Home > Uncategorized > Backing up macOS management policies from Jamf Pro

Backing up macOS management policies from Jamf Pro

When working with computer management policies on Jamf Pro, especially more complex policies, I prefer to download then and back them up to GitHub or a similar internal source control tool. The reasons I do this are the following:

  1. I have an off-server backup for the policies
  2. I can track changes to the groups
  3. If needed, I can make a change to a policy and upload via the API instead of having to edit in the web console.

Up until recently, I didn’t have a good process for handling this but after some work, I was able to build a script which does the following:

  1. If any policies were previously downloaded, back up existing downloaded policies into a .zip file
  2. Download the policy information as XML
  3. Properly format the downloaded XML
  4. Identify the display name of the policy.
  5. Identify the category of the policy.
  6. Save the downloaded XML as Policy Name Here.xml to a specified download directory, based on the category that the policy is in.

The reason the script archives previously downloaded policies are the following:

  1. In case something goes wrong with the download, I still have the previously archived copy.
  2. The script can clear out the existing download directory and have only the latest version of the policy stored inside.

For more details, please see below the jump.

The script I’ve written is named Jamf_Pro_Computer_Policy_Download.sh. For authentication, the script can accept hard-coded values in the script, manual input or values stored in a ~/Library/Preferences/com.github.jamfpro-info.plist file.

The plist file can be created by running the following commands and substituting your own values where appropriate:

To store the Jamf Pro URL in the plist file:

defaults write com.github.jamfpro-info jamfpro_url https://jamf.pro.server.goes.here:port_number_goes_here

To store the account username in the plist file:

defaults write com.github.jamfpro-info jamfpro_user account_username_goes_here

To store the account password in the plist file:

defaults write com.github.jamfpro-info jamfpro_password account_password_goes_here

The policies themselves will be stored in either a user-specified directory or, if no directory is specified, a directory created by the script. When the script is run, you should see output similar to that shown below.

If no download directory is specified:

Screen Shot 2018 12 21 at 3 02 31 PM

Screen Shot 2018 12 21 at 3 04 24 PM

 

If a download directory is specified and has existing contents:

Screen Shot 2018 12 21 at 3 32 52 PM

Screen Shot 2018 12 21 at 3 29 47 PM

Screen Shot 2018 12 21 at 3 28 49 PM

 

The script is available below, and at the following address on GitHub:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/Casper_Scripts/Jamf_Pro_Computer_Policy_Download

Jamf_Pro_Computer_Policy_Download.sh:

Categories: Uncategorized
  1. Lewis
    January 11, 2019 at 3:16 pm

    Awesome work!!! I’ve been waiting for this capability for ages. Are you looking into a script to upload the XML back into Jamf?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: