Home > iOS, Jamf Pro, Mac administration, macOS, Management Profiles, Scripting > Backing up configuration profiles from Jamf Pro

Backing up configuration profiles from Jamf Pro

When working with configuration profiles on Jamf Pro, I prefer to download and back them up to GitHub or a similar internal source control tool. The reasons I do this are the following:

  1. I have an off-server backup for the profiles
  2. I can track changes to the profiles

Up until recently, this had been a manual process for me where I would download the profiles in question from the server and then upload them to my source control tool.

My process looked like this:

1. Download the profiles from the Jamf Pro server using the Download button.

Screen Shot 2018 11 15 at 3 47 35 PM

2. Remove the code-signing and formatting the profile using a process similar to the one described in the link below:

https://macmule.com/2015/11/16/making-downloaded-jss-configuration-profiles-readable/

3. Move the profile to the correct directory in my source control repo.
4. Review changes and commit to the repo.

However, as I’ve started using profiles more, this process got cumbersome and I wanted to automate at least the download part of the process. After some work, I was able to build two scripts which do the following:

  1. Use the Jamf Pro API to identify the Jamf Pro ID numbers of the configuration profiles.
  2. Download each profile using its Jamf Pro ID number
  3. Decode and format the profile
  4. Identify the display name of the profile
  5. Save the profile as Display Name Here.mobileconfig to a specified download directory.

For more details, please see below the jump.

I’ve written two scripts for this purpose:

  • Jamf_Pro_Mac_Configuration_Profile_Download.sh – This script is designed to download and handle macOS configuration profiles
  • Jamf_Pro_Mobile_Device_Configuration_Profile_Download.sh – This script is designed to download and handle iOS and tvOS configuration profiles

For authentication, the scripts can accept hard-coded values in the script, manual input or values stored in a ~/Library/Preferences/com.github.jamfpro-info.plist file. The plist file can be created by running the following commands and substituting your own values where appropriate:

To store the Jamf Pro URL in the plist file:

defaults write com.github.jamfpro-info jamfpro_url https://jamf.pro.server.goes.here:port_number_goes_here

To store the account username in the plist file:

defaults write com.github.jamfpro-info jamfpro_user account_username_goes_here

To store the account password in the plist file:

defaults write com.github.jamfpro-info jamfpro_password account_password_goes_here

Both scripts run in similar ways, with the main difference being which kind of profiles are being downloaded.

To download macOS profiles:

/path/to/Jamf_Pro_Mac_Configuration_Profile_Download.sh

To download iOS and tvOS profiles:

/path/to/Jamf_Pro_Mobile_Device_Configuration_Profile_Download.sh

When run, you should see output similar to that shown below.

Screen Shot 2018 11 15 at 3 11 38 PM

The profiles themselves will be stored in either a user-specified directory or, if no directory is specified, a directory created by the script.

Screen Shot 2018 11 15 at 3 13 02 PM

The scripts are available below, and at the following addresses on GitHub:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/Casper_Scripts/Jamf_Pro_Mac_Configuration_Profile_Download

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/Casper_Scripts/Jamf_Pro_Mobile_Device_Configuration_Profile_Download

Jamf_Pro_Mac_Configuration_Profile_Download.sh:

Jamf_Pro_Mobile_Device_Configuration_Profile_Download.sh:

  1. Art Rathke
    December 20, 2018 at 4:12 pm

    Rich – these four backup scripts are great, Thanks. Are you working on one for policies, too? I could use that right now. Art

  2. Art Rathke
    December 20, 2018 at 4:29 pm

    Found it in GitHub – Thanks.

  3. Art Rathke
    December 20, 2018 at 7:22 pm

    I found where the scripts are in GitHub, I’m hoping you’ll do a script for policies. It would be nice to have the scope info and payloads.

    The other thing that would be nice in Jamf would be to have a where-used for groups and packages and scripts.

  4. March 18, 2019 at 2:39 pm

    Hey Rich. . .just to let you know, the script as it’s presented on GitHub has the ProfileDownloadDirectory variable populated with your(?) GitHub path. However, as presented here in your blog it appears to be fine.

    • March 18, 2019 at 2:44 pm

      Fixed. Thanks for the heads-up!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: