Home > AutoPkg, Jamf Pro, Jamf Pro API, JSSImporter, Scripting > Using the Jamf Pro API to mass-delete obsolete packages and scripts

Using the Jamf Pro API to mass-delete obsolete packages and scripts

If you’re using AutoPkg and tools like jamf-upload or JSSImporter to automate the uploading of packages and scripts to your Jamf Pro server, it may be necessary to periodically delete a large number of now-obsolete installer packages or scripts from your server. To help with this, I’ve written a couple of scripts to help automate the deletion process by using a list of Jamf IDs and the API to perform the following tasks:

  1. Delete the relevant installer packages or scripts.
  2. Generate a report of which packages or scripts were deleted.

For more details, please see below the jump.

Both scripts work with a text file of Jamf Pro IDs, and also include error checking to make sure that the text file’s entries contained only positive numbers.

To use these scripts, you will need four things:

  1. A text file containing the Jamf Pro package or script IDs you wish to delete.
  2. The address of the appropriate Jamf Pro server
  3. The username of an account on the Jamf Pro server which has the necessary privileges to delete computers and/or mobile devices.
  4. The password to that account.

The test file should contain only the relevant Jamf Pro IDs and appear similar to this:

924
1041
1079
1234
1244
1263
1269
1765
1213
1235
1253
1260
1273
1219
1334
1351
1298
1320
1394
1415
1430
1375
1464
1506
1444
1566
1585
1595
1606
1529
1542
1684
1625
1627
1654
1726
1742
1756
1705
1768
1772
1786
1527
1635
1677

Once you have the text file and the other prerequisites, the scripts can be run using the following commands:

To delete installer packages:

/path/to/delete_Jamf_Pro_Packages.sh /path/to/text_filename_here.txt

To delete scripts:

/path/to/delete_Jamf_Pro_Scripts.sh /path/to/text_filename_here.txt

For authentication, the scripts can accept manual input or values stored in a ~/Library/Preferences/com.github.jamfpro-info.plist file.

The plist file can be created by running the following commands and substituting your own values where appropriate:

To store the Jamf Pro URL in the plist file:

defaults write com.github.jamfpro-info jamfpro_url https://jamf.pro.server.goes.here:port_number_goes_here

To store the account username in the plist file:

defaults write com.github.jamfpro-info jamfpro_user account_username_goes_here

To store the account password in the plist file:

defaults write com.github.jamfpro-info jamfpro_password account_password_goes_here

It is also possible to simulate a run of the script, to make sure everything is working before running the actual deletion. To put the script into simulation mode, comment out the following line of the script.

delete_Jamf_Pro_Packages.sh

/usr/bin/curl -su ${jamfpro_user}:${jamfpro_password} "${jamfproIDURL}/$PackagesID" -X DELETE

delete_Jamf_Pro_Scripts.sh

/usr/bin/curl -su ${jamfpro_user}:${jamfpro_password} "${jamfproIDURL}/$ScriptsID" -X DELETE

To take it out of simulation mode and enable deletion, uncomment the line.

In simulation mode, you can test out if the script is reading the text file properly and the authentication method. For example, the following output should be seen in simulation mode if the text file is being read properly and manual input is being used.

username@computername ~ % /path/to/delete_Jamf_Pro_Scripts.sh ~/Desktop/home_scripts_report.txt

Please enter your Jamf Pro server URL : https://jamf.pro.server.goes.here:8443
Please enter your Jamf Pro user account : jpadmin
Please enter the password for the jpadmin account:
Deleting iscasperonline.sh - script ID 13.

Deleted iscasperonline.sh - script ID 13.

Deleting xcode_uninstall.sh - script ID 15.

Deleted xcode_uninstall.sh - script ID 15.

Report on deleted scripts available here: /var/folders/wz/mp27mjl97h505nvff787hh3c0000gn/T/tmp.IaiOiHgI.tsv
username@computername ~ %

The following output should be seen in production mode if the text file is being read properly and the needed values are being read from a ~/Library/Preferences/com.github.jamfpro-info.plist file.

username@computername ~ % /path/to/delete_Jamf_Pro_Scripts.sh ~/Desktop/home_scripts_report.txt

Deleting iscasperonline.sh - script ID 13.
<?xml version="1.0" encoding="UTF-8"?><script><id>13</id></script>
Deleted iscasperonline.sh - script ID 13.

Deleting xcode_uninstall.sh - script ID 15.
<?xml version="1.0" encoding="UTF-8"?><script><id>15</id></script>
Deleted xcode_uninstall.sh - script ID 15.

Report on deleted scripts available here: /var/folders/wz/mp27mjl97h505nvff787hh3c0000gn/T/tmp.vZgL8WOk.tsv
username@computername ~ %

Once the script has completed its run, it will generate a report on the deleted items in tab-separated format and display the .tsv file’s location.

Screen Shot 2021 04 16 at 2 43 29 PM

The scripts are available below, and at the following addresses on GitHub:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/Casper_Scripts/delete_Jamf_Pro_Packages

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/Casper_Scripts/delete_Jamf_Pro_Scripts

 

delete_Jamf_Pro_Packages.sh:

#!/bin/bash
##########################################################################################
# Packages Delete Script for Jamf Pro
#
#
# Usage: Call script with the following four parameters
# – a text file of the Jamf Pro package IDs you wish to delete
#
# You will be prompted for:
# – The URL of the appropriate Jamf Pro server
# – Username for an account on the Jamf Pro server with sufficient API privileges
# – Password for the account on the Jamf Pro server
#
# The script will:
# – Delete the specified packages using their Jamf Pro package IDs
# – Generate a report of all successfully deleted packages in TSV format
#
# Example: ./delete_Jamf_Pro_Packages.sh jamf_pro_id_numbers.txt
#
##########################################################################################
filename="$1"
ERROR=0
report_file="$(mktemp).tsv"
if [[ -n $filename && -r $filename ]]; then
# If you choose to hardcode API information into the script, uncomment the lines below
# and set one or more of the following values:
#
# The username for an account on the Jamf Pro server with sufficient API privileges
# The password for the account
# The Jamf Pro URL
#jamfpro_url="" ## Set the Jamf Pro URL here if you want it hardcoded.
#jamfpro_user="" ## Set the username here if you want it hardcoded.
#jamfpro_password="" ## Set the password here if you want it hardcoded.
# If you do not want to hardcode API information into the script, you can also store
# these values in a ~/Library/Preferences/com.github.jamfpro-info.plist file.
#
# To create the file and set the values, run the following commands and substitute
# your own values where appropriate:
#
# To store the Jamf Pro URL in the plist file:
# defaults write com.github.jamfpro-info jamfpro_url https://jamf.pro.server.goes.here:port_number_goes_here
#
# To store the account username in the plist file:
# defaults write com.github.jamfpro-info jamfpro_user account_username_goes_here
#
# To store the account password in the plist file:
# defaults write com.github.jamfpro-info jamfpro_password account_password_goes_here
#
# If the com.github.jamfpro-info.plist file is available, the script will read in the
# relevant information from the plist file.
if [[ -f "$HOME/Library/Preferences/com.github.jamfpro-info.plist" ]]; then
if [[ -z "$jamfpro_url" ]]; then
jamfpro_url=$(defaults read $HOME/Library/Preferences/com.github.jamfpro-info jamfpro_url)
fi
if [[ -z "$jamfpro_user" ]]; then
jamfpro_user=$(defaults read $HOME/Library/Preferences/com.github.jamfpro-info jamfpro_user)
fi
if [[ -z "$jamfpro_password" ]]; then
jamfpro_password=$(defaults read $HOME/Library/Preferences/com.github.jamfpro-info jamfpro_password)
fi
fi
# If the Jamf Pro URL, the account username or the account password aren't available
# otherwise, you will be prompted to enter the requested URL or account credentials.
if [[ -z "$jamfpro_url" ]]; then
read -p "Please enter your Jamf Pro server URL : " jamfpro_url
fi
if [[ -z "$jamfpro_user" ]]; then
read -p "Please enter your Jamf Pro user account : " jamfpro_user
fi
if [[ -z "$jamfpro_password" ]]; then
read -p "Please enter the password for the $jamfpro_user account: " -s jamfpro_password
fi
echo ""
# Remove the trailing slash from the Jamf Pro URL if needed.
jamfpro_url=${jamfpro_url%%/}
# Set up the Jamf Pro Computer ID URL
jamfproIDURL="${jamfpro_url}/JSSResource/packages/id"
while read -r PackagesID
do
# Verify that the input is a number. All Jamf Pro
# IDs are positive numbers, so any other input will
# not be a valid Jamf Pro ID.
if [[ "$PackagesID" =~ ^[0-9]+$ ]]; then
if [[ ! -f "$report_file" ]]; then
/usr/bin/touch "$report_file"
printf "Deleted Package ID Number\tDeleted Package Name\n" > "$report_file"
fi
# Get package display name
PackagesName=$(/usr/bin/curl -su "${jamfpro_user}:${jamfpro_password}" -H "Accept: application/xml" "${jamfpro_url}/JSSResource/packages/id/$PackagesID" | xmllint –xpath '//package/name/text()'2>/dev/null)
# Remove comment from line below to preview
# the results of the deletion command.
echo -e "Deleting $PackagesName – package ID $PackagesID."
# Remove comment from line below to actually run
# the deletion command.
/usr/bin/curl -su ${jamfpro_user}:${jamfpro_password} "${jamfproIDURL}/$PackagesID" -X DELETE
if [[ $? -eq 0 ]]; then
printf "$PackagesID\t %s\n" "$PackagesName" >> "$report_file"
echo -e "\nDeleted $PackagesName – package ID $PackagesID.\n"
else
echo -e "\nERROR! Failed to delete $PackagesName – package ID $PackagesID.\n"
fi
else
echo "All Jamf Pro IDs are expressed as numbers. The following input is not a number: $PackagesID"
fi
done < "$filename"
else
echo "Input file does not exist or is not readable"
ERROR=1
fi
if [[ -f "$report_file" ]]; then
echo "Report on deleted installer packages available here: $report_file"
fi
exit "$ERROR"

