https://github.com/reponomadx/ws1-sentinelone-installer

Automated SentinelOne deployment script for macOS using Workspace ONE UEM and Munki.
https://github.com/reponomadx/ws1-sentinelone-installer

automation bash bash-script bash-scripting device-management endpoint-protection macos macos-scripting mdm munki munkipkg sentinel-1 sentinelone shell-script workspace-one ws1 ws1-uem

Last synced: 3 months ago
JSON representation

Automated SentinelOne deployment script for macOS using Workspace ONE UEM and Munki.

• Host: GitHub
• URL: https://github.com/reponomadx/ws1-sentinelone-installer
• Owner: reponomadx
• License: mit
• Created: 2025-07-12T22:11:30.000Z (3 months ago)
• Default Branch: main
• Last Pushed: 2025-07-13T00:13:43.000Z (3 months ago)
• Last Synced: 2025-07-13T00:18:20.378Z (3 months ago)
• Topics: automation, bash, bash-script, bash-scripting, device-management, endpoint-protection, macos, macos-scripting, mdm, munki, munkipkg, sentinel-1, sentinelone, shell-script, workspace-one, ws1, ws1-uem
• Language: Shell
• Homepage:
• Size: 1.38 MB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          


  



WS1 SentinelOne Installer for macOS




  

  

  

  



---

Automated macOS installation and upgrade of SentinelOne using Workspace ONE UEM and Munki.  

This toolset was developed to address cases where standard app deployment methods fail to install or update the SentinelOne agent reliably.

---

## 📦 What It Does

### `s1_install.sh`

- ✅ Checks if SentinelOne is already installed  

- 📁 Verifies the PKG exists in the Munki cache  

- 🔐 Writes a registration token to disk  

- 📥 Copies payloads to a local managed user's Downloads folder  

- 🚀 Installs the SentinelOne agent using `installer`  

- 🧹 Cleans up all temporary files  

### `s1_upgrade.sh`

- 🔍 Checks current installed SentinelOne version  

- 🔁 Compares against expected version  

- 📦 Copies upgrade PKG if out of date  

- ⬆️ Performs in-place upgrade using `sentinelctl upgrade-pkg`  

- 🧹 Cleans up staging files  

---

## 🧰 Requirements

To use these scripts successfully in a Workspace ONE environment:

- SentinelOne `.pkg` must be present in Munki’s local cache  

- A base64-encoded **registration token** must be provided by your SentinelOne console  

- Workspace ONE UEM must inject a secure `password` variable into the script  

- A managed local macOS account must exist with a writable `/Users/username/Downloads` directory  

  → Need to elevate that account temporarily? Check out [macOS Elevated Admin Rights with Workspace ONE](https://github.com/reponomadx/macos-elevated-admin-ws1)

---

## 🚀 Deployment Method

1. Add the script(s) to Workspace ONE UEM under **Resources > Scripts**  

2. Use **System context**  

3. Run `s1_install.sh` on devices that need initial deployment  

4. Schedule `s1_upgrade.sh` to run periodically (e.g., every 4 hours)  

5. Add a **Secure String** variable named `password`  

6. Assign the script to your desired Smart Group (e.g., all macOS Workstations)

---

## ✍️ Customization

Before deployment, update the following values in the scripts:

```bash

TARGET_USER="Your_macOS_Service_Account"

echo "" > "$TOKEN_FILE"

```

Replace:

- `Your_macOS_Service_Account` with the correct local user account  

- `` with your actual SentinelOne token (in base64 format)

---

## 🛑 Security Notice

These scripts rely on Workspace ONE’s secure variable injection for authentication.  

**Do not hardcode credentials or tokens.** Always use UEM variables for secrets.

---

## 💬 Discussions

Have questions or feedback?  

Visit the [Discussions](../../discussions) tab to share tips, suggest features, or ask for help.

---

## 📄 License

This project is licensed under the terms of the [MIT License](LICENSE).

```

MIT License

Copyright (c) 2025 Brian Irish

Permission is hereby granted, free of charge, to any person obtaining a copy

of this software and associated documentation files (the "Software"), to deal

in the Software without restriction, including without limitation the rights  

to use, copy, modify, merge, publish, distribute, sublicense, and/or sell  

copies of the Software, and to permit persons to whom the Software is  

furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in  

all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR  

IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,  

FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE  

AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER  

LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING  

FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS  

IN THE SOFTWARE.

```