>
+			<string>com.apple.servicemanagement</string>
+			<key>PayloadUUID</key>
+			<string>528163DA-C612-4C3B-9734-E8D115DCAC97</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+			<key>Rules</key>
+			<array>
+				<dict>
+					<key>RuleType</key>
+					<string>Label</string>
+					<key>RuleValue</key>
+					<string>com.jamf.ReEnroller</string>
+				</dict>
+			</array>
+		</dict>
+	</array>
+	<key>PayloadDisplayName</key>
+	<string>ReEnroller Notification</string>
+	<key>PayloadIdentifier</key>
+	<string>ladmins-Virtual-Machine.924A87DB-2E8E-4576-AF93-0C768A510F10</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>5192E661-DB1F-4F9C-B6DF-CB8DE015A7EE</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>