Jamf Pro Scripts – running commands in the current logged in user’s context

I’ve already been using this technique for a while but today, thanks to our fantastic Mac Admins community, I’ve learned a little bit more about it, so it might be worth a blog post.

One interesting thing about Jamf Pro is that it can execute scripts during a policy run. Scripts executed this way are run as the root user, which is all well and good if you need to do stuff to the system as a whole with elevated privileges. But what if you need to run a command as if it’s being run by the current logged in user themselves as part of a policy? One example would be to use a utility like mysides to configure a their sidebar, or if you want to invoke lsregister to register an application so that user doesn’t see something this the first time it’s launched (kudos to @franton on the MacAdmins Slack for pointing out that this tends to be more of an issue for applications living outside /Applications as macOS takes care of those automatically, but I digress):


Continue reading “Jamf Pro Scripts – running commands in the current logged in user’s context”

London Apple Admins Zentral Workshop at Sony Music

We had a London Apple Admins meet up at Sony Music last Thursday! As one of the resident ‘herders’ (along with Ben, Darren, Graham and Steve), I’m honoured to share the video of this event, which includes a workshop on Zentral, an open source framework for monitoring stuff.

Huge thanks to Ross Drummond at Sony for hosting us and for putting on an awesome spread of fine beverages and pizza. Thanks also to Henry Stamerjohann at Zentral for his most informative workshop. There were much learnings to be had!

If you’d like to host a future meet up or present at one, we’d love to hear from you! Give us a shout.

Integrating Bomgar and Jamf Self Service

To me, what follows didn’t seem overly remarkable, until I shared it in #jamfnation on the MacAdmin’s Slack. I received some great feedback and was encouraged to share what I did with the wider community. I honestly didn’t think it would be that useful to as many people as it was.

We use Bomgar to give our staff and students an easy way to get help when they need it, be that on their Windows PCs, Macs or even Android tablets. Unfortunately, the user’s journey with Bomgar on a Mac is something like this:

  1. Click a URL that takes you to an online form.
  2. Fill in that form with details about your issue.
  3. Download a Disk Image (DMG) containing the Bomgar client.
  4. Open/mount the DMG file.
  5. Open your mounted Disk Image and run the Bomgar application.

Not great and full of manual steps that a lot of people will find challenging or frustrating, especially in situations where they need help quickly to resolve their issues. It’s a faff and faffing is bad. There has to be a better way. And our students and staff love using Jamf Self Service. Continue reading “Integrating Bomgar and Jamf Self Service”

Casper Imaging – Wot, no scripts after Autorun?

Yes, yes, imaging is dead, I know. But if you manage Macs in an education setting, especially in a lab environment with lots of shared use, it’s still a great way to provision those machines (DEP isn’t quite there yet IMO). I’m not going to get into the thorny subject of monolithic vs thin imaging workflows etc, let’s not beat that horse! It’s not what this post is about anyway…

Following the Jamf Pro hotfix release for 9.97.1488392992 those of us who use Autorun Imaging had a bit of a surprise. Namely, if you have scripts in your Imaging Configuration set to run at restart (like a first run script), they would no longer run. In fact, the scripts weren’t even being copied onto the target Mac at all. If you did a postmortem and looked in /var/logs/jamf.log you’d have found this entry where the magic should have happened:

The script could not be found.

Frustratingly, this wasn’t addressed in the 9.98 update, and Jamf won’t fix it because it relates directly to the security hole the patched in 9.97.1488392992. Thanks to Chris Gachowski on Jamf Nation, there is a workaround.

Continue reading “Casper Imaging – Wot, no scripts after Autorun?”

New training videos from Jamf – The Jamf 100 Course

Jamf just put a bunch of interesting introductory training videos up. As well as covering the basics of the Jamf Pro product, there are also some nice little nuggets that are more general.

I particularly liked the CLI and Scripting lessons. From a pedagogical (teaching methodology) perspective, I think they’re really well presented and paced. If you’re new to the macOS command line, or just want to refresh your existing knowledge, it’s worth a look.

Go watch them here: https://www.jamf.com/training/100/

Jamf Pro 9.98 on Windows- Migrating to MySQL 5.7

Jamf released version 9.98 of its Casper Suite/JSS Jamf Pro management suite last Thursday. The eagle-eyed amongst us may have noticed a change to the system requirements deep within the documentation:

Screen Shot 2017-03-27 at 10.02.58

Prior to version 9.98, MySQL 5.7 was not recommended. You’ll likely have MySQL 5.5 or 5.6 installed. I’m running 5.6 and successfully upgraded my Jamf Pro Server to 9.98 in our development/test environment. In the interests of future proofing as well as satisfying my little OCD monster, I decided to migrate to MySQL 5.7 as well. I’m deliberately avoiding the word ‘upgrade’ because it’s more like an uninstall and re-install, with a few steps in between. What follows is how I did it in a Windows Server setting. Surprisingly, Jamf don’t provide much in terms of documentation for this specific activity, but the move to MySQL 5.7 will be something admins will have to consider as Jamf Pro evolves on its way up to version 10.

Let’s set the stage. I’m assuming that we’ve got a single server environment (not clustered) and that we’re running Windows Server 2012R2. I’m also assuming that we’re running MySQL Server 5.6 and the Java JDK 8. We’ve just upgraded our JSS to version 9.98 and the humongous database migration/changes it made were successful and everything is working. That’s good but we want new shiny MySQL Server 5.7 goodness bestowed upon our green and pleasant land. Finally, I’m assuming that your MySQL Server data folder is in the default location (C:\ProgramData). You do have your MySQL database user (default name is jamfsoftware) password to hand, don’t you? You’ll need it later…

Continue reading “Jamf Pro 9.98 on Windows- Migrating to MySQL 5.7”