krypted.com

Tiny Deathstars of Foulness

There’s a new JSS companion tool, called JSS MUT, which allows you to perform mass actions based on a CSV. Basically, set fields and enforce mobile device names (becoming a very common need out there). If you’re a JSS admin, it’s a nice tool, and a big should out to Michael Levenick for making it free!

5860001_orig

Official website is at http://jssmut.weebly.com.

Hat tip to Trey Howell for clueing us in! 🙂

July 18th, 2016

Posted In: JAMF

Tags: , , , , ,

Leave a Comment

An hour into my first Reddit AMA with some super-excellent JAMFs!

AMA w/ Charles Edge and the Apple management experts at JAMF Software from macsysadmin

June 24th, 2016

Posted In: Apple Configurator, Articles and Books, Business, iPhone, JAMF, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: ,

When building an MDM, you look for a lot of workflows to make the lives of end users easier. One of those is Managed App Config, which is a technology from Apple that allows an MDM to inject information into an app when the app is sent to a device. Because all apps are different, it’s up to the application developer to build in support both for the feature itself, as well as for any variables they’d like to make possible for an MDM to send to an app. For example, an app might make server and username available, so that when a user opens the app, they need only provide their password. Or based on an Active Directory group, you might have a location within the app to direct a user to, a different server, or even a different schema for the username.

This is the simplest example, but there are hundreds of other things I wanted to do. And app vendors were actually very open to building these features. But they all asked “OK, so what do I do.” And the last thing I wanted to tell them was to use up some cockamamie naming convention that I made up off the top of my head. So, much smarter people than I have come up with all the conventions to help standardize this otherwise chaotic awesomeness. And they’ve created a website, with IBM, JAMF, MobileIron, and AirWatch as the founding members for, and published best practices. From the site:

A community focused on providing tools and best practices around native capabilities in mobile operating systems to enable a more consistent, open and simple way to configure and secure mobile apps in order to increase mobile adoption in business. Users benefit with instant mobile productivity and a seamless out-of-the box experience, and businesses benefit with secure work-ready apps with minimal setup required while leveraging existing investments in Enterprise Mobility Management (EMM), VPN, and identity solutions. Ultimately, your apps are simpler to configure, secure and deploy.

To learn more about standardizing Managed App Config, check out the AppConfig Community Site.

Screen Shot 2016-02-27 at 9.29.02 AM

This goes a long way in making one of the coolest features for MDM much, much more useable. Hope you enjoy!

February 28th, 2016

Posted In: iPhone, JAMF, Mass Deployment

Tags: , , , , ,

You can leverage the API built into the Casper Suite to do lots and lots of cool stuff, without interacting directly with the database. Here, I’ll use a simple curl command in a bash script that has myuser as the username for a server and mypassword as the password. The server is myserver.jamfcloud.com. Basically, we’re going to ask the computers and mobiledevices tables for all their datas. Once we have that, we’ll constrain the output to just the size attribute for each using sed:

curl -s -u myuser:mypassword https://myserver.jamfcloud.com/JSSResource/computers | sed -n -e 's/.*<size>\(.*\)<\/size>.*/\1/p'
curl -s -u myuser:mypassword https://myserver.jamfcloud.com/JSSResource/mobiledevices | sed -n -e 's/.*<size>\(.*\)<\/size>.*/\1/p'

This same logic can then be applied to any payload of XML data coming out of a REST API. Some API’s have different options to constrain output of a request, some don’t. But no matter whether there is or isn’t, you can loop through a bunch of statements like this. Why would you look to the API to constrain data, etc? Well, it comes down to a cost issue. Each time you run the above commands, you’re costing yourself runtime, you’re taxing the server with potentially a substantial query, and you’re potentially transferring a considerable amount of data over the wires between you and where the script is being run. So if the API is smart enough to give you less data, then you might as well do that. In this case, it isn’t, but if you apply this same sed logic in other scripts, it’s great to be cognizant of remaining as efficient as you can.

December 18th, 2015

Posted In: JAMF

Tags: , , , , , , , , ,

Enrolling iPads and iPhones into JAMF’s Casper suite can be done through Apple Configurator 2, text messages, email invitations, Apple’s Device Enrollment Program (DEP), or using links deployed to iOS devices as web clips. When doing larger deployments the enrollment process can be automated so that devices are automatically enrolled into Casper when set up using an Enrollment Profile that is manually downloaded from Casper and deployed to device. Additionally, a certificate can be needed if the certificate is not included in the profile, an option available as a checkbox in the setup. While you hopefully won’t need to download the certificate, we’ll cover that as well:

Download the Enrollment Profile

To download an enrollment profile from Casper MDM:

  1. Log into the web interface of the JSS.
  2. Click on the link along the top navigation bar for Mobile Devices.
  3. Click on Enrollment Profiles in the sidebar.Screen Shot 2015-12-07 at 1.47.40 PM
  4. Click on the plus sign (+).
  5. Provide a new name for the profile.Screen Shot 2015-12-07 at 1.48.07 PM
  6. Click on the User and Location Information tab.
  7. Enter any of the information you wish to have associated with this account when the profile is used to enroll a device into the JSS (not required – use this if you want your devices to have these associated, like if you use Configurator to setup departments and then associate a blueprint to each department and use an enrollment profile per blueprint).
  8. At the Enrollment Profiles screen, click on Download for the appropriate profile (for most environments there should only be one).
  9. Click on the Save button.
  10. Click on the General tab.
  11. Click on the Download button to download a .mobileconfig file that contains enrollment information.Screen Shot 2015-12-07 at 1.56.12 PM
  12. Click on the Trust Profile button to download the trust profile (a .mobileconfig with our cer).
  13. Once the profile is downloaded, it will automatically attempt to enroll the computer you are downloading it from in the Profiles System Preferences pane.Screen Shot 2015-12-07 at 1.57.25 PM
  14. Click on Cancel.
  15. Click on your downloads and you have now downloaded the two .mobileconfig files that will enroll devices into Casper. Note that if you have a cert signed by a CA you shouldn’t need the Trust Profile.

Add the Profile To Apple Configurator:

To deploy the profile through Apple Configurator:

  1. Open Apple Configurator 2 on the client computer.Screen Shot 2015-12-07 at 1.42.56 PM
  2. Click File and then click on New Blueprint.
  3. Provide a name for your Blueprint.Screen Shot 2015-12-07 at 2.16.06 PM
  4. Once the new Blueprint is created, click on it.
  5. Click on Profiles. 
  6. Click Add Profiles…Screen Shot 2015-12-07 at 2.24.08 PM
  7. Manually add the first profile by browsing to it.
  8. Drag any other profiles into the list.
  9. Apply the Blueprint to devices to see if it works.

If you then wish to unenroll, simply remove the profiles by tapping on profiles and then tapping on the Remove button. Per the MDM API, a user can elect to remove their device from management at any point unless the device is supervised (and then it’s harder but still possible to remove the device from management), so expect this will happen occasionally, even if only by accident.

December 10th, 2015

Posted In: Apple Configurator, iPhone, JAMF, Mass Deployment

Tags: , , , , ,

In case anyone missed this fact: I love to write. The nerdier the content, the better. And when I heard that the JAMF Nation User Conference had a session for InfoSec (and specifically around how we do vulnerability assessments), I knew that was my kind of session. So, the marketing team was kind enough to let me write it up. Here it is on the JAMF Software blog: http://www.jamfsoftware.com/blog/jamf-software-security-and-vulnerability-assessments/.

Screen Shot 2015-10-13 at 5.29.22 PM

October 13th, 2015

Posted In: JAMF

Tags: , ,

Bushel gives you three devices for free. But you can get more free devices if you like the product and choose to share it with your friends and family. To do so is pretty straight forward. Simply click on the Accounts icon in the sidebar and then click on the Profile tab. Here, towards the bottom of the screen, you’ll see the Referrals section.

To Read More About Inviting Your Friends To Bushel To Get More Free Devices Forever on the Bushel Blog

October 13th, 2015

Posted In: Bushel, JAMF

Tags: , , , , , , , ,

The JAMF Nation User Conference (JNUC) is coming, from October 13th to 15th in Minneapolis, Minnesota. The JNUC always makes me think of all kinds of nerdy things to do. And Minneapolis is totally full of nerd culture events. So here’s some to consider (not including the Lync, Sharepoint and other not-very-mac-esque events):

There are more mini-events being added on the JNUC Mini-Event page on JAMF Nation all the time. Check that out at the Mini-Event page on JAMF Nation. There are lots of spots around town to host meetups and the such, if you’re after that. I posted a lot of breweries here (and a pedal pub if you’re feeling like getting serious about it all), but keep in mind if you’re looking for less alcohol and more quiet/professional stuffs, there’s a pretty deep set of Mac shops in the Twin Cities with spaces that might loan you some room, such as Code42.

And if you’re into Maker Spaces and the such, check out:

  • My neighborhoods makerspace: http://nordeastmakers.com
  • The Twin Cities Maker(space): http://www.tcmaker.org
  • Improving civic tech with Open Twin Cities: http://opentwincities.org
  • Get your lego on at Brinckmania (just make sure to call and see if they’ll let you in as they’re usually only open every other Saturday – but if you want to schedule a JNUC mini-event or something I could see them opening their doors)

September 4th, 2015

Posted In: JAMF

Tags: , , , , , ,

JAMF Nation User Conference

As the largest Apple IT gathering in the world rapidly approaches, we want to give you an early glimpse into the great presentations at the JAMF Nation User Conference (JNUC).

We are excited to announce that we’ve added the first ten JNUC sessions to our site. With sessions for education and commercial organizations, you’re sure to find presentations to meet your needs. Highlights include best practices for preparing Macs for online testing, ways to bring Apple’s Volume Purchase Program (VPP) and Device Enrollment Program (DEP) to life in your environment, and methods for mitigating and addressing Mac security threats.

Haven’t registered yet? There’s still time, but hurry. We’re nearing our capacity. 

Secure your spot and start making your travel plansand accommodations before it’s too late. We hope you can make it!

RSVP Today

August 26th, 2015

Posted In: Mac OS X

Tags: , , , , , , ,

When you enroll devices into Bushel, you’ll be prompted for a name and email address. We use these two fields to setup the mail profile for users and display who has that device. You can see who a device is assigned to by clicking on the device in Bushel and checking out the Assigned To card, shown here.

Move Devices To New Users In Bushel

June 11th, 2015

Posted In: Bushel, iPhone, JAMF, Mac OS X

Tags: , , ,

Next Page »