Documentation

Jamf MDM Tutorial

Deploy Control D to your MacOS.

Suggest Edits

1. Create your Provisioning Token

First thing you have to do is create a Provisioning code in the Control D Dashboard. Go to Provision, and click the + button. Fill out the form, and you should see an install command as well as a button to Download Install Script.


🚧

Expiry Time and Limit

Be sure to select the appropriate expiry time and execution limit for the Provisioning code. When this time passes, or the limit is reached, the code will become invalid and cannot be used anymore to provision new Endpoints. Same applies if you delete this code.

2. Create a Shell Script in Jamf Pro

  1. Log in to Jamf Pro
  2. Navigate to Settings → Computers Management → Scripts.
  3. Click New.
  4. Name it something like: Control D Agent Installation.
  5. In the Script field, paste the following template (replace YOUR_PROVISIONING_TOKEN_HERE with the provisioning token generated in the previous steps) :
#!/bin/bash

# Download and install Control D agent
sh -c 'sh -c "$(curl -sSL https://api.controld.com/dl/rmm)" -s YOUR_PROVISIONING_TOKEN_HERE'
  1. Click Save.

3. Create a Policy to Deploy the Script

  1. Go to Computers → Policies.
  2. Click New.
  3. Set a descriptive name: Control D Agent Deployment.
  4. Under General:
    • Set Trigger to Recurring Check-in , Enrollment Complete , or manually via Self Service.
    • Set Execution Frequency: Once per computer (recommended).
  5. Under Scripts:
    • Click Configure.
    • Add the Install ctrld Agent script.
  6. Under Scope:
    • Target all Macs or a Smart Group with qualifying devices.
  7. (Optional) Under Maintenance or Files and Processes, enable Update Inventory to confirm installs.
  8. Save the policy.

4. Test Deployment

Pick one Mac from your test group and tun the following to force a Jamf policy check in:

sudo jamf policy -verbose
  1. Confirm installation:
sudo ctrld status

You can monitor your deployment from the Jamf dashboard:

Your devices should appearing in your Control D Web Dashboard:

🚧

Prevent Deactivation

Only applies to end users with administrative access.

While you can prevent deactivation by setting a PIN code - users with admin rights can disable the ctrld login item via the MacOS Settings App.

To prevent this - you can deploy Configuration Profile which will prevent deactivation.

  1. Go to: Computers → Configuration Profiles → New

  2. Choose:

    • macOS
    • Give the profile a name, e.g., Managed Login Item - ctrld

  3. Under Privacy & Security, click Login Items

  4. Click Add under “Login Items”

  5. Enter the following:


FieldValue
Team IdentifierGYZJYS7XUG
Bundle Identifier
VisibilityVisible (optional)
Hide from UsersNo

This enforces a profile that

  • Prevents users from disabling the background launch item in System Settings → Login Items → Allow in the Background
  • Makes it appear as "Managed by your organization"
  • Locks the toggle UI

Updated about 11 hours ago