csv file and use that information to send device lock commands to multiple Macs. To help make the task of sending MDM lock commands easier, I’ve written a script which uses the API command above to read input from a.
JAMF API SCRIPTS PRO
If a message must appear on the lock screen, I recommend using the method described earlier for sending lock commands from the computer inventory record in the Jamf Pro admin console.
Note: Using the API to send lock commands does have a limitation, where it is not possible to include a message to appear on the lock screen. usr/bin/curl -su mdmlock:correct_horse_Battery_Staple -H "Content-Type: application/xml" -X POST Jamf Pro password: correct_horse_Battery_Staple.
JAMF API SCRIPTS MAC
usr/bin/curl -su username_here:password_here -H "Content-Type: application/xml" -X POSTįor example, here’s the command used to lock a Jamf Pro-enrolled Mac with the following Jamf Pro server, Jamf Pro account with the necessary privileges, Jamf Pro computer ID and desired PIN code. Once you have your Jamf Pro account credentials handled, you can use an API command similar to the one shown below to send a device lock command ( referred to in Apple’s MDM documentation as DeviceLock.) If setting up a specific Jamf Pro user account for this purpose with limited rights, here are the required API privileges for the account on the Jamf Pro server:
For more details, please see below the jump. Fortunately, there is also a way to use the Jamf Pro Classic API to send device lock commands. But once you get beyond that number, this process gets time-consuming and unwieldy. Once the device lock command has been sent, the Lock Computer button’s text should temporarily change to Command Sent.įor a small number of machines (10 or less), the method outlined above works fine. Click the OK button in the confirmation window. If desired, you can also enter a message which will appear on the lock screen.ħ.
JAMF API SCRIPTS CODE
Enter the PIN code which will later be used to unlock the Mac. In the Management Commands section of the Management tab, click the Lock Computer button.ĥ. Go to the appropriate computer inventory record.Ĥ. Log into Jamf Pro using an account which can send lock commands via MDM.Ģ. For example, here’s how it looks in Jamf Pro to send a device lock command via MDM:ġ. Once received, the Mac will then turn itself into a paperweight which does or doesn’t erase itself.ĭoing these one at a time is a pretty straightforward process. Do you want it locked or wiped?”Īt that point, the admin pulls up their MDM admin console and depending on what the response was (lock or wipe), send out the appropriate MDM command accompanied by a PIN code. We can send a command to lock the computer or have it erase itself. “$Very Important Person left their Mac behind in a cab! What do we do?” Most Mac admins have had this conversation at one point or another over the course of their careers: If & thenĮcho "Please drag-n-drop or enter the path to a line-seperated file containing computer names or IDs: "Įcho "ERROR: The path to the specified readable file cound not be found.
JAMF API SCRIPTS PASSWORD
If || & thenĮcho "ERROR: A JSS user name and password are required if no encoded authorization is provided." >&2Įcho "Please enter a name for the group you wish to create/populate: "Įcho "ERROR: No group name was specified." >&2 # verify user and password or encoded authorization If & & thenĮcho "Please enter JSS password for account : "
If & thenĮcho "ERROR: Unable to connect to JSS. #! /bin/bashĪPIUser=$(/usr/bin/osascript$computer_name"įullURL="$/JSSCheckConnection -o /dev/null) If this is left blank then the user will get an alert of success or failure joining the group. If API username and Password are not given it will prompt the user for the JSS ID and Password.Īnystring will make this run silent.
This will control if it adds the computer or deletes the computer from the group. It has to be just either of those strings with no quotes, or this won't function. I have a goal of phasing this out in hopes of using a drop down extension attribute instead.
0 kommentar(er)
