krypted.com

Tiny Deathstars of Foulness

Tomcat logs events into the system log. You can use the get-wmiobject commandlet to see events. Here, we’ll look at a JSS and view only system events:

Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system'

We can then use AND to further constrain to specific messages, in this case those containing Tomcat:

Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' AND (Message like '%Tomcat%')

We can then further constrain output to those with a specific EventCode with another compound statement:

Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' AND (Message like '%Tomcat%') AND (EventCode=1024)

For a comprehensive list of Windows event codes, see https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx.

You could instead use get-eventlog to see system logs. For example, the following will list the latest 100 entries in the system log:

Get-Eventlog -LogName system -Newest 1000

And the following lists the number of unique entries in descending order using Sort-Object, along with the -Property option set to count:

Get-Eventlog -LogName system -Newest 1000 | Sort-Object -Property count -Descending

And the following would additionally constrain the output to entries with the word Tomcat using the -Message option:

Get-Eventlog -LogName system -Newest 1000 -Message "*Tomcat*" | Sort-Object -Property count -Descending

And to focus on a server called jss, use the -ComputerName option:

Get-Eventlog -LogName system -Newest 1000 -Message "*Tomcat*" -ComputerName "localhost" | Sort-Object -Property count -Descending

July 11th, 2017

Posted In: JAMF, Windows Server

Tags: , , , , , , ,

June 21st, 2017

Posted In: MacAdmins Podcast

Tags: , , , , ,

June 2nd, 2017

Posted In: Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast

Tags: , , , , ,

If you’re in need of MDM in Japanese or German, Jamf Now shipped support for those languages last week. To switch languages, click on your name once logged in, and then click on the language you would like to use.

Enjoy.

May 1st, 2017

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , ,

I mentioned mdmclient when I gave the talk on the inner workings of Mobile Device Management, or MDM. There, I spent a lot of time on APNs and profiles, but just kinda’ spoke about mdmclient in terms of it being the agent that runs on macOS to provide mdm parity for the Mac. The mdmclient binary is located at /usr/libexec/mdmclient and provides pretty limited access to see how the Mac reacts to and interprets information coming from a device management provider.

I had been meaning to do a write-up on mdmclient and document what it can do since it first shipped. But as luck would have it, @Mosen on the Slacks beat me to the punch with a fantastic resource at https://mosen.github.io/profiledocs/troubleshooting/mdmclient.html. So here I’d like to focus on just 3 examples of using mdmclient. The first is to see what insight an MDM has to the applications installed (whether that information is actually committed to a database somewhere or not) using QueryInstalledApps:

/usr/libexec/mdmclient QueryInstalledApps

Here, we can see an array output of each bundle installed:

{BundleSize = 27457223;
Identifier = “com.hipchat.HipChat”;
Name = HipChat;
ShortVersion = “3.1.6”;
Version = “3.1.6”;}

Now, we can end up with duplicates, and so focus on just the unique Identifier keys, as follows:

/usr/libexec/mdmclient QueryInstalledApps | grep Identifier | uniq

The second iteration is to see installed profiles. The most basic of these, is to see user profiles, which can be obtained using QueryInstalledProfiles, as follows:

/usr/libexec/mdmclient QueryInstalledProfiles

Now, I could see using the profiles command with the -L option that I have a profile to configure office365 on my machine:

profiles -L

charlesedge[1] attribute: profileIdentifier: com.jamfsw.office365.a5f0e328-ea86-11e3-a26c-6476bab5f328
There are 1 user configuration profiles installed for ‘charlesedge’

So to see what that same information looks like, when queried from an MDM solution:
/usr/libexec/mdmclient QueryInstalledProfiles

QueryInstalledProfiles then returns:

({HasRemovalPasscode = 0;
IsEncrypted = 0;
PayloadContent = (
{PayloadDisplayName = “Charles Edge’s Office 365”;
PayloadIdentifier = “com.jamfsw.office365.a5f0e328-ea86-11e3-a26c-6476bab5f328.exchange.a5f2ccd9-ea86-11e3-b1e0-6476bab5f328”;
PayloadType = “com.apple.ews.account”;
PayloadUUID = “a5f2ccd9-ea86-11e3-b1e0-6476bab5f328”;
PayloadVersion = 1;});
PayloadDescription = “This will configure your Office 365 account for your Mac.”;
PayloadDisplayName = “Charles Edge’s Office 365”;
PayloadIdentifier = “com.jamfsw.office365.a5f0e328-ea86-11e3-a26c-6476bab5f328”;
PayloadOrganization = “JAMF Software”;
PayloadRemovalDisallowed = 0;
PayloadUUID = “a5f0e328-ea86-11e3-a26c-6476bab5f328”;
PayloadVersion = 1;
SignerCertificates = ();})

You can then take action based on this type of information, allow you to either fill a database for agent-based management, or simply take action if something is missing, etc.

QueryInstalledProfiles covers user profiles. To see system, you’ll need installedProfiles:

/usr/libexec/mdmclient installedProfiles | grep "Profile Name"

Run without the grep for a considerably more verbose amount of information.

Finally, let’s look at one more piece of information, which is the hash for the iTunes Store. That’s a point I’ve made a number of times, that the iTunes account email address is never provided to an MDM, once associated to a device or user on a device. Instead, there’s a hash of the account. These are important with VPP, as it allows for reversing (according to the MDM) which users have claimed which apps, or which users are using a given app, as well as how many devices they’re accessing those from. To see a hash, as an MDM sees it:

/usr/libexec/mdmclient QueryAppInstallation | grep iTunesStoreAccountHash

There’s a lot more you can do here, and I’m sure we’ll see a lot more over time. However, the work from @mosen combined with the opening up of the documentation on profiles and the mdm protocol helps to shed some light on how things work under the hood, and how we can use these features to provide greater programatic management for the Mac.

For example, to grab that iTuneshash from earlier, as a Jamf extension attribute you could use the following: https://github.com/krypted/ituneshash/blob/master/ituneshash.sh

April 28th, 2017

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , , , ,

March 24th, 2017

Posted In: MacAdmins Podcast

Tags: , , , , ,

If you fire up a connection to Postgres on a Profile Manager server, you can see a list of all the databases and tables on the server, respectively:

sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0
devicemgr_v2m0=# \list
devicemgr_v2m0=# \dt

The list of tables is as follows:

Name | Owner | Encoding | Collate | Ctype | Access privileges
----------------+------------+----------+---------+-------+---------------------------
devicemgr_v2m0 | _devicemgr | UTF8 | C | C |
postgres | _devicemgr | UTF8 | C | C |
template0 | _devicemgr | UTF8 | C | C | =c/_devicemgr +
| | | | | _devicemgr=CTc/_devicemgr
template1 | _devicemgr | UTF8 | C | C | =c/_devicemgr +
| | | | | _devicemgr=CTc/_devicemgr

The list of relations is much more lengthy, but if you parse it then you can then use a string of commands to dump the contents of each table into a stand-alone CSV file:

sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From abstract_asm_library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/abstract_asm_library_items.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From abstract_asm_users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/abstract_asm_users.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From active_locales) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/active_locales.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From app_configurations) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/app_configurations.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From asset_metadata) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/asset_metadata.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From assets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/assets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From assets_localized_data) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/assets_localized_data
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From auto_join_profile_usage) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/auto_join_profile_usage.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From auto_join_profiles) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/auto_join_profiles.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From auto_join_profiles_device_groups) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/auto_join_profiles_device_groups.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From certificates) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/certificates.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From completed_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/completed_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From data_files) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/data_files.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From db_notifications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/db_notifications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From deleted_media) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/deleted_media.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From deleted_objects) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/deleted_objects.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_enrollment_settings) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_enrollment_settings.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_group_memberships) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_group_memberships
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_groups) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_groups.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_groups_devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_groups_devices.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/devices.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From dm_schema_information) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/dm_schema_information.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From dynamic_attributes_defaults) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/dynamic_attributes_defaults.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From ebooks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/ebooks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From edu_classes) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/edu_classes.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From edu_classes_library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/edu_classes_library_items
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From edu_devices_users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/edu_devices_users.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From enterprise_apps) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/enterprise_apps.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_books) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_books.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_ios_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_ios_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_media) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_media.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_osx_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_osx_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_profiles) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_profiles.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From internal_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/internal_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_assets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_assets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_devices.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_printers) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_printers.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_system_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_system_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_widgets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_widgets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From lab_sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/lab_sessions.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_item_metadata) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/.library_item_metadata.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_item_settings) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_item_settings.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_item_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_item_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_items.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_items_assets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_items_assets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From mdm_targets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/mdm_targets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From mdm_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/mdm_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From media) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/media.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From network_lab_sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/network_lab_sessions.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From od_library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/od_library_items.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From od_nodes) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/od_nodes.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From od_searches) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/od_searches.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From os_updates) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/os_updates.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From os_updates_devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/os_updates_devices.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From owner_lab_sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/owner_lab_sessions.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From preference_panes) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/preference_panes.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From printers) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/printers.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From profiles) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/profiles.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/sessions.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From settings) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/settings.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From system_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/system_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From target_tombstones) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/target_tombstones.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_group_memberships) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_group_memberships.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_groups) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_groups.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_groups_users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_groups_users.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/users.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From vpp_assigned_licenses) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/vpp_assigned_licenses.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From vpp_products) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/vpp_products.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From widgets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/widgets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From work_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/work_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From xsan_networks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/xsan_networks.csv

Now, if you were to just run a select * from devices; from within devicemgr_v2m0, you would get the following:

id | admin_temp_id | created_at | updated_at | updated_at_xid | library_item_type | order_name | mdm_target_type | user_id | last_checkin_time | last_push_time | first_push_time | last_update_info_time | last_auto_sync_profiles | last_auto_sync_media | processing_tasks | hp_singleton_tasks | lp_singleton_tasks | nn_singleton_tasks | singleton_task_type | singleton_uuid | supported_device_type | token | push_magic | push_avg_response_time | push_response_times | vpp_last_invite_requested | vpp_last_invite_delivered | pending_checkin_token | checkin_token_valid_at | active_checkin_token | DeviceName | ProductName | OSVersion | SerialNumber | udid | identifier | is_dep_device | is_multi_user | pending_user_id | supported_asset_types | mdm_acl | IMEI | MEID | IsSupervised | BluetoothMAC | EthernetMAC | WiFiMAC | DeviceID | airplay_password | color | assigned_dep_profile_uuid | dep_profile_uuid | dep_profile | activation_lock_bypass_code | mdm_activation_lock_bypass_code | last_mdm_refresh_ttl_days

These can then read into an array and dealt with as needed. For example, you can link lists of users and groups or use this as a separate form of backup. Another way to get this data, that would be a bit more future-proofed, would be to read all items in the schema for public on the desired database, and then build an array of name items and a loop. But this is a good start.

February 21st, 2017

Posted In: Mac OS X Server

Tags: , , , , , , ,

Stoked that we got to interview Michael Lynn (@mikeymikey) for the MacAdmins podcast. It turned out to be a great episode on the future of Mac management and MDM. I’m glad we were able to have him join in! Pepijn and Marcus did a great job as well, so all round, a great episode. Hope you enjoy!

Or find it on the Podcast site at http://podcast.macadmins.org/2016/10/24/episode-13-mdm-me-maybe/

October 24th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast

Tags: , , , , , ,

Automating OS installations is going to eventually be about as easy on macOS as it is in iOS (er, if you have MDM that is). But in the meantime, it’s getting a bit more challenging. The obvious way Apple would prefer this to happen these days is via the startosinstall command that first shipped with El Capitan and with brtool getting moved around all the time, and becoming less of a thing, there’s one quick and easy thing you can do:

sudo "/Applications/Install macOS Sierra.app/Contents/Resources/startosinstall" --applicationpath "/Applications/Install macOS Sierra.app" --agreetolicense --nointeraction --volume /Volumes/Macintosh\ HD

In the above command, we’ve dropped “Install macOS Sierra.app” on a machine. While you’d guess that it would find the application path based on its own surname, we went ahead and supplied it as that seems to basically be a thing. Basically, –agreetolicense keeps us from having to run some expect scripts to accept a license agreement, –nointeraction suppresses as many of the screens as possible, and –volume allows us to install to any volume we’d like. This isn’t fully automated, but I have been able to layer in some more logic to quit apps before the script fires and then expect out other items from the script to automate a restart, watching for osinstallersetupd as a key.

This is all a bit bulkier than just using something like createOSXinstallPkg but it’s important to mention that there are a number of system components that are allowed for in SIP that use osinstallersetupd and so this blessed mechanism is likely the future until you can trigger an OS upgrade (and update I suppose) using an MDM command.

October 23rd, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , , , ,

The JSS has the ability to upload multiple .vpptokens, and using those, you can upload separate tokens for sites and then provide App Store apps to different sites based on each having some autonomy by having their own token. This is a pretty cool feature. And using the GUI, you can see when each token expires. You can also see a list of tokens using the API. To see a full list of all the tokens, we’ll just use a basic curl command here:

curl -s -u myuser:mypassword https://kryptedjamf.jamfcloud.com/JSSResource/vppaccounts

This provides an array of output that has the number of tokens in <size> and the id of each along with their name in <id> and <name> respectively, as follows

<?xml version="1.0" encoding="UTF-8"?><vpp_accounts><size>2</size><vpp_account><id>2</id><name>test</name></vpp_account><vpp_account><id>3</id><name>test2</name></vpp_account></vpp_accounts>

Once you know the id of a token, you can pull a bunch of information about that token using the following command:

curl -s -u myuser:mypassword https://kryptedjamf.jamfcloud.com/JSSResource/vppaccounts/id/2

The output would be as follows, with the expiration_date indicated:

<?xml version="1.0" encoding="UTF-8"?><vpp_account><id>2</id><name>test</name><contact/><service_token>xxxxxxxxxxyyyyyyyyyyyzzzzzzzzzaaaaaaaabbbbbbbbbbccccccc</service_token><account_name>krypted</account_name><expiration_date>2017/06/30</expiration_date><country>US</country><apple_id/><site><id>-1</id><name>None</name></site><populate_catalog_from_vpp_content>true</populate_catalog_from_vpp_content><notify_disassociation>true</notify_disassociation></vpp_account>

Or to limit the output to just the expiration date of the token, we’ll use sed to constrain:

curl -s -u myuser:mypassword https://kryptedjamf.jamfcloud.com/JSSResource/vppaccounts/id/2 | sed -n -e 's/.*<expiration_date>\(.*\)<\/expiration_date>.*/\1/p'

The output should just be a standard date, as follows:

2017/06/30

You can then loop through the output of the vppaccounts, build an IFS array, and display the dates for each, listing sites that are about to expire. For anyone that has a lot of sites with individual tokens, this might come in handy. Enjoy.

Hat tip: I thought I’d have to do this using a database query, but it turns out that the field where the stoken  is stored contains encrypted data different than the initially encoded base64, which I showed how to decrypt at What’s Really In A VPP Token File from Apple’s VPP?. This is to keep that data private. Instead, hat tip to Christian Dooley, who figured out that this is actually available in the API instead, and therefore I didn’t have to hit the database directly to write this article.

June 30th, 2016

Posted In: JAMF

Tags: , , , , , ,

Next Page »