Home > Casper, Mac administration, Mac OS X, Scripting > Migrating OS X Macs from one Apple push notification certificate to another using Casper

Migrating OS X Macs from one Apple push notification certificate to another using Casper

As mentioned previously, I needed to migrate my Casper server from using the Apple Push Notification Service (APNS) certificate generated by one Apple ID to now using another APNS certificate generated by another Apple ID.

This project is fairly straightforward, thanks to a couple of factors:

  1. The Casper server in question is managing only OS X devices.
  2. I have a way to identify via a Casper Extension Attribute which Macs have MDM profiles associated with the APNS certificate which is no longer active.

I was able to set up a Casper smart group to look for machines that fit the following criteria:

  • Criteria: Extension Attribute name (In this case, the EA is named Apple Push Notification Service certificate identifier.)
  • Operator: Like
  • Value: com.apple.mgmt.External.uuid_of_former_apns_certificate_goes_here

Screen Shot 2016 04 27 at 11 10 04 AM

Screen Shot 2016 04 27 at 11 20 45 AM

Screen Shot 2016 04 27 at 11 21 59 AM

From there, I set up a policy that is scoped to run on the members of that smart group. For more details, see below the jump.

The policy I set up runs the script shown below to perform the following tasks:

  1. Remove the existing MDM profiles
  2. Download and install a fresh set of MDM profiles (this new set of profiles will use the new APNS certificate.)
  3. Run a recon to update inventory.

The inventory update should then take the machine out of the smart group.

Here’s how the policy I set up looks in Casper 9.x:

  • Frequency: Ongoing
  • Trigger: Check-In
  • Actions:
    • Run script
    • Update Inventory

 Screen Shot 2016 04 27 at 9 17 26 AM

Screen Shot 2016 04 27 at 9 17 30 AM

Screen Shot 2016 04 27 at 9 17 37 AM

The script looks like this in Casper:

Screen Shot 2016 04 27 at 9 18 04 AM

Screen Shot 2016 04 27 at 9 18 18 AM

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: