Prompt to enable or disable Single App Mode on the device: Now that we have the entire policy created, here is how it looks when you run it. When scoping the policy, scope whatever users are out in the field supporting these devices, so this policy will show up when they sign into Self Service. Enable the policy for Self Service and title it whatever you’d like. Make sure to set the frequency to “ongoing” and do not set a trigger. Once this script is completed, upload it into Jamf and create a policy to run it. The API call we will be utilizing to list out the Jamf Pro user accounts is: jamfUserIDs=$( curl -s -X GET "$jssHost/JSSResource/accounts" -H "accept: text/xml" -H "Authorization: Bearer $ giving up after 10000Īnd of course, make sure to enter your exit code at the end: exit 0 I should note that my API scripts from here on out will be utilizing bearer token authentication, since this is going to be required going forward with Jamf Pro sometime in the fall. Also, if this is a process that needs to be run on any recurring basis, saving it in a script makes the process nice and easy to repeat. This way, I can write notes or whatever else I want in the spreadsheet and then submit it to the higher ups easily. I figured I could just go look in Jamf Pro, write down the names of the accounts and their access summary, but what fun is that? Instead, I wrote up a script that outputs a CSV of all of the user accounts and some of their attributes. I was recently asked by my security team to perform an audit and produce a report of user accounts present in Jamf Pro. Since my last post, I received my Jamf Pro 400 certification! Woohoo! JamfProMassActionCommandsOnGroup/JamfProAPIMassActionOnGroup.I haven’t posted in a while due to being rather busy. JamfProMassActionCommandsOnGroup/venv/bin/python. I have 5 devices in my test group and processed them in batches of two devices per API call, so my output was. Send_mdm_command(jss_url, api_user, api_pass, kind_of_group, remote_mdm_command_to_send, device_id_batch) Group_member_ids = get_group_members(jss_url, api_user, api_pass, kind_of_group, group_name)įor i in range(0, len(group_member_ids), number_of_devices_per_batch):ĭevice_id_batch = group_member_ids # DisableRemoteDesktop (macOS 10.14.4 and later), ScheduleOSUpdate.ĭef send_api_request(my_url, my_api_user, my_api_pass, my_method="GET", response_format='json', xml=''): # SettingsDisableBluetooth (macOS 10.13.4 and later), EnableRemoteDesktop (macOS 10.14.4 and later), # Commands supported: UnmanageDevice, BlankPush, SettingsEnableBluetooth, # and in lost mode only), PlayLostModeSound (supervised and in lost mode only) # DisableLostMode (supervised and in lost mode only), DeviceLocation (supervised # PasscodeLockGracePeriod (shared iPad only), EnableLostMode (supervised only), # ShutDownDevice (supervised only), RestartDevice (supervised only), # SettingsEnablePersonalHotspot, SettingsDisablePersonalHotspot, BlankPush, # SettingsDisableBluetooth (iOS 11.3+ and supervised only), # SettingsDisableDiagnosticSubmission, SettingsEnableBluetooth, # SettingsDisableAppAnalytics, SettingsEnableDiagnosticSubmission, # SettingsDisableVoiceRoaming, SettingsEnableAppAnalytics, # SettingsDisableDataRoaming, SettingsEnableVoiceRoaming, # UpdateInventory, ClearRestrictionsPassword, SettingsEnableDataRoaming, # Commands supported: Settings, EraseDevice, ClearPasscode, UnmanageDevice, Kind_of_group = "computer" # "computer" or "mobiledevice" Seconds_between_batches = 1 # Delay between batches # On the other hand, if you have to do something to thousands of devices, one at # to update iOS at the same time, your network admin will not be happy with you. # Also, if you set this too high, you can create a thundering herd of device # That's because if you send a command to a list and one of the device IDs doesn't # remote commands to one device at a time rather than to a big list all at once. # This next setting requires some thought. Jss_url = "" # include : if other than 443, omit trailing /
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |