krypted.com

Tiny Deathstars of Foulness

If you fire up a connection to Postgres on a Profile Manager server, you can see a list of all the databases and tables on the server, respectively: sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 devicemgr_v2m0=# \list devicemgr_v2m0=# \dt The list of tables is as follows: Name | Owner | Encoding | Collate | Ctype | Access privileges ----------------+------------+----------+---------+-------+--------------------------- devicemgr_v2m0 | _devicemgr | UTF8 | C | C | postgres | _devicemgr | UTF8 | C | C | template0 | _devicemgr | UTF8 | C | C | =c/_devicemgr + | | | | | _devicemgr=CTc/_devicemgr template1 | _devicemgr | UTF8 | C | C | =c/_devicemgr + | | | | | _devicemgr=CTc/_devicemgr The list of relations is much more lengthy, but if you parse it then you can then use a string of commands to dump the contents of each table into a stand-alone CSV file: sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From abstract_asm_library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/abstract_asm_library_items.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From abstract_asm_users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/abstract_asm_users.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From active_locales) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/active_locales.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From app_configurations) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/app_configurations.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From asset_metadata) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/asset_metadata.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From assets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/assets.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From assets_localized_data) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/assets_localized_data sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From auto_join_profile_usage) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/auto_join_profile_usage.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From auto_join_profiles) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/auto_join_profiles.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From auto_join_profiles_device_groups) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/auto_join_profiles_device_groups.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From certificates) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/certificates.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From completed_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/completed_tasks.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From data_files) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/data_files.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From db_notifications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/db_notifications.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From deleted_media) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/deleted_media.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From deleted_objects) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/deleted_objects.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_enrollment_settings) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_enrollment_settings.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_group_memberships) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_group_memberships sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_groups) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_groups.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_groups_devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_groups_devices.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/devices.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From dm_schema_information) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/dm_schema_information.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From dynamic_attributes_defaults) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/dynamic_attributes_defaults.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From ebooks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/ebooks.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From edu_classes) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/edu_classes.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From edu_classes_library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/edu_classes_library_items sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From edu_devices_users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/edu_devices_users.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From enterprise_apps) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/enterprise_apps.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_applications.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_books) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_books.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_ios_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_ios_applications.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_media) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_media.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_osx_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_osx_applications.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_profiles) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_profiles.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From internal_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/internal_tasks.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_assets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_assets.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_devices.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_printers) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_printers.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_system_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_system_applications.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_widgets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_widgets.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From lab_sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/lab_sessions.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_item_metadata) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/.library_item_metadata.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_item_settings) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_item_settings.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_item_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_item_tasks.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_items.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_items_assets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_items_assets.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From mdm_targets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/mdm_targets.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From mdm_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/mdm_tasks.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From media) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/media.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From network_lab_sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/network_lab_sessions.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From od_library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/od_library_items.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From od_nodes) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/od_nodes.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From od_searches) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/od_searches.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From os_updates) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/os_updates.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From os_updates_devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/os_updates_devices.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From owner_lab_sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/owner_lab_sessions.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From preference_panes) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/preference_panes.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From printers) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/printers.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From profiles) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/profiles.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/sessions.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From settings) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/settings.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From system_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/system_applications.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From target_tombstones) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/target_tombstones.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_group_memberships) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_group_memberships.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_groups) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_groups.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_groups_users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_groups_users.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_tasks.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/users.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From vpp_assigned_licenses) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/vpp_assigned_licenses.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From vpp_products) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/vpp_products.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From widgets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/widgets.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From work_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/work_tasks.csv sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From xsan_networks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/xsan_networks.csv Now, if you were to just run a select * from devices; from within devicemgr_v2m0, you would get the following:
id | admin_temp_id | created_at | updated_at | updated_at_xid | library_item_type | order_name | mdm_target_type | user_id | last_checkin_time | last_push_time | first_push_time | last_update_info_time | last_auto_sync_profiles | last_auto_sync_media | processing_tasks | hp_singleton_tasks | lp_singleton_tasks | nn_singleton_tasks | singleton_task_type | singleton_uuid | supported_device_type | token | push_magic | push_avg_response_time | push_response_times | vpp_last_invite_requested | vpp_last_invite_delivered | pending_checkin_token | checkin_token_valid_at | active_checkin_token | DeviceName | ProductName | OSVersion | SerialNumber | udid | identifier | is_dep_device | is_multi_user | pending_user_id | supported_asset_types | mdm_acl | IMEI | MEID | IsSupervised | BluetoothMAC | EthernetMAC | WiFiMAC | DeviceID | airplay_password | color | assigned_dep_profile_uuid | dep_profile_uuid | dep_profile | activation_lock_bypass_code | mdm_activation_lock_bypass_code | last_mdm_refresh_ttl_days
These can then read into an array and dealt with as needed. For example, you can link lists of users and groups or use this as a separate form of backup. Another way to get this data, that would be a bit more future-proofed, would be to read all items in the schema for public on the desired database, and then build an array of name items and a loop. But this is a good start.

February 21st, 2017

Posted In: Mac OS X Server

Tags: , , , , , , ,

Stoked that we got to interview Michael Lynn (@mikeymikey) for the MacAdmins podcast. It turned out to be a great episode on the future of Mac management and MDM. I’m glad we were able to have him join in! Pepijn and Marcus did a great job as well, so all round, a great episode. Hope you enjoy! Or find it on the Podcast site at http://podcast.macadmins.org/2016/10/24/episode-13-mdm-me-maybe/

October 24th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast

Tags: , , , , , ,

Automating OS installations is going to eventually be about as easy on macOS as it is in iOS (er, if you have MDM that is). But in the meantime, it’s getting a bit more challenging. The obvious way Apple would prefer this to happen these days is via the startosinstall command that first shipped with El Capitan and with brtool getting moved around all the time, and becoming less of a thing, there’s one quick and easy thing you can do: sudo "/Applications/Install macOS Sierra.app/Contents/Resources/startosinstall" --applicationpath "/Applications/Install macOS Sierra.app" --agreetolicense --nointeraction --volume /Volumes/Macintosh\ HD In the above command, we’ve dropped “Install macOS Sierra.app” on a machine. While you’d guess that it would find the application path based on its own surname, we went ahead and supplied it as that seems to basically be a thing. Basically, –agreetolicense keeps us from having to run some expect scripts to accept a license agreement, –nointeraction suppresses as many of the screens as possible, and –volume allows us to install to any volume we’d like. This isn’t fully automated, but I have been able to layer in some more logic to quit apps before the script fires and then expect out other items from the script to automate a restart, watching for osinstallersetupd as a key. This is all a bit bulkier than just using something like createOSXinstallPkg but it’s important to mention that there are a number of system components that are allowed for in SIP that use osinstallersetupd and so this blessed mechanism is likely the future until you can trigger an OS upgrade (and update I suppose) using an MDM command.

October 23rd, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , , , ,

The JSS has the ability to upload multiple .vpptokens, and using those, you can upload separate tokens for sites and then provide App Store apps to different sites based on each having some autonomy by having their own token. This is a pretty cool feature. And using the GUI, you can see when each token expires. You can also see a list of tokens using the API. To see a full list of all the tokens, we’ll just use a basic curl command here: curl -s -u myuser:mypassword https://kryptedjamf.jamfcloud.com/JSSResource/vppaccounts This provides an array of output that has the number of tokens in <size> and the id of each along with their name in <id> and <name> respectively, as follows <?xml version="1.0" encoding="UTF-8"?><vpp_accounts><size>2</size><vpp_account><id>2</id><name>test</name></vpp_account><vpp_account><id>3</id><name>test2</name></vpp_account></vpp_accounts> Once you know the id of a token, you can pull a bunch of information about that token using the following command: curl -s -u myuser:mypassword https://kryptedjamf.jamfcloud.com/JSSResource/vppaccounts/id/2 The output would be as follows, with the expiration_date indicated: <?xml version="1.0" encoding="UTF-8"?><vpp_account><id>2</id><name>test</name><contact/><service_token>xxxxxxxxxxyyyyyyyyyyyzzzzzzzzzaaaaaaaabbbbbbbbbbccccccc</service_token><account_name>krypted</account_name><expiration_date>2017/06/30</expiration_date><country>US</country><apple_id/><site><id>-1</id><name>None</name></site><populate_catalog_from_vpp_content>true</populate_catalog_from_vpp_content><notify_disassociation>true</notify_disassociation></vpp_account> Or to limit the output to just the expiration date of the token, we’ll use sed to constrain: curl -s -u myuser:mypassword https://kryptedjamf.jamfcloud.com/JSSResource/vppaccounts/id/2 | sed -n -e 's/.*<expiration_date>\(.*\)<\/expiration_date>.*/\1/p' The output should just be a standard date, as follows: 2017/06/30 You can then loop through the output of the vppaccounts, build an IFS array, and display the dates for each, listing sites that are about to expire. For anyone that has a lot of sites with individual tokens, this might come in handy. Enjoy. Hat tip: I thought I’d have to do this using a database query, but it turns out that the field where the stoken  is stored contains encrypted data different than the initially encoded base64, which I showed how to decrypt at What’s Really In A VPP Token File from Apple’s VPP?. This is to keep that data private. Instead, hat tip to Christian Dooley, who figured out that this is actually available in the API instead, and therefore I didn’t have to hit the database directly to write this article.

June 30th, 2016

Posted In: JAMF

Tags: , , , , , ,

I’ve worked with a lot of organizations switching between Mobile Device Management (MDM) solutions in my career. And I’ve seen the migration projects go both really, really well, and really, really poorly. In most cases, the migration is somewhat painful no matter what you do. But in this (my first) article on the JAMF blog, I try and organize my thoughts around a few things to look out for when migrating between MDMs/MAMs, and some context/experience around those. https://www.jamfsoftware.com/blog/10-things-to-consider-when-switching-between-mobile-device-management-solutions/ Screen Shot 2016-06-23 at 11.45.32 AM

June 23rd, 2016

Posted In: Articles and Books, iPhone, JAMF, Mac OS X

Tags: , , , , , ,

I’m a bit late in posting this, but better late than never! In this episode, we interview the venerable Arek Dreyer about his upcoming book, and learn a little of his origin story! More on that in issues to come I’m sure!

June 15th, 2016

Posted In: Mac OS X, Mac OS X Server

Tags: , , , ,

When building an MDM, you look for a lot of workflows to make the lives of end users easier. One of those is Managed App Config, which is a technology from Apple that allows an MDM to inject information into an app when the app is sent to a device. Because all apps are different, it’s up to the application developer to build in support both for the feature itself, as well as for any variables they’d like to make possible for an MDM to send to an app. For example, an app might make server and username available, so that when a user opens the app, they need only provide their password. Or based on an Active Directory group, you might have a location within the app to direct a user to, a different server, or even a different schema for the username. This is the simplest example, but there are hundreds of other things I wanted to do. And app vendors were actually very open to building these features. But they all asked “OK, so what do I do.” And the last thing I wanted to tell them was to use up some cockamamie naming convention that I made up off the top of my head. So, much smarter people than I have come up with all the conventions to help standardize this otherwise chaotic awesomeness. And they’ve created a website, with IBM, JAMF, MobileIron, and AirWatch as the founding members for, and published best practices. From the site:
A community focused on providing tools and best practices around native capabilities in mobile operating systems to enable a more consistent, open and simple way to configure and secure mobile apps in order to increase mobile adoption in business. Users benefit with instant mobile productivity and a seamless out-of-the box experience, and businesses benefit with secure work-ready apps with minimal setup required while leveraging existing investments in Enterprise Mobility Management (EMM), VPN, and identity solutions. Ultimately, your apps are simpler to configure, secure and deploy.
To learn more about standardizing Managed App Config, check out the AppConfig Community Site. Screen Shot 2016-02-27 at 9.29.02 AM This goes a long way in making one of the coolest features for MDM much, much more useable. Hope you enjoy!

February 28th, 2016

Posted In: iPhone, JAMF, Mass Deployment

Tags: , , , , ,

There are a lot of payloads that MDM and profiles can manage in iOS. Restrictions are probably the one I get the most questions about. And most are pretty self-explanatory. Sooooo, rather than open Profile Manager every time I need to see the list, here it is:
  • Allow use of Camera
  • Allow FaceTime
  • Allow screenshots and screen recording
  • Allow AirDrop (supervised only)
  • Allow iMessage (supervised only)
  • Allow voice dialing while device is locked
  • Allow Siri
  • Allow Siri while device is locked
  • Enable Siri profanity filter (supervised only)
  • Allow user-generated content in Siri (supervised only)
  • Allow iBooks Store (supervised only)
  • Allow installing apps using Apple Configurator and iTunes
  • Allow installing apps using App Store (supervised only)
  • Allow automatic app downloads (supervised only)
  • Allow removing apps (supervised only)
  • Allow in-app purchase
  • Require iTunes Store password for all purchases
  • Allow iCloud backup
  • Allow iCloud documents & data
  • Allow iCloud Keychain
  • Allow managed apps to store data in iCloud
  • Allow backup of enterprise books
  • Allow notes and highlights sync for enterprise books
  • Allow iCloud Photo Sharing
  • Allow My Photo Stream (disallowing can cause data loss)
  • Allow automatic sync while roaming
  • Force encrypted backups
  • Force limited ad tracking
  • Allow Erase All Content and Settings (supervised only)
  • Allow users to accept untrusted TLS certificates
  • Allow automatic updates to certificate trust settings
  • Allow trusting new enterprise app authors
  • Allow installing configuration profiles (supervised only)
  • Allow modifying account settings (supervised only)
  • Allow modifying device name (supervised only)
  • Allow modifying Find My Friends settings (supervised only)
  • Allow modifying passcode (supervised only)
  • Allow modifying Touch ID fingerprints (supervised only)
  • Allow modifying restrictions (supervised only)
  • Allow modifying Wallpaper (supervised only)
  • Allow pairing with non-Configurator hosts (supervised only)
  • Allow documents from managed sources in unmanaged destinations
  • Allow documents from unmanaged sources in managed destinations
  • Treat AirDrop as unmanaged destination
  • Allow Handoff
  • Allow Spotlight Suggestions
  • Allow Touch ID to unlock device
  • Force Apple Watch wrist detection
  • Allow pairing with Apple Watch (supervised only)
  • Require passcode on first AirPlay pairing
  • Allow predictive keyboard (supervised only)
  • Allow keyboard shortcuts
  • Allow auto correction (supervised only)
  • Allow spell check (supervised only)
  • Allow Define (supervised only)
  • Allow Wallet notifications in Lock screen
  • Show Control Center in Lock screen
  • Show Today view in Lock screen

February 5th, 2016

Posted In: iPhone

Tags: , , , , ,

Bushel shipping a new feature this week call Blueprints. Blueprints are similar to groups, and allow you to assign different options in Bushel to different devices that have a blueprint assigned to them. This also allows you to define one device per blueprint and therefore have different options for different computers. Pretty cool on a few different fronts. And it provides a lot of flexibility for some really, really cool new features we’ve planned for the product. Introducing_Blueprints For more on this great new feature, check out this great article from the new Bushel Product Manager, Michael Devins.

December 10th, 2015

Posted In: Bushel, iPhone

Tags: , , ,

Apple Configurator 2 is a great new evolution in iOS initial and configuration management. And there are lots of great options. And to help you wrap your head around all this new fun stuff, I’ve written up a quick and dirty guide for using Apple Configurator 2. Screen Shot 2015-11-04 at 10.02.03 PM It’s not completely done, but it will be shortly. Hope this help someone. Enjoy!

November 14th, 2015

Posted In: Apple Configurator, iPhone, Mass Deployment

Tags: , , , , , , , , , , , ,

« Previous PageNext Page »