krypted.com

Tiny Deathstars of Foulness

Built a quick extension attribute for Jamf Pro environments to check if TouchID is enabled and report back a string in $result – this could easily be modified and so I commented a few pointers for environments that might need to modify it (e.g. to check for user-level as it’s currently system-level). To see/have the code, check https://github.com/krypted/TouchID_check.

January 18th, 2017

Posted In: JAMF, Mac Security

Tags: , , , , , , ,

Leave a Comment

The last JamfNation User Conference, or JNUC for short, was far and away the biggest and best. It was packed though, and given the year-over-year increase in people attending, the conference is being moved to the Hyatt Regency in downtown Minneapolis.

For more information on or to early-bird register for JNUC 2017, visit the official JNUC page.

screen-shot-2016-12-14-at-9-59-38-am

I’ll certainly be there, and I look forward to seeing all of you again and meeting all the newcomers this year, as well as getting a recording going of the MacAdmins Podcast while we’re all together!

December 11th, 2016

Posted In: JAMF, Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast

November 22nd, 2016

Posted In: JAMF, MacAdmins Podcast

Tags: , , ,

The jamf binary can grab a list of printers. It’s easy:

sudo jamf listprinters

The output looks like this:

MSP Lobby HP
MSP_Lobby
Lobby
lpd://192.168.12.201/
HP 6490 C5250 PS

If you have more printers, you’ll see more in the list!

October 22nd, 2016

Posted In: JAMF

Tags:

To quote the good people in JAMF marketing:

You may have heard that JNUC 2016 is sold out! We don’t want you to miss out, and to give you a glimpse at what the JNUC is all about, we’re thrilled to announce that the JNUC 2016 Keynotes will be available via Livestream for the first time ever! Featuring JAMF CEO Dean Hager and industry leaders who will share their experiences, challenges and lessons learned using Apple and Casper Suite to enable their employees and students, they’re not to be missed.

In our Apple Management Redefined Keynote on day one, JAMF will unveil more Apple management functionality than ever before – so much so that you may not recognize your old friend Casper (our flagship product). Witness significant enhancements to patch management, a completely new Self Service, and more functionality that will forever change the way you work. Add Tuesday’s JNUC Keynote to your calendar.

Driven by the goal to empower people with Apple technology that puts users first, A Users First Mentality Keynote on day 2 will feature IBM, Shawnee Heights School District, La Crosse School District and the University of California – San Diego, giving you key insight into how these organizations are transforming the way business, education and healthcare are done. Add Wednesday’s JNUC Keynote to your calendar.

Add to your calendar now

October 12th, 2016

Posted In: JAMF

In case you’re using DEP and haven’t noticed this, you need to accept the latest terms of service in the Apple license agreement for DEP if you’re going to continue using the service. I don’t usually post emails I get from Apple, but I can easily see orgs using accounts that don’t have email flowing to anyone that is capable of responding, so I strongly recommend you go in and accept the latest and greatest agreements so your stuff doesn’t break!

Here’s the email I got from Apple:

Apple Deployment Programs

Thank you for participating in the Device Enrollment Program. On September 13 Apple will release updated software license agreements. Your Program Agent must go to the deployment website and accept the following agreements to continue to use the program:

  • iOS 10 Software License Agreement
  • Software License Agreement for macOS Sierra

For more information please see this support article:https://support.apple.com/kb/HT203063.

Note: If you’re using Casper, then the errors you’ll see will be something along the lines of:

Unable to Contact https://mdmenrollment.apple.com

September 12th, 2016

Posted In: iPhone, JAMF, Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast

Tags: , , , , ,

Screen Shot 2016-08-02 at 10.22.20 AM

Casper 9.93 is now available, with a host of new features. These include:

  • Fixed a lot (and I mean a lot) of product issues!
  • Added Single Sign-On (SSO) with SAML 2.0: Logging into the JSS without clicking on anything is just awesome.
  • Added Webhooks: Scripted, triggered access to the events API.
  • LDAP Proxy Server: Can run on our new Infrastructure Manager service on Linux and creates a tunnel between a customer location and a JSS if the JSS doesn’t have LAN access to a directory service.
  • Patch Reporting for Computers: Now, Casper includes automatically generated reports for some common third-party OS X software packages, so you can better scope policies around machines with out-of-date software packages. These can be exported into a variety of formats.
  • Self Service Mobile for iOS: Automatically remove apps that are installed option.
  • New Localization options for French, German, Japanese, and Chinese. Enhanced Language Support in Self Service
  • Import multiple classes from Apple School Manager.
  • OS X Configuration Profiles: Added IKEv2, Disable Apple ID setup during login, enabling proxies in the Proxies payload.
  • iOS Configuration Profile Enhancements: Added Allow screenshots and screen recording, Allow voice dialing while device is locked, Allow Apple Music, Allow Radio, Accept Cookies, Google Accounts, and OS X Server Accounts.
  • Smart group and advanced search criteria were added for iOS 9.3 lost mode status, length of time a device has been in lost mode, and applications in the catalog for patch management.

