2024-11-15 23:38:51 Author: derflounder.wordpress.com(查看原文) 阅读量:12 收藏
Home > Jamf Pro, Jamf Pro API, Jamf Pro Classic API > Clearing failed MDM commands from members of Jamf Pro smart or static groups
Clearing failed MDM commands from members of Jamf Pro smart or static groups
A while back, I had posted about a solution for clearing failed MDM commands on a per-computer basis. I recently learned it’s also possible to clear them by using an API command which clears failed MDM commands from all members of a specified Jamf Pro smart or static group. This approach works for both computer groups and mobile device groups. For example, if you wanted to clear all failed MDM commands for members of a mobile device group, you could use a command like the one shown below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If you wanted to clear all failed MDM commands for members of a computer group, you could use a command like the one shown below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In both cases, the following API permission would be required:
Flush MDM Commands
If using a user account to authenticate to the API, this permission would be set in Jamf Pro Server Actions:
If using an API client to authenticate to the API, this permission would be set in an API role:
For folks who want to use this method to clear failed API commands, I’ve written a couple of scripts to assist with this. For more details, please see below the jump.
I’ve posted both scripts to the following location:
- clear_failed_Jamf_Pro_mdm_commands_from_computer_group.sh – clears failed MDM commands from Jamf Pro smart or static computer groups
- clear_failed_Jamf_Pro_mdm_commands_from_mobile_device_group.sh – clears failed MDM commands from Jamf Pro smart or static mobile device groups
Both scripts are designed to use API client authentication, with the following permissions assigned:
clear_failed_Jamf_Pro_mdm_commands_from_computer_group.sh
- Flush MDM Commands
- Read Smart Computer Groups
- Read Static Computer Groups
clear_failed_Jamf_Pro_mdm_commands_from_mobile_device_group.sh
- Flush MDM Commands
- Read Smart Mobile Device Groups
- Read Static Mobile Device Groups
Both scripts are designed to use the Jamf Pro ID number for a specified Jamf Pro smart or static group to do the following:
- Verify that the provided Jamf Pro ID is a positive number, as Jamf Pro IDs should only be only numbers which are not negative.
- If the provided Jamf Pro ID is a positive number, look up the display name of the specified Jamf Pro smart or static group via the Jamf Pro Classic API using the Jamf Pro ID number.
- If the lookup succeeds, send a command to clear all failed MDM commands associated with the members of the specified group.
- If the MDM command clearing succeeds, display a message that all failed MDM commands associated with the members of the specified group have been cleared.
The scripts will produce errors in the following cases:
- The provided Jamf Pro ID is not a positive number.
- The lookup of the display name of the specified Jamf Pro smart or static group fails.
- The MDM command clearing fails.
Successful output should look like this for the following scripts:
clear_failed_Jamf_Pro_mdm_commands_from_computer_group.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| username@computername ~ % /path/to/clear_failed_Jamf_Pro_mdm_commands_from_computer_group.sh | |
| Please enter your Jamf Pro server URL : https://jamf.pro.server.goes.here | |
| Please enter your Jamf Pro API client ID : 7eda98e3-12ea-469c-8c45-4e070b5003cb | |
| Please enter the API client secret for the 7eda98e3-12ea-469c-8c45-4e070b5003cb API ID client: | |
| The smart or static computer group you want to clear failed MDM commands from has not been specified. | |
| Please enter the Jamf Pro ID of the smart or static computer group : 1 | |
| Clearing failed MDM commmands from members of the following group: All Managed Clients | |
| <?xml version="1.0" encoding="UTF-8"?><commandflush><status>+failed</status><computer_groups>[1]</computer_groups></commandflush> | |
| Failed MDM commands successfully cleared from members of the following group: All Managed Clients | |
| username@computername ~ % |
clear_failed_Jamf_Pro_mdm_commands_from_mobile_device_group.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| username@computername ~ % /path/to/clear_failed_Jamf_Pro_mdm_commands_from_mobile_device_group.sh | |
| Please enter your Jamf Pro server URL : https://jamf.pro.server.goes.here | |
| Please enter your Jamf Pro API client ID : 7eda98e3-12ea-469c-8c45-4e070b5003cb | |
| Please enter the API client secret for the 7eda98e3-12ea-469c-8c45-4e070b5003cb API ID client: | |
| The smart or static mobile device group you want to clear failed MDM commands from has not been specified. | |
| Please enter the Jamf Pro ID of the smart or static mobile device group : 1 | |
| Clearing failed MDM commmands from members of the following group: All Managed Apple TVs | |
| <?xml version="1.0" encoding="UTF-8"?><commandflush><status>+failed</status><mobile_device_groups>[1]</mobile_device_groups></commandflush> | |
| Failed MDM commands successfully cleared from members of the following group: All Managed Apple TVs | |
| username@computername ~ % |
如有侵权请联系:admin#unsafe.sh