LogMeIn is one of many apps used for gaining remote access to a computer. As with many Mac apps, LogMeIn can be installed a few different ways. But with MDM, we can install LogMeIn silently. In order to do this, you will need a Privacy Preferences Policy Control (PPPC) profile and a script. You will create a PPPC MDM Profile and use Smart Software to deploy the script.
PPPC profile
You will need to allow two items for Accessibility and one item to allow standard users to approve Screen Recording.
Log into your Addigy instance
Navigate to Catalog on the left
Click MDM Profiles
Click New in the top right
Click PPPC
Select Accessibility, click Add New and enter the following:
Identifier:
com.logmein.logmeinguiagent
Identifier Type: Bundle ID
Code Requirement:
anchor apple generic and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or anchor apple generic) and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GFNFVT632V and identifier "com.logmein.logmeinguiagent"anchor apple generic and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or anchor apple generic) and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GFNFVT632V and identifier "com.logmein.logmeinguiagent"
Click Add New again and enter the following:
Identifier:
com.logmein.logmeinserver
Identifier Type: Bundle ID
Code Requirement:
anchor apple generic and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or anchor apple generic) and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GFNFVT632V and identifier "com.logmein.logmeinserver"
Make sure that you check the Allowed box for each entry
Select Ability to Capture Screen, click Add New and enter the following:
Identifier:
com.logmein.logmeinguiagent
Identifier Type: Bundle ID
Code Requirement:
anchor apple generic and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or anchor apple generic) and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GFNFVT632V and identifier "com.logmein.logmeinguiagent"
Allowed: Let Standard Users Approve
Click Save at the bottom right
Custom Software
Click Catalog on the left and select Software
Click New on the right
Enter an appropriate name. You can set the version as well, or you can leave it as 1.0 because the script will always download the latest version.
Copy/paste the script into the Installation Command field
#!/bin/sh
############################################
# LogMeIn for Mac silent deployment script
# In order to use, you must be a subscriber of LogMeIn Central
#
# This will automatically download the latest version of LogMeIn
# You do not need to provide an installer
#
# To get a Deploy ID, log in to Central, click Deployments, then create a new one
# Customize the settings as you see fit
# The Deploy ID is part of the URL that is generated
# ex. https://secure.logmein.com/i?l=en&c=xyz
# xyz is the Deploy ID
#
# Tested on macOS 13 Ventura and deployed with Addigy
############################################
############################################
# Set the deploy ID via command line argument
#
#
DEPLOYID=1 #Change to 1 if not using Casper Suite
#
echo "Deploy ID is: $DEPLOYID"
############################################
echo "Running LogMeIn host install"
# Change working directory to /tmp
cd /tmp
# Clean up any existing LogMeIn install files first
rm -rf /tmp/LMI
# Create working folder, LMI doesn't like being in the root of /tmp
mkdir LMI
cd LMI
# Download LogMeIn Mac software
echo "Downloading LogMeIn installer"
curl -O https://secure.logmein.com/LogMeInInstallerMac.zip
# Extract the installer
echo "Unzipping LogMeIn installer"
unzip LogMeInInstallerMac.zip
# Get the versioned file name
FILE="$(ls | grep LogMeIn*.app)"
echo "File name is: $FILE"
# Write the deploy ID as an extended attribute on the install package
echo "Setting deploy ID as attribute"
xattr -w com.logmein.deployid $DEPLOYID "$FILE"
echo "Reading deploy ID attribute to confirm"
xattr -p com.logmein.deployid "$FILE"
# Run the silent install
echo "Running the LogMeIn installer"
./"$FILE"/Contents/MacOS/Lili --silent
# Remove temp files
echo "Cleaning up temp files"
rm -rf /tmp/LMI
echo "Exiting with success"
exit 0
Expand Conditions for Install and make the following changes. This will check if the LogMeIn app is already installed. If it is not, it will be installed. If it is already installed, nothing will happen.
- Path to file or folder: /Applications/LogMeIn Client.app
- Click Add to Script
- Change line 5 of the generated script to read else and press enter to create a line break
- Make sure the checkbox for “Install if the return value is 0” is selected
It should now look like the screenshot below
Click Save at the bottom right