I had a little trouble enrolling a macOS VM in my MDM(Jamf) earlier today. The VMs kept enrolling as iOS devices rather than as comptuers. Since I wasn’t testing DEP workflows I didn’t need to deal with adding an actual serial number to the VM, I just needed to enroll the VM through the enrollment portal. Through some conversation with some friends in a Mac Admins Slack channel and searching around on the web I was able to collect all the info I needed to get this working right.
Most of the information I found in my search was for getting a virtual machine working with a serial number from a broken macOS device that is still in one’s DEP. While helpful, I didn’t want to have to go digging up a serial number for this VM[1]. The following Reddit comment got me on the right track[2]:
I am using ESXI on a Mac Pro. works pretty well and is free (beyond the hardware).
I just create a MacOS vm as normal, when you get to the stage where it asks to create a user account I power down and I have a script that adds hw.model to the vmx file of the VM and then boot it up and keep going. It enrolls as whatever hardware model ive set it as not as a mobile device.[3]
For most of you, hw.model is probably all you need to be off and running. If you need a few more details[4], Mr. Macintosh has a good list of hardware model identifiers you can take a look at.
To make an increasingly long story short, do this:
Power down the VM
Right click the VM in your VM library and select “Show in Finder”
Right click the VM in question and select “Show Package Contencts”
Pick a computer model you want to use and copy the hardware identifier(e.g. MacBookPro11,5)
Add the line hw.model = "$hardwareIdentifier" at the bottom and save[6]
Power on the VM and enroll
The VM should now enroll as a “Computer” rather than a “Device”.
I’m fortunate enough to have enough hardware lying around that I can use to test DEP workflows. I know that’s not the case for everyone, which is why I’m a big fan of the ability to set up VMs with actual serial numbers. If you need to read more about that there are a lot of great posts on it. Here’s one. ↩
To be fair if I’d actually read through the posts on getting VMs set up for DEP enrollment I would have noticed that they specify the need for a hardware identifier and tell you where to put it. But also to be fair that’s probably giving me too much credit and I would have spent a long time being frustrated about needing to figure out which serial number to use and would have ignored the fact that the answer was literally in the article I was frustrated about. ↩
You’ll have to forgive me if this is a little non-sensical, but I just spent seven or eight hours writing stuff based on a misunderstanding of work that had come previously 😐 . This was my fault for misreading what apizz was doing with his script that he wrote on October 30, 2019. I just realized tonight that he’d followed it up with this from May 26th, 2021, and the follow up script helped something click in my brain that hadn’t before.
My interpretation of what apizz was doing was that he was using the script in the 2019 post to generate PPD files for each of the printer models he was managing and deploying those into place along with icon files when deploying a printer. I don’t know why I read it that way, but that’s what I mean in this post when I say it felt like he was doing things the old way(deploying drivers along with install scripts). He was not (I don’t think but I don’t know what’s real anymore).
Tonight, after looking through the second script he posted in 2021 to fix the icon issue, I realized my assumption would have been a ridiculous way to handle it and that what he’s actually doing is much simpler: just run the script to generate the PPD on the device that you’re adding the printer to and add the printer in the same script. The only thing left to manage at that point is the script that’s generating the PPD.
apizz was kind enough to read this post and rightly criticized a number of points that I made, mostly in my sections titled “The Failures”(this was always intended to indicate my own failures, not anyone else’s, I’m realizing now that that was a poor choice of section heading title) and “Another Option”.
Concerning the failures, again: they were entirely failures of understanding and implementation of my own making. Concerning the other option, apizz mentioned in his comment that it resembled his own solution. I’d argue that that’s like saying an ingredient list for lasagna resembles the final product. The point I was trying to make was that someone could, if they wanted, start with the lpadmin command that I mentioned and build something workable. Which apizz did. In 2019. Then made it better in 2021.
I’m up to 2000 words written for this blog post (600 of which are about to get deleted because they’re embarrassing because I still hadn’t understood what I’d misunderstood about apizz’s post. Man I sure hope I’ve understood it now), which is entirely too many words when all I really needed to say was:
“Hey folks, I found a neat thing: open -a "/System/Library/CoreServices/AddPrinter.app" ipp://printerHostName“.
Sorry, apizz. Thanks for taking the time to help me be a better writer and better Mac admin.
All that said, I’d skip “The Failures” and “Another Option” down below and if you think what I’ve written is dumb go check out apizz’s posts because he can show you how to deploy a printer without user interaction. Mine is for Self Service only.
Original Post:
If you want to get right to the nitty-gritty and bypass +/- 1000 words about a one-line shell command you can check out my script on GitHub. If you want to know why I did what I did, it beats me but you may find some insights below.
This week I’ve at last finalized a solution to a problem that’s bedeviled me for four or five years. When I first started as a baby Mac Admin in the second half of 20151 adding printers with a tool like Munki or Jamf was mostly a solved problem.
