Tiny Deathstars of Foulness

Screen Shot 2016-08-02 at 10.22.20 AM

Casper 9.93 is now available, with a host of new features. These include:

  • Fixed a lot (and I mean a lot) of product issues!
  • Added Single Sign-On (SSO) with SAML 2.0: Logging into the JSS without clicking on anything is just awesome.
  • Added Webhooks: Scripted, triggered access to the events API.
  • LDAP Proxy Server: Can run on our new Infrastructure Manager service on Linux and creates a tunnel between a customer location and a JSS if the JSS doesn’t have LAN access to a directory service.
  • Patch Reporting for Computers: Now, Casper includes automatically generated reports for some common third-party OS X software packages, so you can better scope policies around machines with out-of-date software packages. These can be exported into a variety of formats.
  • Self Service Mobile for iOS: Automatically remove apps that are installed option.
  • New Localization options for French, German, Japanese, and Chinese. Enhanced Language Support in Self Service
  • Import multiple classes from Apple School Manager.
  • OS X Configuration Profiles: Added IKEv2, Disable Apple ID setup during login, enabling proxies in the Proxies payload.
  • iOS Configuration Profile Enhancements: Added Allow screenshots and screen recording, Allow voice dialing while device is locked, Allow Apple Music, Allow Radio, Accept Cookies, Google Accounts, and OS X Server Accounts.
  • Smart group and advanced search criteria were added for iOS 9.3 lost mode status, length of time a device has been in lost mode, and applications in the catalog for patch management.

And of course, there’s moar scalability! 🙂

For more, see

Congrats to everyone involved in this one, it’s a pretty massive update and required a lot of work!

August 2nd, 2016

Posted In: JAMF

Tags: , ,

There’s a new JSS companion tool, called JSS MUT, which allows you to perform mass actions based on a CSV. Basically, set fields and enforce mobile device names (becoming a very common need out there). If you’re a JSS admin, it’s a nice tool, and a big should out to Michael Levenick for making it free!


Official website is at

Hat tip to Trey Howell for clueing us in! 🙂

July 18th, 2016

Posted In: JAMF

Tags: , , , , ,

Looks like Sal et al posted a suite of Automator Actions to link the Casper Suite to Apple Configurator at In my limited tests so far they work pretty darn well!

Screen Shot 2016-07-14 at 12.09.27 PM

Some pretty cool things here, like having the JSS rename a mobile device when managed through Apple Configurator, having Apple Configurator instruct the JSS to remove a device from a group, clear passcodes, update inventory, and other common tasks involved in workflows when leveraging Apple Configurator for en masse device management. Good stuff!

July 14th, 2016

Posted In: Apple Configurator, iPhone, JAMF

Tags: , , , , , ,

The JSS has the ability to upload multiple .vpptokens, and using those, you can upload separate tokens for sites and then provide App Store apps to different sites based on each having some autonomy by having their own token. This is a pretty cool feature. And using the GUI, you can see when each token expires. You can also see a list of tokens using the API. To see a full list of all the tokens, we’ll just use a basic curl command here:

curl -s -u myuser:mypassword

This provides an array of output that has the number of tokens in <size> and the id of each along with their name in <id> and <name> respectively, as follows

<?xml version="1.0" encoding="UTF-8"?><vpp_accounts><size>2</size><vpp_account><id>2</id><name>test</name></vpp_account><vpp_account><id>3</id><name>test2</name></vpp_account></vpp_accounts>

Once you know the id of a token, you can pull a bunch of information about that token using the following command:

curl -s -u myuser:mypassword

The output would be as follows, with the expiration_date indicated:

<?xml version="1.0" encoding="UTF-8"?><vpp_account><id>2</id><name>test</name><contact/><service_token>xxxxxxxxxxyyyyyyyyyyyzzzzzzzzzaaaaaaaabbbbbbbbbbccccccc</service_token><account_name>krypted</account_name><expiration_date>2017/06/30</expiration_date><country>US</country><apple_id/><site><id>-1</id><name>None</name></site><populate_catalog_from_vpp_content>true</populate_catalog_from_vpp_content><notify_disassociation>true</notify_disassociation></vpp_account>

Or to limit the output to just the expiration date of the token, we’ll use sed to constrain:

curl -s -u myuser:mypassword | sed -n -e 's/.*<expiration_date>\(.*\)<\/expiration_date>.*/\1/p'

The output should just be a standard date, as follows:


You can then loop through the output of the vppaccounts, build an IFS array, and display the dates for each, listing sites that are about to expire. For anyone that has a lot of sites with individual tokens, this might come in handy. Enjoy.

Hat tip: I thought I’d have to do this using a database query, but it turns out that the field where the stoken  is stored contains encrypted data different than the initially encoded base64, which I showed how to decrypt at What’s Really In A VPP Token File from Apple’s VPP?. This is to keep that data private. Instead, hat tip to Christian Dooley, who figured out that this is actually available in the API instead, and therefore I didn’t have to hit the database directly to write this article.

June 30th, 2016

Posted In: JAMF

Tags: , , , , , ,

An hour into my first Reddit AMA with some super-excellent JAMFs!

AMA w/ Charles Edge and the Apple management experts at JAMF Software from macsysadmin

June 24th, 2016

Posted In: Apple Configurator, Articles and Books, Business, iPhone, JAMF, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: ,

I’ve worked with a lot of organizations switching between Mobile Device Management (MDM) solutions in my career. And I’ve seen the migration projects go both really, really well, and really, really poorly. In most cases, the migration is somewhat painful no matter what you do. But in this (my first) article on the JAMF blog, I try and organize my thoughts around a few things to look out for when migrating between MDMs/MAMs, and some context/experience around those.

Screen Shot 2016-06-23 at 11.45.32 AM

June 23rd, 2016

Posted In: Articles and Books, iPhone, JAMF, Mac OS X

Tags: , , , , , ,

Published an article at on types of apps you should use when starting to put iPads in a small business. Obviously many a business has vertical needs, but a lot of apps are horizontal, so cut across a wide swath of industries.

Screen Shot 2016-06-22 at 6.16.56 PM


June 22nd, 2016

Posted In: Articles and Books, iPhone, JAMF

Posted a Huffington Post article from my notes from the WWDC keynote. Hope you enjoy!

Apple kicked off WWDC (World Wide Developers Conference) today, with a Keynote that showcased some of the upper tier of talent and management within Apple. As a former WWDC speaker, I watch the keynote and most sessions through the remainder of the week religiously. Here, you see what’s coming in the fall releases of the four operating systems: macOS, watchOS, iOS, and tvOS (for Macs, Apple Watches, iPhones and iPads, and Apple TVs respectively).

Screen Shot 2016-06-14 at 2.01.07 PM

PS: macOS autocorrects to tacos. Mmmmm, tacos…

June 14th, 2016

Posted In: Apple TV, Apple Watch, iPhone, JAMF, Mac OS X, Mac OS X Server

Tags: , , , , , ,

Casper 9.9 has shipped! After the most thorough of testing and field enablement, JAMF has shipped Casper 9.9, with tons of new awesomeness for iOS 9.3. You now have the ability to do Lost Mode, which allows you to see where a lost device is, and allows your users the peace of mind that their privacy is protected by informing them that administrators looked at the location of a device (and you can assign a custom Lost Mode message, for example providing a reward for the return of a lost device). You can also manage a number of Notification Center features. You now have the ability to use the Classroom App in conjunction with education device deployments. You now have the ability to unlock new, great payloads, such as placing badges where you want them on a home screen. You can also now use the B2B App Store with Casper. And for the first time, you also have the ability to show and hide apps!

And cool new features aren’t limited to iOS. Casper can also now manage Active Directory bindings with DEP devices using the Active Directory/LDAP payloads, streamlining those workflows in a more supportable fashion. And manage user account types. This brings us closer and closer to true zero-touch deployments. And lots of issues are resolved that make your installation (e.g. detecting Java versions) and management (e.g. some cool new screens) more and more stable and user friendly with each release!

So log into JAMF Nation, and check out Casper 9.9 in your testing environment, and unlock all the new coolness. 🙂

Screen Shot 2016-03-31 at 11.04.27 AM

March 31st, 2016

Posted In: iPhone, JAMF, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , ,

When building an MDM, you look for a lot of workflows to make the lives of end users easier. One of those is Managed App Config, which is a technology from Apple that allows an MDM to inject information into an app when the app is sent to a device. Because all apps are different, it’s up to the application developer to build in support both for the feature itself, as well as for any variables they’d like to make possible for an MDM to send to an app. For example, an app might make server and username available, so that when a user opens the app, they need only provide their password. Or based on an Active Directory group, you might have a location within the app to direct a user to, a different server, or even a different schema for the username.

This is the simplest example, but there are hundreds of other things I wanted to do. And app vendors were actually very open to building these features. But they all asked “OK, so what do I do.” And the last thing I wanted to tell them was to use up some cockamamie naming convention that I made up off the top of my head. So, much smarter people than I have come up with all the conventions to help standardize this otherwise chaotic awesomeness. And they’ve created a website, with IBM, JAMF, MobileIron, and AirWatch as the founding members for, and published best practices. From the site:

A community focused on providing tools and best practices around native capabilities in mobile operating systems to enable a more consistent, open and simple way to configure and secure mobile apps in order to increase mobile adoption in business. Users benefit with instant mobile productivity and a seamless out-of-the box experience, and businesses benefit with secure work-ready apps with minimal setup required while leveraging existing investments in Enterprise Mobility Management (EMM), VPN, and identity solutions. Ultimately, your apps are simpler to configure, secure and deploy.

To learn more about standardizing Managed App Config, check out the AppConfig Community Site.

Screen Shot 2016-02-27 at 9.29.02 AM

This goes a long way in making one of the coolest features for MDM much, much more useable. Hope you enjoy!

February 28th, 2016

Posted In: iPhone, JAMF, Mass Deployment

Tags: , , , , ,

« Previous PageNext Page »