Archive

Archive for May, 2021

Using the Jamf Pro API to send device lock commands via MDM to multiple Macs

May 28, 2021 Leave a comment

Most Mac admins have had this conversation at one point or another over the course of their careers:

“$Very Important Person left their Mac behind in a cab! What do we do?”
“OK, no worries. We can send a command to lock the computer or have it erase itself. Do you want it locked or wiped?”

At that point, the admin pulls up their MDM admin console and depending on what the response was (lock or wipe), send out the appropriate MDM command accompanied by a PIN code. Once received, the Mac will then turn itself into a paperweight which does or doesn’t erase itself.

Doing these one at a time is a pretty straightforward process. For example, here’s how it looks in Jamf Pro to send a device lock command via MDM:

1. Log into Jamf Pro using an account which can send lock commands via MDM.
2. Go to the appropriate computer inventory record.

Screen Shot 2021 05 28 at 2 48 00 PM

3. Select the Management tab.

Screen Shot 2021 05 28 at 2 48 01 PM

4. In the Management Commands section of the Management tab, click the Lock Computer button.

Screen Shot 2021 05 28 at 1 57 43 PM

5. Enter the PIN code which will later be used to unlock the Mac. If desired, you can also enter a message which will appear on the lock screen.

Screen Shot 2021 05 28 at 1 58 56 PM

6. Click the Lock Computer button.

Screen Shot 2021 05 28 at 1 58 57 PM

7. Click the OK button in the confirmation window.

Screen Shot 2021 05 28 at 1 59 42 PM

 

Once the device lock command has been sent, the Lock Computer button’s text should temporarily change to Command Sent.

Screen Shot 2021 05 28 at 1 59 49 PM

 

For a small number of machines (10 or less), the method outlined above works fine. But once you get beyond that number, this process gets time-consuming and unwieldy. Fortunately, there is also a way to use the Jamf Pro Classic API to send device lock commands. For more details, please see below the jump.

Read more…

Using curl for telnet testing on macOS High Sierra and later

May 23, 2021 Leave a comment

As part of introducing macOS High Sierra, Apple removed the telnet tool from macOS. This was part of Apple’s overall effort to improve security, as telnet does not use encryption and its traffic can be intercepted and read. However, telnet did (and does) serve a useful function as a quick way to check if it is possible to connect to a remote server on a particular port.

While there are alternative tools available for this task (like netcat), it’s also possible to still create a telnet connection on macOS using another tool: curl

For more details, please see below the jump.

Read more…

Categories: Mac administration, macOS

Blocking account logins to the ?failover login page on Jamf Pro

May 21, 2021 1 comment

As part of Jamf Pro’s single-sign on (SSO) logins, there’s an option to bypass the SSO login using the following URL:

https://your.jamf.pro.server.here:8443/?failover

Screen Shot 2021 05 21 at 11 02 14 AM

This URL is designed to let you bypass the SSO login page and take you to Jamf Pro’s own login, so that if your SSO provider is having a bad day, you can still log into your Jamf Pro server.

For those wanting to make sure that that their folks are only using SSO for logins, this can seem like a security hole. Fortunately, there’s a way to plug it. For more details, please see below the jump.

Read more…

Categories: Jamf Pro

AutoPkg repo and logfile cleanup scripts for use with autopkg-conductor

May 14, 2021 Leave a comment

As part of running autopkg-conductor over a long period of time, you may see a large percentage of disk space used on the Mac where you’re running AutoPkg and autopkg-conductor. This is because AutoPkg doesn’t remove older files from ~/Library/AutoPkg/Cache and autopkg-conductor does not remove older logfiles from ~/Library/Logs. To assist with this issue, I’ve written a couple of scripts. For more details, please see below the jump.

Read more…

Using Signing Manager with autopkg-conductor

May 12, 2021 Leave a comment

I’ve recently been working with Twocanoes Software’s Signing Manager in combination with my autopkg-conductor tool for managing AutoPkg runs. I’m happy to report it’s possible, but you may need to make some adjustments to how autopkg-conductor is being launched. For more details, please see below the jump.

Read more…

Using VLC to convert a video to play at twice normal speed

May 9, 2021 1 comment

As part of preparing for an upcoming talk, I’m working on a presentation which includes a video. As part of adding the video to my Keynote slides I thought that increasing the playback speed would help with the pacing of the talk but I didn’t see a way in Keynote to have that happen as part of the video’s playback without having to manually run the video.

After some research, I found a straightforward way to use the open-source VLC video tool to double the playback speed of a video and save the changes. For more details, please see below the jump.

Read more…

Categories: Documentation
%d bloggers like this: