ok, I’ve got some packages built for windows based on some of the instructions in this channel. My next step is to figure out how to supply the enroll_secret at install time rather than building it into the package - is this documented somewhere?
06/08/2020, 3:11 AM
Somewhat, part of the point of the packaging is to bundle that.
That secret is solely in a text file pointed to by the flag file. You can change it as you like. I don’t know windows well enough to have real advice for it.
I’m curious what drives the need for doing enroll secret at install time?
06/08/2020, 3:13 AM
no worries - my intent was to isolate the secret from the msi so that someone would need both to enroll
it’s probably not worth it as any device will have access to the secret anyway
06/08/2020, 3:51 AM
TBH I don’t remember if I wrote it to ship without a secret. Though it would be an easy patch. Certainly shipping an invalid secret is easy.
But the common use case is to enable widespread installation and enrollment. Usually any mechanism that distributes one distributes the other. (jamf, configuration management. I don’t know windows though)
06/08/2020, 3:53 AM
yeah that’s true…at the moment it’s not a priority - getting visibility and catching low hanging fruit is first order of things
06/08/2020, 3:55 AM
I hope it goes smoothly. I’m always interested in hearing about windows deployment and packaging.
06/08/2020, 4:04 AM
I’m rolling it out to a small group and will expand it it is successful from there. Thus far it works on my test box
I’m unclear as to why the build specifically needs the wix binaries in c:\wix311 tho
(on the build machine)
06/08/2020, 4:36 AM
Ha. Because that’s where the installer put them on my machine, and I never made that more clever,