Archive

Archive for the ‘Jamf Pro’ Category

Backing up a Jamf Pro database hosted in Amazon Web Services’ RDS service to an S3 bucket

February 16, 2020 Leave a comment

For those using Amazon Web Services to host Jamf Pro, one of the issues you may run into is how to get backups of your Jamf Pro database which you can access. AWS’s RDS service makes backups of your database to S3, but you don’t get direct access to the S3 bucket where they’re stored.

In the event that you want a backup that you can access of your RDS-hosted MySQL database, Amazon provides the option for exporting a database snapshot to an S3 bucket in your AWS account. This process will export your data in Apache Parquet format instead of a MySQL database export file.

However, it’s also possible to create and use an EC2 instance to perform the following tasks:

  1. Connect to your RDS-hosted MySQL database.
  2. Create a backup of your MySQL database using the mysqldump tool.
  3. Store the backup in an S3 bucket of your choosing.

For more details, please see below the jump.

Read more…

A beginner’s guide to the Jamf Pro Classic API

January 2, 2020 2 comments

When working with Jamf Pro, one way to save yourself a lot of clicking in the admin console is to use one of the two current Jamf Pro APIs. Both APIs are REST APIs, which means they can perform requests and receive responses via HTTP protocols like GET, PUT, POST and DELETE. That means that the curl tool can be used to send commands to and receive information from a Jamf Pro server.

The two APIs are as follows:

  • Classic API
  • Jamf Pro API (formerly known as the Universal API)

Classic API

This API is the original one which Jamf Pro started with and it is slated for eventual retirement. This API is designed to work with XML and JSON.

The base URL for the Classic API is located at /JSSResource on your Jamf Pro server. If your Jamf Pro server is https://server.name.here:8443, that means that the API base URL is as follows:

https://server.name.here:8443/JSSResource

To help you become familiar with the API, Jamf includes documentation and “Try it out” functionality at the following URL on your Jamf Pro server:

https://server.name.here:8443/api

The Classic API is designed to work with usernames and passwords for authentication, with the username and password being passed as part of the curl command.

Examples: https://developer.jamf.com/apis/classic-api/index

Jamf Pro API

This API is in beta and is designed to be an eventual replacement for the Classic API. This API is designed to work with JSON.

The base URL for the Jamf Pro API is located at /uapi on your Jamf Pro server. If your Jamf Pro server is https://server.name.here:8443, that means that the API base URL is as follows:

https://server.name.here:8443/uapi

To help you become familiar with the API, Jamf includes documentation and “Try it out” functionality at the following URL on your Jamf Pro server:

https://server.name.here:8443/uapi/docs

The Jamf Pro API is designed to work with token-based authentication, with a Jamf Pro username and password used to initially generate the necessary token. These tokens are time-limited and expire after 30 minutes. However, you can generate a new token for API authentication using the existing token’s credentials. The new token generation process does the following:

  1. Creates a new token with the same access rights as the existing token.
  2. Invalidates the existing token.

Jamf Pro API examples: https://developer.jamf.com/apis/jamf-pro-api/index

For more details, please see below the jump.

Read more…

Categories: Jamf Pro, Jamf Pro API

Enabling or disabling all Jamf Pro policies using the API

December 16, 2019 Leave a comment

Every so often, it may be useful to be able to enable or disable all of your current Jamf Pro policies. In those cases, depending on how many policies you have, it can be tedious to have to do them one at a time using the admin console.

However, with the right API calls in a script, it’s straightforward to perform these tasks using the Jamf Pro API. For more information, please see below the jump.

Read more…

Identifying Self Service policies with missing icons

November 25, 2019 Leave a comment

As part of setting up Self Service policies in Jamf Pro, the usual practice is to include an icon to help the user distinguish between various Self Service policies.

Screen Shot 2019 11 25 at 12 02 35 PM

However, when copying policy information via the API, a Self Service policy’s icon is sometimes not copied along with the rest of the policy. When this happens, it can be hard to figure this out later which ones were missed.

To help with situations like this, I have a script which does the following:

  1. Checks all policies on a Jamf Pro server.
  2. Identifies which ones are Self Service policies which do not have icons
  3. Displays a list of the relevant policies

For more details, please see below the jump.

Read more…

Identifying vendors of installed Java JDKs using Jamf Pro

November 24, 2019 Leave a comment

Since Oracle’s license change for Java 11 and later took effect in October 2018, where Oracle announced that they would now be charging for the production use of Oracle’s Java 11 and later, the number of open source (and free) OpenJDK distributions has increased dramatically.

Before the license change, most Mac admins would only install Oracle Java on those Macs which needed Java. Now, the list of available vendors has broadened to include the following:

Note: There may be even more OpenJDK distributions available for macOS, but these are the ones I know of.

To help Jamf Pro admins keep track of which vendors’ Java distributions are installed on their Macs, I’ve written a Jamf Pro Extension Attribute to help identify them. For more details, please see below the jump.

Read more…

Identifying Self Service policies with blank descriptions

September 16, 2019 Leave a comment

As part of setting up Self Service policies in Jamf Pro, it’s nice to include a description for your customers of what they’re getting when they select a particular Self Service policy.

Screen Shot 2019 09 16 at 2 37 05 PM

However, sometimes folks forget to add these descriptions and it can be hard to figure this out later which ones were missed without manually checking each policy.

Screen Shot 2019 09 16 at 2 16 38 PM

To help with situations like this, I have a script which does the following:

  1. Checks all policies on a Jamf Pro server.
  2. Identifies which ones are Self Service policies which do not have descriptions
  3. Displays a list of the relevant policies

For more details, please see below the jump.

Read more…

Monitoring Jamf Infrastructure Managers on Red Hat Enterprise Linux

August 23, 2019 Leave a comment

A vital component of a Jamf Pro server setup is usually its LDAP connection to a directory service (usually an Active Directory server.) This connection allows the Jamf Pro server to not only leverage the directory service’s users and groups, but also automatically populate information about the owner of the device by doing a lookup in LDAP as part of a computer‘s or mobile device’s inventory update and assist with providing user-specific policies in Self Service.

As more folks move from using self-hosted Jamf Pro servers to now having Jamf host them in Jamf Cloud, this LDAP connection usually requires an LDAP proxy in order to securely connect a Jamf Cloud-hosted Jamf Pro instance to a company’s internally-hosted directory service. Jamf provides an LDAP proxy for this purpose in the form of the Jamf Infrastructure Manager (JIM). 

Because the LDAP connection is so vital, it’s just as vital that the JIM stay up and working all the time. To assist with this, I’ve written some scripts to assist with monitoring and reporting for a JIM running on Red Hat Enterprise Linux. For more details, please see below the jump.

Read more…

%d bloggers like this: