Archive

Archive for the ‘Jamf Pro’ Category

Checking the SSL certificate used by an Active Directory domain controller

March 19, 2019 2 comments

Yesterday, Jamf sent out the following notification in advance of the release of Jamf Pro 10.11.0:

One part of the message which caused some concern is this section:

Additionally, any LDAP server connections using LDAPS will require that the hostname of the LDAP server match the Common Name (CN) on the certificate that is uploaded to the Jamf Pro Server. A mismatch will prevent communication between the LDAP server and Jamf Pro Server.

What’s being referred to here is what’s known as an SSL hostname mismatch error, which is a sign that the SSL certificate being used to secure the connection isn’t configured correctly. But how can you tell with the SSL certificate used on an Active Directory domain controller? For more details, please see below the jump.

Read more…

Providing access to macOS software updates via Jamf Pro’s Self Service

February 5, 2019 9 comments

For a number of OS releases, Apple made both macOS software updates and Mac App Store (MAS) updates available via the MAS Updates page. I was able to use this to provide an easy way for customers to check for available software updates using Jamf Pro’s Self Service

As of macOS Mojave though, Apple moved macOS software updates to the Software Update preference pane in System Preferences.

Screen Shot 2019 02 05 at 10 56 41 AM

Opening the Software Update preference pane will automatically trigger a check for available macOS updates, so it’s possible to approximate the previous behavior by running the following command without root privileges:

open /System/Library/PreferencePanes/SoftwareUpdate.prefPane

When this command is run via the command line, the following actions take place:

  1. System Preferences launches
  2. The Software Update preference pane automatically loads
  3. The Mac automatically checks for macOS updates.

For folks using Jamf Pro, this command can be leveraged to provide a way for customers to easily check for macOS software updates on their own schedule. For more details, see below the jump.

Read more…

Backing up macOS management policies from Jamf Pro

December 21, 2018 1 comment

When working with computer management policies on Jamf Pro, especially more complex policies, I prefer to download then and back them up to GitHub or a similar internal source control tool. The reasons I do this are the following:

  1. I have an off-server backup for the policies
  2. I can track changes to the groups
  3. If needed, I can make a change to a policy and upload via the API instead of having to edit in the web console.

Up until recently, I didn’t have a good process for handling this but after some work, I was able to build a script which does the following:

  1. If any policies were previously downloaded, back up existing downloaded policies into a .zip file
  2. Download the policy information as XML
  3. Properly format the downloaded XML
  4. Identify the display name of the policy.
  5. Identify the category of the policy.
  6. Save the downloaded XML as Policy Name Here.xml to a specified download directory, based on the category that the policy is in.

The reason the script archives previously downloaded policies are the following:

  1. In case something goes wrong with the download, I still have the previously archived copy.
  2. The script can clear out the existing download directory and have only the latest version of the policy stored inside.

For more details, please see below the jump.

Read more…

Backing up extension attributes from Jamf Pro

December 20, 2018 Leave a comment

While working with extension attributes on Jamf Pro, I prefer to download then and back them up to GitHub or a similar internal source control tool. The reasons I do this are the following:

  1. I have an off-server backup for the extension attributes
  2. I can track changes to the extension attributes

To help me manage this, I have two scripts which do the following:

  1. Use the Jamf Pro API to identify the Jamf Pro ID numbers of the extension attributes.
  2. Download each extension attribute as an XML file using its Jamf Pro ID number.
  3. Format the downloaded XML.
  4. Identify the display name of the extension attribute.
  5. Identify if it was a String, Integer or Date extension attribute.
  6. If it’s a macOS or Windows extension attribute and it has a script, extract the script.
  7. Save the downloaded XML or script as Extension Attribute Name Here to a specified download directory, based on whether it was a String, Integer or Date extension attribute.

For more details, please see below the jump.

Read more…

Backing up macOS scripts from Jamf Pro

December 8, 2018 1 comment

When working with scripts for managing Macs on Jamf Pro, I prefer to download then and back them up to GitHub or a similar internal source control tool. The reason I do this is the following:

  1. I have an off-server backup for the scripts
  2. I can track changes to the scripts

While I’ve usually had copies of the scripts stored elsewhere, sometimes I would make changes to the scripts on Jamf Pro and then not update the offline copy of the scripts with my changes. Being able to download them from my Jamf Pro server would mean that I could always have a copy of the latest version of the script in production.

To help me with this, I’ve written a script to do the following:

  1. Use the Jamf Pro API to identify the Jamf Pro ID numbers of the scripts.
  2. Download each script using its Jamf Pro ID number as raw XML.
  3. Format the downloaded XML
  4. Identify the display name of the script
  5. Extract the script from the downloaded XML
  6. Save the script as Display Name Goes Here to a specified download directory.

For more details, please see below the jump.

Read more…

Backing up smart and static groups from Jamf Pro

November 23, 2018 Leave a comment

When working with smart and static groups on Jamf Pro, especially more complex smart groups, I prefer to download then and back them up to GitHub or a similar internal source control tool. The reasons I do this are the following:

  1. I have an off-server backup for the groups
  2. I can track changes to the groups
  3. If needed, I can make a change to a smart group and upload via the API instead of having to edit in the web console.

Up until recently, I didn’t have a good process for handling this but I was able to develop a way as part of working with an engineer from Jamf. After some work, I was able to build two scripts which do the following:

  1. Use the Jamf Pro API to identify the Jamf Pro ID numbers of the smart and static groups.
  2. Download each group as an XML file using its Jamf Pro ID number.
  3. Format the downloaded XML.
  4. Identify the display name of the group.
  5. Identify if it was a smart or static group.
  6. Save the downloaded XML as Group Name Here.xml to a specified download directory, based on whether it was a smart or static group.

For more details, please see below the jump.

Read more…

Backing up configuration profiles from Jamf Pro

November 15, 2018 5 comments

When working with configuration profiles on Jamf Pro, I prefer to download and back them up to GitHub or a similar internal source control tool. The reasons I do this are the following:

  1. I have an off-server backup for the profiles
  2. I can track changes to the profiles

Up until recently, this had been a manual process for me where I would download the profiles in question from the server and then upload them to my source control tool.

My process looked like this:

1. Download the profiles from the Jamf Pro server using the Download button.

Screen Shot 2018 11 15 at 3 47 35 PM

2. Remove the code-signing and formatting the profile using a process similar to the one described in the link below:

https://macmule.com/2015/11/16/making-downloaded-jss-configuration-profiles-readable/

3. Move the profile to the correct directory in my source control repo.
4. Review changes and commit to the repo.

However, as I’ve started using profiles more, this process got cumbersome and I wanted to automate at least the download part of the process. After some work, I was able to build two scripts which do the following:

  1. Use the Jamf Pro API to identify the Jamf Pro ID numbers of the configuration profiles.
  2. Download each profile using its Jamf Pro ID number
  3. Decode and format the profile
  4. Identify the display name of the profile
  5. Save the profile as Display Name Here.mobileconfig to a specified download directory.

For more details, please see below the jump.

Read more…

%d bloggers like this: