ok, I’ve got some packages built for windows based on some of the instructions in this channel. My next step is to figure out how to supply the enroll_secret at install time rather than building it into the package - is this documented somewhere?
s
seph
06/08/2020, 3:11 AM
Somewhat, part of the point of the packaging is to bundle that.
That secret is solely in a text file pointed to by the flag file. You can change it as you like. I don’t know windows well enough to have real advice for it.
seph
06/08/2020, 3:12 AM
I’m curious what drives the need for doing enroll secret at install time?
h
hilt
06/08/2020, 3:13 AM
no worries - my intent was to isolate the secret from the msi so that someone would need both to enroll
hilt
06/08/2020, 3:14 AM
it’s probably not worth it as any device will have access to the secret anyway
s
seph
06/08/2020, 3:51 AM
TBH I don’t remember if I wrote it to ship without a secret. Though it would be an easy patch. Certainly shipping an invalid secret is easy.
seph
06/08/2020, 3:52 AM
But the common use case is to enable widespread installation and enrollment. Usually any mechanism that distributes one distributes the other. (jamf, configuration management. I don’t know windows though)
h
hilt
06/08/2020, 3:53 AM
yeah that’s true…at the moment it’s not a priority - getting visibility and catching low hanging fruit is first order of things
s
seph
06/08/2020, 3:55 AM
I hope it goes smoothly. I’m always interested in hearing about windows deployment and packaging.
h
hilt
06/08/2020, 4:04 AM
I’m rolling it out to a small group and will expand it it is successful from there. Thus far it works on my test box
hilt
06/08/2020, 4:05 AM
I’m unclear as to why the build specifically needs the wix binaries in c:\wix311 tho
hilt
06/08/2020, 4:05 AM
(on the build machine)
s
seph
06/08/2020, 4:36 AM
Ha. Because that’s where the installer put them on my machine, and I never made that more clever,