And of course, there’s moar scalability! 🙂

For more, see https://jamfnation.jamfsoftware.com/featureRequests.html?releaseID=138

Congrats to everyone involved in this one, it’s a pretty massive update and required a lot of work!

August 2nd, 2016

Posted In: JAMF

Tags: , ,

There’s a new JSS companion tool, called JSS MUT, which allows you to perform mass actions based on a CSV. Basically, set fields and enforce mobile device names (becoming a very common need out there). If you’re a JSS admin, it’s a nice tool, and a big should out to Michael Levenick for making it free!

5860001_orig

Official website is at http://jssmut.weebly.com.

Hat tip to Trey Howell for clueing us in! 🙂

July 18th, 2016

Posted In: JAMF

Tags: , , , , ,

Looks like Sal et al posted a suite of Automator Actions to link the Casper Suite to Apple Configurator at https://configautomation.com/jamf-actions.html. In my limited tests so far they work pretty darn well!

Screen Shot 2016-07-14 at 12.09.27 PM

Some pretty cool things here, like having the JSS rename a mobile device when managed through Apple Configurator, having Apple Configurator instruct the JSS to remove a device from a group, clear passcodes, update inventory, and other common tasks involved in workflows when leveraging Apple Configurator for en masse device management. Good stuff!

July 14th, 2016

Posted In: Apple Configurator, iPhone, JAMF

Tags: , , , , , ,

The JSS has the ability to upload multiple .vpptokens, and using those, you can upload separate tokens for sites and then provide App Store apps to different sites based on each having some autonomy by having their own token. This is a pretty cool feature. And using the GUI, you can see when each token expires. You can also see a list of tokens using the API. To see a full list of all the tokens, we’ll just use a basic curl command here:

curl -s -u myuser:mypassword https://kryptedjamf.jamfcloud.com/JSSResource/vppaccounts

This provides an array of output that has the number of tokens in <size> and the id of each along with their name in <id> and <name> respectively, as follows

<?xml version="1.0" encoding="UTF-8"?><vpp_accounts><size>2</size><vpp_account><id>2</id><name>test</name></vpp_account><vpp_account><id>3</id><name>test2</name></vpp_account></vpp_accounts>

Once you know the id of a token, you can pull a bunch of information about that token using the following command:

curl -s -u myuser:mypassword https://kryptedjamf.jamfcloud.com/JSSResource/vppaccounts/id/2

The output would be as follows, with the expiration_date indicated:

<?xml version="1.0" encoding="UTF-8"?><vpp_account><id>2</id><name>test</name><contact/><service_token>xxxxxxxxxxyyyyyyyyyyyzzzzzzzzzaaaaaaaabbbbbbbbbbccccccc</service_token><account_name>krypted</account_name><expiration_date>2017/06/30</expiration_date><country>US</country><apple_id/><site><id>-1</id><name>None</name></site><populate_catalog_from_vpp_content>true</populate_catalog_from_vpp_content><notify_disassociation>true</notify_disassociation></vpp_account>

Or to limit the output to just the expiration date of the token, we’ll use sed to constrain:

curl -s -u myuser:mypassword https://kryptedjamf.jamfcloud.com/JSSResource/vppaccounts/id/2 | sed -n -e 's/.*<expiration_date>\(.*\)<\/expiration_date>.*/\1/p'

The output should just be a standard date, as follows:

2017/06/30

You can then loop through the output of the vppaccounts, build an IFS array, and display the dates for each, listing sites that are about to expire. For anyone that has a lot of sites with individual tokens, this might come in handy. Enjoy.

Hat tip: I thought I’d have to do this using a database query, but it turns out that the field where the stoken  is stored contains encrypted data different than the initially encoded base64, which I showed how to decrypt at What’s Really In A VPP Token File from Apple’s VPP?. This is to keep that data private. Instead, hat tip to Christian Dooley, who figured out that this is actually available in the API instead, and therefore I didn’t have to hit the database directly to write this article.

June 30th, 2016

Posted In: JAMF

Tags: , , , , , ,

Next Page »