delete_Jamf_Pro_Scripts.sh:

#!/bin/bash
##########################################################################################
# Scripts Delete Script for Jamf Pro
#
#
# Usage: Call script with the following four parameters
# – a text file of the Jamf Pro script IDs you wish to delete
#
# You will be prompted for:
# – The URL of the appropriate Jamf Pro server
# – Username for an account on the Jamf Pro server with sufficient API privileges
# – Password for the account on the Jamf Pro server
#
# The script will:
# – Delete the specified scripts using their Jamf Pro script IDs
# – Generate a report of all successfully deleted scripts in TSV format
#
# Example: ./delete_Jamf_Pro_Scripts.sh jamf_pro_id_numbers.txt
#
##########################################################################################
filename="$1"
ERROR=0
report_file="$(mktemp).tsv"
if [[ -n $filename && -r $filename ]]; then
# If you choose to hardcode API information into the script, uncomment the lines below
# and set one or more of the following values:
#
# The username for an account on the Jamf Pro server with sufficient API privileges
# The password for the account
# The Jamf Pro URL
#jamfpro_url="" ## Set the Jamf Pro URL here if you want it hardcoded.
#jamfpro_user="" ## Set the username here if you want it hardcoded.
#jamfpro_password="" ## Set the password here if you want it hardcoded.
# If you do not want to hardcode API information into the script, you can also store
# these values in a ~/Library/Preferences/com.github.jamfpro-info.plist file.
#
# To create the file and set the values, run the following commands and substitute
# your own values where appropriate:
#
# To store the Jamf Pro URL in the plist file:
# defaults write com.github.jamfpro-info jamfpro_url https://jamf.pro.server.goes.here:port_number_goes_here
#
# To store the account username in the plist file:
# defaults write com.github.jamfpro-info jamfpro_user account_username_goes_here
#
# To store the account password in the plist file:
# defaults write com.github.jamfpro-info jamfpro_password account_password_goes_here
#
# If the com.github.jamfpro-info.plist file is available, the script will read in the
# relevant information from the plist file.
if [[ -f "$HOME/Library/Preferences/com.github.jamfpro-info.plist" ]]; then
if [[ -z "$jamfpro_url" ]]; then
jamfpro_url=$(defaults read $HOME/Library/Preferences/com.github.jamfpro-info jamfpro_url)
fi
if [[ -z "$jamfpro_user" ]]; then
jamfpro_user=$(defaults read $HOME/Library/Preferences/com.github.jamfpro-info jamfpro_user)
fi
if [[ -z "$jamfpro_password" ]]; then
jamfpro_password=$(defaults read $HOME/Library/Preferences/com.github.jamfpro-info jamfpro_password)
fi
fi
# If the Jamf Pro URL, the account username or the account password aren't available
# otherwise, you will be prompted to enter the requested URL or account credentials.
if [[ -z "$jamfpro_url" ]]; then
read -p "Please enter your Jamf Pro server URL : " jamfpro_url
fi
if [[ -z "$jamfpro_user" ]]; then
read -p "Please enter your Jamf Pro user account : " jamfpro_user
fi
if [[ -z "$jamfpro_password" ]]; then
read -p "Please enter the password for the $jamfpro_user account: " -s jamfpro_password
fi
echo ""
# Remove the trailing slash from the Jamf Pro URL if needed.
jamfpro_url=${jamfpro_url%%/}
# Set up the Jamf Pro Computer ID URL
jamfproIDURL="${jamfpro_url}/JSSResource/scripts/id"
while read -r ScriptsID
do
# Verify that the input is a number. All Jamf Pro
# IDs are positive numbers, so any other input will
# not be a valid Jamf Pro ID.
if [[ "$ScriptsID" =~ ^[0-9]+$ ]]; then
if [[ ! -f "$report_file" ]]; then
/usr/bin/touch "$report_file"
printf "Deleted Script ID Number\tDeleted Script Name\n" > "$report_file"
fi
# Get script display name
ScriptsName=$(/usr/bin/curl -su "${jamfpro_user}:${jamfpro_password}" -H "Accept: application/xml" "${jamfpro_url}/JSSResource/scripts/id/$ScriptsID" | xmllint –xpath '//script/name/text()'2>/dev/null)
# Remove comment from line below to preview
# the results of the deletion command.
echo -e "Deleting $ScriptsName – script ID $ScriptsID."
# Remove comment from line below to actually run
# the deletion command.
#/usr/bin/curl -su ${jamfpro_user}:${jamfpro_password} "${jamfproIDURL}/$ScriptsID" -X DELETE
if [[ $? -eq 0 ]]; then
printf "$ScriptsID\t %s\n" "$ScriptsName" >> "$report_file"
echo -e "\nDeleted $ScriptsName – script ID $ScriptsID.\n"
else
echo -e "\nERROR! Failed to delete $ScriptsName – script ID $ScriptsID.\n"
fi
else
echo "All Jamf Pro IDs are expressed as numbers. The following input is not a number: $ScriptsID"
fi
done < "$filename"
else
echo "Input file does not exist or is not readable"
ERROR=1
fi
if [[ -f "$report_file" ]]; then
echo "Report on deleted scripts available here: $report_file"
fi
exit "$ERROR"

  1. April 16, 2021 at 10:24 pm

    Hi Rich:

    Thanks for the post.

    I thought I’d tell you about something that we’ve been working on for a while now but still aren’t ready to publicly show because we are still making some pretty huge architectural changes behind the scenes. We’ve been writing a generic command-line interface to Jamf Pro called `jctl`. The basic idea of how it will work is you pass in a record type you want to work with and then you can pass in some selectors to limit the records you want to work with and then pass in an action you want to apply to those records, either print (the default action), modify or delete. Creation is also on our to-do list.

    The reason why we wanted to tell you about it is that it can mass-delete anything right now. When this feature was first added mass deletions one of the developers, James Reyolds, accidentally started mass deleting lots of records from his production server. He had to restore my Jamf server from backup. He has since added a lot of things to slow it down and make it more obvious which server is being acted on. He thought he was mass-deleting stuff from my test server but was so excited to test deletions he accidentally left off the flag that switched it to my test server.

    Anyway, we’re far from trying to get users or publicity until we have a more finalized and stable version, else support will be a nightmare at this point, but it is publicly available now. It’s located here:

    https://github.com/univ-of-utah-marriott-library-apple/python-jamf
    https://github.com/univ-of-utah-marriott-library-apple/jctl

    We have it on pip but I think the version there is old.

    Here are some usage examples:

    jctl computers # lists names of all computers

    AutoAdmin-10.14
    Colleen’s MacBook Pro
    Davids Firewire Student
    Gary’s MacBook Air
    biol106-01
    biol106-02
    biol106-03
    biol106-04
    biol106-05

    jctl computers -i 1 # lists name of computer with id 1
    jctl computers -i 1 2 # lists names of computer with ids 1 and 2

    jctl computers -x xserveA # lists name of computer with name xserveA
    jctl computers -x xserveA macproB # lists names of computers with name xserveA and macproA

    jctl computers -r xserve # lists names of computers with that match regex xserve
    jctl computers -r xserve macpro # lists names of computers with that match regex xserve and macpro

    jctl policies -p “general,name” -p “general,enabled” -j # print the name and enabled status of all policies as JSON

    [
    [[“01 – account james”],[“true”]],
    [[“01 – account scholar”],[“true”]],
    [[“01 – account spencer”],[“true”]],
    [[“ASB 308 – HP LaserJet 2300 – Karen Zundel”],[“true”]],
    [[“Biol 083 – HP LaserJet 4000N”],[“true”]],
    [[“Biol 201 – HP LaserJet M604 – Main Office”],[“true”]],
    [[“Biol 202 – HP LaserJet 4650 – Acct Monolith”],[“true”]],
    [[“Biol 221a – HP LaserJet P2015dn – Shannon Nielsen”],[“true”]],
    [[“Install 1Password”],[“true”]],
    [[“Install 4peaks”],[“true”]],
    [[“Install ApE”],[“true”]],
    [[“Install Arduino”],[“true”]],
    [[“Install Arq”],[“true”]],
    [[“Install BBEdit”],[“true”]],
    [[“Install BSLAnalysis”],[“true”]],
    [[“Install Biopac Student Lab”],[“true”]],
    [[“Install BoxDrive”],[“true”]],
    [[“Install BusyCal”],[“true”]],
    [[“Install Chimera”],[“true”]],
    .. CUT
    ]

    jctl policies -s “general,enabled=false” # print names of all policies that are disabled

    jctl policies -l # print detailed information of each computer
    jctl policies -x PolicyX -l # print detailed information of policy named PolicyX

    {‘account_maintenance’: {‘accounts’: {‘size’: ‘0’},
    ‘directory_bindings’: {‘size’: ‘0’},
    ‘management_account’: {‘action’: ‘doNotChange’},
    ‘open_firmware_efi_password’: {‘of_mode’: ‘none’,
    ‘of_password_sha256’: ‘asdf’}},
    ‘disk_encryption’: {‘action’: ‘none’},
    ‘dock_items’: {‘size’: ‘0’},
    ‘files_processes’: {‘delete_file’: ‘false’,
    ‘kill_process’: ‘false’,
    ‘locate_file’: None,
    ‘run_command’: None,
    ‘search_by_path’: None,
    ‘search_for_process’: None,
    ‘spotlight_search’: None,
    ‘update_locate_database’: ‘false’},
    ‘general’: {‘category’: {‘id’: ‘180’, ‘name’: ’01 – Delay Auto login’},
    ‘date_time_limitations’: {‘activation_date’: None,
    ‘activation_date_epoch’: ‘0’,
    ‘activation_date_utc’: None,
    ‘expiration_date’: None,
    ‘expiration_date_epoch’: ‘0’,
    ‘expiration_date_utc’: None,
    ‘no_execute_end’: None,
    ‘no_execute_on’: None,
    ‘no_execute_start’: None},
    ‘enabled’: ‘true’,
    ‘frequency’: ‘Ongoing’,
    … CUT

    And mass deletion:

    jctl policies -s “general,enabled=false” –rm # delete all policies that are disabled

    Currently supported records:

    advancedcomputersearches, advancedmobiledevicesearches, advancedusersearches, buildings, byoprofiles, categories, classes, computerconfigurations, computerextensionattributes, computergroups, computerreports, computers, departments, directorybindings, diskencryptionconfigurations, distributionpoints, dockitems, ebooks, ibeacons, jsonwebtokenconfigurations, ldapservers, licensedsoftware, macapplications, managedpreferenceprofiles, mobiledeviceapplications, mobiledevicecommands, mobiledeviceconfigurationprofiles, mobiledeviceenrollmentprofiles, mobiledeviceextensionattributes, mobiledeviceinvitations, mobiledeviceprovisioningprofiles, mobiledevices, netbootservers, networksegments, osxconfigurationprofiles, packages, patchexternalsources, patchinternalsources, patchpolicies, patchsoftwaretitles, peripherals, peripheraltypes, policies, printers, removablemacaddresses, restrictedsoftware, scripts, sites, softwareupdateservers, userextensionattributes, usergroups, users, vppaccounts, vppassignments, vppinvitations, webhooks

    We’ve added the ability to update records using JSON but we haven’t committed those changes to GitHub yet. It also can also print all packages and show which policies are using those packages (this is an easy way to see what packages aren’t being used).

    Updating looks something like this (a simple string):

    jctl policies -x Name -u “general,category,name=Some Name”

    Or (JSON):

    jctl policies -x Name -u ‘maintenance=[[{“recon”: “false”, “reset_name”: “false”, “install_all_cached_packages”: “false”, “heal”: “false”, “prebindings”: “false”, “permissions”: “false”, “byhost”: “false”, “system_cache”: “false”, “user_cache”: “false”, “verify”: “false”}]]’

    James is working on a way to easily create records. And also working on a way to cross-reference all patchsoftwaretitles with packages and if a package matches the patch software title and the version to automatically assign it. This is the ultimate goal of the project, to be able to swap old packages to new packages from the command line no matter where they’re found, smart group, policy, or patch. And we want to be able to do it selectively and in bulk.

  2. Richard Glaser
    April 16, 2021 at 10:26 pm

    Hi Rich:

    Thanks for the post, and great first name BTW.

    I thought I’d tell you about something that we’ve been working on for a while now but still aren’t ready to publicly show because we are still making some pretty huge architectural changes behind the scenes. We’ve been writing a generic command-line interface to Jamf Pro called `jctl`. The basic idea of how it will work is you pass in a record type you want to work with and then you can pass in some selectors to limit the records you want to work with and then pass in an action you want to apply to those records, either print (the default action), modify or delete. Creation is also on our to-do list.

    The reason why we wanted to tell you about it is that it can mass-delete anything right now. When this feature was first added mass deletions one of the developers, James Reyolds, accidentally started mass deleting lots of records from his production server. He had to restore my Jamf server from backup. He has since added a lot of things to slow it down and make it more obvious which server is being acted on. He thought he was mass-deleting stuff from my test server but was so excited to test deletions he accidentally left off the flag that switched it to my test server.

    Anyway, we’re far from trying to get users or publicity until we have a more finalized and stable version, else support will be a nightmare at this point, but it is publicly available now. It’s located here:

    https://github.com/univ-of-utah-marriott-library-apple/python-jamf
    https://github.com/univ-of-utah-marriott-library-apple/jctl

    We have it on pip but I think the version there is old.

    Here are some usage examples:

    jctl computers # lists names of all computers

    AutoAdmin-10.14
    Colleen’s MacBook Pro
    Davids Firewire Student
    Gary’s MacBook Air
    biol106-01
    biol106-02
    biol106-03
    biol106-04
    biol106-05

    jctl computers -i 1 # lists name of computer with id 1
    jctl computers -i 1 2 # lists names of computer with ids 1 and 2

    jctl computers -x xserveA # lists name of computer with name xserveA
    jctl computers -x xserveA macproB # lists names of computers with name xserveA and macproA

    jctl computers -r xserve # lists names of computers with that match regex xserve
    jctl computers -r xserve macpro # lists names of computers with that match regex xserve and macpro

    jctl policies -p “general,name” -p “general,enabled” -j # print the name and enabled status of all policies as JSON

    [
    [[“01 – account james”],[“true”]],
    [[“01 – account scholar”],[“true”]],
    [[“01 – account spencer”],[“true”]],
    [[“ASB 308 – HP LaserJet 2300 – Karen Zundel”],[“true”]],
    [[“Biol 083 – HP LaserJet 4000N”],[“true”]],
    [[“Biol 201 – HP LaserJet M604 – Main Office”],[“true”]],
    [[“Biol 202 – HP LaserJet 4650 – Acct Monolith”],[“true”]],
    [[“Biol 221a – HP LaserJet P2015dn – Shannon Nielsen”],[“true”]],
    [[“Install 1Password”],[“true”]],
    [[“Install 4peaks”],[“true”]],
    [[“Install ApE”],[“true”]],
    [[“Install Arduino”],[“true”]],
    [[“Install Arq”],[“true”]],
    [[“Install BBEdit”],[“true”]],
    [[“Install BSLAnalysis”],[“true”]],
    [[“Install Biopac Student Lab”],[“true”]],
    [[“Install BoxDrive”],[“true”]],
    [[“Install BusyCal”],[“true”]],
    [[“Install Chimera”],[“true”]],
    .. CUT
    ]

    jctl policies -s “general,enabled=false” # print names of all policies that are disabled

    jctl policies -l # print detailed information of each computer
    jctl policies -x PolicyX -l # print detailed information of policy named PolicyX

    {‘account_maintenance’: {‘accounts’: {‘size’: ‘0’},
    ‘directory_bindings’: {‘size’: ‘0’},
    ‘management_account’: {‘action’: ‘doNotChange’},
    ‘open_firmware_efi_password’: {‘of_mode’: ‘none’,
    ‘of_password_sha256’: ‘asdf’}},
    ‘disk_encryption’: {‘action’: ‘none’},
    ‘dock_items’: {‘size’: ‘0’},
    ‘files_processes’: {‘delete_file’: ‘false’,
    ‘kill_process’: ‘false’,
    ‘locate_file’: None,
    ‘run_command’: None,
    ‘search_by_path’: None,
    ‘search_for_process’: None,
    ‘spotlight_search’: None,
    ‘update_locate_database’: ‘false’},
    ‘general’: {‘category’: {‘id’: ‘180’, ‘name’: ’01 – Delay Auto login’},
    ‘date_time_limitations’: {‘activation_date’: None,
    ‘activation_date_epoch’: ‘0’,
    ‘activation_date_utc’: None,
    ‘expiration_date’: None,
    ‘expiration_date_epoch’: ‘0’,
    ‘expiration_date_utc’: None,
    ‘no_execute_end’: None,
    ‘no_execute_on’: None,
    ‘no_execute_start’: None},
    ‘enabled’: ‘true’,
    ‘frequency’: ‘Ongoing’,
    … CUT

    And mass deletion:

    jctl policies -s “general,enabled=false” –rm # delete all policies that are disabled

    Currently supported records:

    advancedcomputersearches, advancedmobiledevicesearches, advancedusersearches, buildings, byoprofiles, categories, classes, computerconfigurations, computerextensionattributes, computergroups, computerreports, computers, departments, directorybindings, diskencryptionconfigurations, distributionpoints, dockitems, ebooks, ibeacons, jsonwebtokenconfigurations, ldapservers, licensedsoftware, macapplications, managedpreferenceprofiles, mobiledeviceapplications, mobiledevicecommands, mobiledeviceconfigurationprofiles, mobiledeviceenrollmentprofiles, mobiledeviceextensionattributes, mobiledeviceinvitations, mobiledeviceprovisioningprofiles, mobiledevices, netbootservers, networksegments, osxconfigurationprofiles, packages, patchexternalsources, patchinternalsources, patchpolicies, patchsoftwaretitles, peripherals, peripheraltypes, policies, printers, removablemacaddresses, restrictedsoftware, scripts, sites, softwareupdateservers, userextensionattributes, usergroups, users, vppaccounts, vppassignments, vppinvitations, webhooks

    We’ve added the ability to update records using JSON but we haven’t committed those changes to github yet. It also can also print all packages and show which policies are using those packages (this is an easy way to see what packages aren’t being used).

    Updating looks something like this (a simple string):

    jctl policies -x Name -u “general,category,name=Some Name”

    Or (JSON):

    jctl policies -x Name -u ‘maintenance=[[{“recon”: “false”, “reset_name”: “false”, “install_all_cached_packages”: “false”, “heal”: “false”, “prebindings”: “false”, “permissions”: “false”, “byhost”: “false”, “system_cache”: “false”, “user_cache”: “false”, “verify”: “false”}]]’

    James is working on a way to easily create records. And also working on a way to cross-reference all patchsoftwaretitles with packages and if a package matches the patch software title and the version to automatically assign it. This is the ultimate goal of the project, to be able to swap old packages to new packages from the command line no matter where they’re found, smart group, policy, or patch. And we want to be able to do it selectively and in bulk.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: