csv file (this is the “Jamf Pro ID, PIN Code” line.) Once executed, the script will then do the following: path/to/Jamf_Pro_MDM_Device_Lock.sh /path/to/filename_goes_here.csv Once you have authentication handled, the script is designed to run as shown below:
#Jamf pro mdm password
To store the account password in the plist file:ĭefaults write -info jamfpro_password account_password_goes_here To store the account username in the plist file:ĭefaults write -info jamfpro_user account_username_goes_here
To store the Jamf Pro URL in the plist file:ĭefaults write -info jamfpro_url The plist file can be created by running the following commands and substituting your own values where appropriate:
#Jamf pro mdm manual
“ Jamf Pro ID, PIN Code” as the first lineįor authentication, the script can accept manual input or values stored in a ~/Library/Preferences/ file. csv file and use that information to send device lock commands to multiple Macs. To help make the task of sending MDM lock commands easier, I’ve written a script which uses the API command above to read input from a. If a message must appear on the lock screen, I recommend using the method described earlier for sending lock commands from the computer inventory record in the Jamf Pro admin console. Note: Using the API to send lock commands does have a limitation, where it is not possible to include a message to appear on the lock screen. usr/bin/curl -su mdmlock:correct_horse_Battery_Staple -H "Content-Type: application/xml" -X POST
#Jamf pro mdm mac
usr/bin/curl -su username_here:password_here -H "Content-Type: application/xml" -X POSTįor example, here’s the command used to lock a Jamf Pro-enrolled Mac with the following Jamf Pro server, Jamf Pro account with the necessary privileges, Jamf Pro computer ID and desired PIN code. Once you have your Jamf Pro account credentials handled, you can use an API command similar to the one shown below to send a device lock command ( referred to in Apple’s MDM documentation as DeviceLock.) If setting up a specific Jamf Pro user account for this purpose with limited rights, here are the required API privileges for the account on the Jamf Pro server: For more details, please see below the jump. Fortunately, there is also a way to use the Jamf Pro Classic API to send device lock commands. But once you get beyond that number, this process gets time-consuming and unwieldy. Once the device lock command has been sent, the Lock Computer button’s text should temporarily change to Command Sent.įor a small number of machines (10 or less), the method outlined above works fine. Click the OK button in the confirmation window. If desired, you can also enter a message which will appear on the lock screen.ħ.
#Jamf pro mdm code
Enter the PIN code which will later be used to unlock the Mac. In the Management Commands section of the Management tab, click the Lock Computer button.ĥ. Go to the appropriate computer inventory record.Ĥ. Log into Jamf Pro using an account which can send lock commands via MDM.Ģ. For example, here’s how it looks in Jamf Pro to send a device lock command via MDM:ġ. Once received, the Mac will then turn itself into a paperweight which does or doesn’t erase itself.ĭoing these one at a time is a pretty straightforward process. Do you want it locked or wiped?”Īt that point, the admin pulls up their MDM admin console and depending on what the response was (lock or wipe), send out the appropriate MDM command accompanied by a PIN code. We can send a command to lock the computer or have it erase itself. “$Very Important Person left their Mac behind in a cab! What do we do?” Most Mac admins have had this conversation at one point or another over the course of their careers:
0 kommentar(er)