Things have come a long way over the last six and a half years, though, and the methods that were best practice back then have all pretty much stopped working. Printer drivers were deprecated or are being deprecated or I don’t even know anymore, and heaven help you if your printer software has 32-bit components. Hopefully my suggestions below provide you a shortcut and your journey is shorter than mine.
The Problem
I needed a way to add printers to Jamf Self Service so my coworkers can add relevant printers for themselves easily whenever necessary. I needed the method I settled on to be able to add the printers as AirPrint printers using the Internet Printing Protocol to simplify the installation and so there wouldn’t be any extra packages to install and manage.
The Failures
You’re get to skip through years of frustration in 4 paragraphs. Enjoy.
Failure Number One
I came across a number of options over the last three or four years that I couldn’t get working reliably in my environment. Things like this thread on Jamf Nation and this one from Apizz led me down months-long rabbit trails trying to get ippfind and ipp2ppd to give me what I wanted.
To be quite frank, I think the problem with those solutions was that they were trying to deal with AirPrint in an old way.
Failure Number Two
The other option that I found unworkable was adding printers with Configuration Profiles through my MDM solution(Jamf). Adding printers to Jamf was a pain and rarely resulted in a working, deployable configuration for me.
It’s entirely likely that I was holding it wrong adding the printers incorrectly but this was another solution I worked on for months and couldn’t get working reliably.
The Solution
Having stared at the problem long enough I finally had a bit of an unexpected thought: “I wonder if anything in macOS is registered to handle ipp://URLs”.
In a moment of pure desperation I typed the ipp:// URL for the department printer into the address bar in Safari and
Open in AddPrinter.app
WHAT?!
I clicked “Allow” and
Clicking “Continue” will communicate with the printer.
WHAT?!?!
I clicked “Continue” and
My wife’s printer. Successfully added.
Well that was easy. I could automate that. Some of you may be seeing what I missed, but that was good enough for me. I rolled right ahead with Safari, problem solved:
open -a "Safari" ipp://deptPrinterHostName
(don’t use that command, the good one comes later)
There was my department printer added to my computer, pretty icon and all. It even added the fax machine2!
I created a policy for each of the printers I needed using the Files and Processes option to run that command and shoved them all into Self Service.
Refinement
I was happy as a clam till a few months later. Towards the beginning of February, 2022 I was cleaning up some policies in Jamf, thinking about how awesome I was and remembering how pleased I was with my printer solution.
I mentioned it to my buddy Adam3. When I showed Adam the command I was using, Adam asked a rather insightful question: “Why Safari?”
I don’t know, Adam. Gimme a minute to re-think everything I believe in.
With my genius firmly debunked I tried a couple of commands off the top of my head4 before opening the Add Printer app5 and pulling up Activity Monitor. Sort by name, double click the Add Printer process and select the “Open Files and Ports” tab to reveal the droid we’re looking for: /System/Library/CoreServices/AddPrinter.app. And sure enough, AddPrinter.app is registered to handle ipp:// URLs. Hooray!
That gives us the rather tidy
open -a "/System/Library/CoreServices/AddPrinter.app" ipp://printerHostName
to add a printer. Run the command and confirm you want to connect to the printer. The Add Printer app opens, connects to the printer and closes again.
Super clean and simple and it only took me like 5 years to figure it out.
Another Option
In getting this all typed up I ran across the following:
This works but has a couple of drawbacks I don’t like:
It adds the printer with a generic printer icon. This is trivial, but I think it does make for a worse experience for my coworkers, especially if they have multiple printers
It adds the printer using the IPP Everywhere PPD which seems to not pull as much info from the printer as my method. This affects little things like supply level bars being black instead of the color of toner they represent. Again, trivial things but the AirPrint method seems to make for a nicer experience
One advantage of using the lpadmin command is that it doesn’t require user interaction. If you need to add printers automatically with a script it might be worth investigating that a little further to see if you can specify some of those additional details that will make the user experience a little better. I found the lpadmin command here. That link and this one would be a good place to start your research.
For my part I’m going to stick with:
open -a "/System/Library/CoreServices/AddPrinter.app" ipp://printerHostName
Footnotes
1: I’m now a toddler Mac Admin. We mature slowly. ⤴︎
2: I don’t actually care about the fax machine but maybe you do? ⤴︎
3: open -a "Sytem Preferences" ipp://printerHostName; open -a "Printers & Scanners" ipp://printerHostName; and open -a "Add Printer" ipp://printerHostName if you must know. ⤴︎
4: You probably know Adam if you’re reading this. ⤴︎
5: System Preferences > Printers & Scanners > “+” ⤴︎
I had a little trouble enrolling a macOS VM in my MDM(Jamf) earlier today. The VMs kept enrolling as iOS devices rather than as comptuers. Since I wasn’t testing DEP workflows I didn’t need to deal with adding an actual serial number to the VM, I just needed to enroll the VM through the enrollment portal. Through some conversation with some friends in a Mac Admins Slack channel and searching around on the web I was able to collect all the info I needed to get this working right.
Machine Compatible 