Feature Requests


5

Comments

jamf binary policy "dry run" feature

Posted: 3/6/14 at 12:32 PM by mm2270

If this is similar to or a dupe of another request, I'm sorry. I wasn't able to locate anything in my searching.

I'd like to request the ability of the jamf binary to do a "dry run" when checking for available policies based on any given trigger.
For example, right now, if I take any managed Mac and try to determine which policies are available to it on its next scheduled check-in (outside of the JSS web app version 9.x, but rather directly from the Mac itself) its pretty much impossible. I can run sudo jamf policy -trigger every30 or use the "recurring check in" under version 9, and have the Mac check in, but doing that also causes policies to run.
What I'd like is the ability to see what would run on that trigger without actually running them, by having an additional flag, such as "dry run" but I honestly don't; care what it would be called. As long as it would show what will happen on that trigger without actually doing them, it would be a huge help. I'm thinking along the same lines as how rsync lets you do a dry run without actually syncing any files.
As long as the output to stdout is done in a way where it isn't too convoluted, it should be easy to parse out the specific bits, like policy names, etc.

Ideally, I want some way to script it so I can tell what's pending on a system from the system itself. I understand to some degree this is available in the JSS version 9 web app, but I looked to see if this information would also be accessible via the API under version 9 (which would be an acceptable compromise) and I can't see anything in the computer record or under any other API criteria that tells me which policies its scoped to. This new feature seems to be locked into only being viewable in the JSS, so its not very helpful.

Thanks.

5

Comments

In Casper 8 when viewing the output from a script in a log, the CRs are respected and the content is readable. In Casper 9, the CRs are not respected and all output is "smooshed".

For verbose scripts this makes them almost unreadable.

Screenshot of output from junki patching script is attached.



Compared to the output in the local jamf.log (with CRs are each line)

-----


Thu Nov 07 12:25:59 MEBFUB-NMX0016 jamf[20879]: Executing Policy zzz-junkiPromptInstall-update...
Thu Nov 07 12:25:59 MEBFUB-NMX0016 junki --promptinstall: swupdate pkgs waiting to be installed
Thu Nov 07 12:25:59 MEBFUB-NMX0016 junki --promptinstall: -------------------------------------
Thu Nov 07 12:25:59 MEBFUB-NMX0016 junki --promptinstall: 091-5194-2.4
Thu Nov 07 12:25:59 MEBFUB-NMX0016 junki --promptinstall: AirPortUtility-6.3.1
Thu Nov 07 12:25:59 MEBFUB-NMX0016 junki --promptinstall: GarageBand605Update-6.0.5
Thu Nov 07 12:25:59 MEBFUB-NMX0016 junki --promptinstall: RemoteDesktopClient-3.7.0
Thu Nov 07 12:25:59 MEBFUB-NMX0016 junki --promptinstall: ThunderboltFirmwareUpdate1.2-1.2
Thu Nov 07 12:25:59 MEBFUB-NMX0016 junki --promptinstall: iDVD712Update-7.1.2
Thu Nov 07 12:26:00 MEBFUB-NMX0016 junki --promptinstall: iMovieUpdate-9.0.9
Thu Nov 07 12:26:00 MEBFUB-NMX0016 junki --promptinstall: iPhotoUpdate-9.4.3
Thu Nov 07 12:26:00 MEBFUB-NMX0016 junki --promptinstall: iTunesX-11.1.3
Thu Nov 07 12:26:00 MEBFUB-NMX0016 junki --promptinstall: iWeb3.0.4-3.0.4
Thu Nov 07 12:26:00 MEBFUB-NMX0016 junki --promptinstall: iWork_9.3_Update-9.3
Thu Nov 07 12:26:00 MEBFUB-NMX0016 junki --promptinstall: JavaForOSX-1.0
Thu Nov 07 12:26:00 MEBFUB-NMX0016 junki --promptinstall: OSXUpd10.8.5-10.8.5
Thu Nov 07 12:26:00 MEBFUB-NMX0016 junki --promptinstall: -------------------------------------
Thu Nov 07 12:26:00 MEBFUB-NMX0016 junki --promptinstall: prompting user ...
Thu Nov 07 12:26:10 MEBFUB-NMX0016 junki --promptinstall: user selected install and logout...
Thu Nov 07 12:26:11 MEBFUB-NMX0016 junki --promptinstall: sending logout ...
Thu Nov 07 12:26:42 MEBFUB-NMX0016 junki --promptinstall: no logout in 30 seconds, prompting user and trying logout again...
Thu Nov 07 12:27:14 MEBFUB-NMX0016 junki --promptinstall: no logout in 30 seconds, prompting user and trying logout again...
Thu Nov 07 12:27:48 MEBFUB-NMX0016 junki --promptinstall: no logout in 30 seconds, prompting user and trying logout again...
Thu Nov 07 12:28:18 MEBFUB-NMX0016 jamf[23259]: Checking for policies triggered by "logout" for user "sally.mcneill"...
Thu Nov 07 12:28:18 MEBFUB-NMX0016 jamf[23259]: Executing Policy zzz-junkiPromptAndInstall-logout...
Thu Nov 07 12:28:19 MEBFUB-NMX0016 junki --logout: starting installation ...
Thu Nov 07 12:28:20 MEBFUB-NMX0016 junki --logout: -------------------------------------
Thu Nov 07 12:28:20 MEBFUB-NMX0016 junki --logout: softwareupdate is installing 091-5194-2.4 ...
Thu Nov 07 12:29:03 MEBFUB-NMX0016 junki --logout: softwareupdate is installing AirPortUtility-6.3.1 ...
Thu Nov 07 12:29:57 MEBFUB-NMX0016 junki --logout: softwareupdate is installing GarageBand605Update-6.0.5 ...
Thu Nov 07 12:30:52 MEBFUB-NMX0016 junki --logout: softwareupdate is installing RemoteDesktopClient-3.7.0 ...
Thu Nov 07 12:31:51 MEBFUB-NMX0016 junki --logout: softwareupdate is installing ThunderboltFirmwareUpdate1.2-1.2 ...
Thu Nov 07 12:32:18 MEBFUB-NMX0016 junki --logout: softwareupdate is installing iDVD712Update-7.1.2 ...
Thu Nov 07 12:32:58 MEBFUB-NMX0016 junki --logout: softwareupdate is installing iMovieUpdate-9.0.9 ...
Thu Nov 07 12:34:06 MEBFUB-NMX0016 junki --logout: softwareupdate is installing iPhotoUpdate-9.4.3 ...





Selective site deletion in SIS Importer for Casper Focus

Implemented in 2.0
Posted: Yesterday at 7:37 AM by bcourtade

Currently, using the "delete existing classes" option in SIS Importer deletes all classes from all sites in the JSS. There are a couple scenarios where this isn't ideal.

My scenario:
I am able to pull usernames from PowerSchool for all of my high school and middle school students and import them fine. However, I don't have usernames for all of the elementary students. I would use smart/static groups in this case and they generally would not change. The problem is that they would get deleted on every import if I use the "delete existing classes" option for an import file in another site. Yes there exists instructions for importing a file with mobile device groups, but I would be importing static information that doesn't change much.

Another scenario:
Say an Intermediate School district wants to host a JSS for the LEAs they support. So they go ahead and create sites for each school in each district and assigns rights to the district users/groups for each site.
What if one district wants to import using the SIS importer and another wants to maintain manually it in the JSS? The SIS importer would delete classes for all sites in the ISD's JSS with the "delete existing classes" selected, which wouldn't be ideal at all for the district that wants to maintain it manually.

Here are some ways to address it that I can come up with:

  • Have an option under the plug in settings that would make the delete existing classes option only apply to sites that are affected by the import file
  • Spin off the delete existing classes option into its own task and provide check boxes on which sites classes should be deleted from
  • Provide an option within the site on the JSS web interface to protect classes from deletion site-wide when imports occur
  • Provide an option per class to protect it from automatic deletion.


0

Comments

Our security group has requested that we start rotating local account names, being able to auto rotate our local administor account user name and password just like the change management account password would help solve this issue.

Would love the ability to manually enter in SQL code to customize a Smart Computer Group, Static Computer Group and an Advanced Computer Search based on raw SQL code. Having the ability to use the GUI selectors or a fuel where you can simply paste in your SQL code would be great. For companies that have a lot of hands in the JSS, this would allow for streamlined groups without user error and or cloning. Even having the GUI selector interface available and then once you save, a field that shows the raw SQL code that is being used (and then the ability to perhaps edit either the code or the GUI selector fields to modify).

Auto rotate Management Account user name.

Posted: Yesterday at 2:58 PM by gachowski

Our security group has requested that we start rotating local account names, being able to Auto rotate Management Account user name just like the change Management Account Password would help solve this issue.

2

Comments

It would be really useful to be able to export policies and computer groups from the JSS for importing into either a test JSS or another JSS instance which might exist in a different regional office.

We use CentOS as our linux distro, would be really great if I could install JDS on this platform, even if it was with a config file to point to where apache etc is installed, anything apart from it being so hard coded.

Thanks

I'd like a way for my administrative technologists to temporarily disable individual or all Configuration Profiles in order to install or remove apps or make configuration changes to an iOS device, especially for profiles that are set to install automatically since they cannot be removed. Currently, we have to remove profiles completely and then make sure to reapply them after the changes have been complete. There is always the chance that someone will forget to reapply the profile and leave it open for students to change the configuration. Also, if there's a way to put a timer on it so that it automatically reapplies in case a person forgets to reinstall the Configuration Profile, that would be very helpful.

2

Comments

Request that JAMF updates do NOT reset memory allocation for Tomcat

Implemented in 9.0
Posted: 6/26/12 at 2:56 PM by Kevin

Whenever the JSS gets updated, the memory allocation for Tomcat gets reset to 1024MB. I forget about this setting every time. Every time I have a memory related issue that upping the memory allocation to Tomcat resolves.

Request: When the JSS is updated, bake in the ability to return the memory allocation for Tomcat to the setting it had before the update process started.

Implemented in 9.0 Responded: 7/26/13 at 2:49 PM by zach

We view this as a bug, and we expect to have it fixed for the JSS Installer for 9.0