Archive
Using the Jamf Pro API to send device lock commands via MDM to multiple Macs
Most Mac admins have had this conversation at one point or another over the course of their careers:
“$Very Important Person left their Mac behind in a cab! What do we do?”
“OK, no worries. We can send a command to lock the computer or have it erase itself. Do you want it locked or wiped?”
At that point, the admin pulls up their MDM admin console and depending on what the response was (lock or wipe), send out the appropriate MDM command accompanied by a PIN code. Once received, the Mac will then turn itself into a paperweight which does or doesn’t erase itself.
Doing these one at a time is a pretty straightforward process. For example, here’s how it looks in Jamf Pro to send a device lock command via MDM:
1. Log into Jamf Pro using an account which can send lock commands via MDM.
2. Go to the appropriate computer inventory record.
3. Select the Management tab.
4. In the Management Commands section of the Management tab, click the Lock Computer button.
5. Enter the PIN code which will later be used to unlock the Mac. If desired, you can also enter a message which will appear on the lock screen.
6. Click the Lock Computer button.
7. Click the OK button in the confirmation window.
Once the device lock command has been sent, the Lock Computer button’s text should temporarily change to Command Sent.
For a small number of machines (10 or less), the method outlined above works fine. But once you get beyond that number, this process gets time-consuming and unwieldy. Fortunately, there is also a way to use the Jamf Pro Classic API to send device lock commands. For more details, please see below the jump.
Using curl for telnet testing on macOS High Sierra and later
As part of introducing macOS High Sierra, Apple removed the telnet tool from macOS. This was part of Apple’s overall effort to improve security, as telnet does not use encryption and its traffic can be intercepted and read. However, telnet did (and does) serve a useful function as a quick way to check if it is possible to connect to a remote server on a particular port.
While there are alternative tools available for this task (like netcat), it’s also possible to still create a telnet connection on macOS using another tool: curl
For more details, please see below the jump.
Blocking account logins to the ?failover login page on Jamf Pro
As part of Jamf Pro’s single-sign on (SSO) logins, there’s an option to bypass the SSO login using the following URL:
https://your.jamf.pro.server.here:8443/?failover
This URL is designed to let you bypass the SSO login page and take you to Jamf Pro’s own login, so that if your SSO provider is having a bad day, you can still log into your Jamf Pro server.
For those wanting to make sure that that their folks are only using SSO for logins, this can seem like a security hole. Fortunately, there’s a way to plug it. For more details, please see below the jump.
AutoPkg repo and logfile cleanup scripts for use with autopkg-conductor
As part of running autopkg-conductor over a long period of time, you may see a large percentage of disk space used on the Mac where you’re running AutoPkg and autopkg-conductor. This is because AutoPkg doesn’t remove older files from ~/Library/AutoPkg/Cache and autopkg-conductor does not remove older logfiles from ~/Library/Logs. To assist with this issue, I’ve written a couple of scripts. For more details, please see below the jump.
Using Signing Manager with autopkg-conductor
I’ve recently been working with Twocanoes Software’s Signing Manager in combination with my autopkg-conductor tool for managing AutoPkg runs. I’m happy to report it’s possible, but you may need to make some adjustments to how autopkg-conductor is being launched. For more details, please see below the jump.
Using VLC to convert a video to play at twice normal speed
As part of preparing for an upcoming talk, I’m working on a presentation which includes a video. As part of adding the video to my Keynote slides I thought that increasing the playback speed would help with the pacing of the talk but I didn’t see a way in Keynote to have that happen as part of the video’s playback without having to manually run the video.
After some research, I found a straightforward way to use the open-source VLC video tool to double the playback speed of a video and save the changes. For more details, please see below the jump.
Der Flounder 
Recent Comments