Reusable script for updating EA values in Jamf Pro with the API

Not all extension attributes (EAs) are created equally. Sometimes you want to snag information off of a client Mac, and for that a small script to grab the info and report it up to the Jamf Pro Server is great. Other times you just need to set a simple value for a Mac on demand for reporting purposes. One of the handiest ways to set info ad hoc is with a pop-up menu extension attribute.

So let's say the help desk staff notices that some Macs that come by are really smelly. You can't really write a script to pull smell status off of a Mac. (Maybe you can?) So you make a pop-up menu EA for techs to mark if a Mac smells on the computer record in Jamf Pro.

See if your Jamf-managed Macs have installed today's #iamroot fix

So… the last 24 hours have been pretty fun, right? You may have heard about some shenanigans involving blank passwords and the root account yesterday; Apple certainly did. And they fixed it today with an update available only to 10.13.1 High Sierra machines. If you manage your Macs with Jamf and want a quick smart group to see who has installed it, whip one up that looks for the receipt for the update. It's pretty easy.

That receipt name is

Naturally this smart group won't be all that accurate until you give machines time to update inventory. If you're not super concerned with bandwidth you can find your inventory update policy and flush all logs so the next time a machines checks in it will run a fresh recon.

Worth noting, there are other ways to do this too. This is one quick way to build your smart group.


On November 30th, Apple pushed out a second security update to fix some issues their other security update caused. The macOS team at Apple is having a fun week I'm sure. This secondary update is being pushed automatically to 10.13 and 10.13.1 machines, and the receipt for the installer is I'm not sure if there is a different installer for 10.13.0 so I'm unable to check for a receipt name for that. If someone knows if the update for 10.13 has a different receipt let me know in the comments and I can update this post.

Your smart group will want to be modified to include this second update as well.

I have yet to see a 10.13.0 machine install the update so I'm not sure if their updater has a different receipt, nor am I sure what OS build number a 10.13.0 machine will have after installing it. Feel free to comment below if you have that information.

Update 2: 

It's being reported on Jamf Nation that the package receipt for 10.13.0 machines is, which implies the build number after the installation is 17A501.

Introducing the Awesome Macadmins Tools List

I don't know about you, but I love a good screensaver. The best macOS screensaver list out there is the Awesome macOS Screensavers list, which was inspired by the Awesome List. This in turn inspired me; I have given a few small talks about Mac admin tools that folks should know at meetups, and others have as well. Why not have our own Awesome List?

So the Awesome Macadmins Tools list was born.

The idea was to focus on some of the core focuses/responsibilities of being a Mac admin and list out some of the awesome tools out there to get the job done. This is also a great opportunity for folks that haven't contributed to GitHub projects before to try out pull requests and forks to add new content, help me fix typos and other issues (it happens y'all), and perfect making great screenshots for documentation purposes.

If you'd like to contribute, check out the contribution guide.

Share it far and wide, and submit some PRs if there are tools to add.

AutoPkgr for Dummies 2: Trust your recipes

So you've set up AutoPkgr. Good job! But now you're like "why do I keep getting these FAIL_RECIPES_WITHOUT_TRUST_INFO errors"? Something I didn't cover in my previous guide is the introduction of verifying and trusting recipes in autopkg 1.x (because that didn't exist at the time). From the introduction to this feature:
AutoPkg encourages the use of recipes created and shared by others. You can leverage the hard work done by other admins without having to re-invent the wheel yourself. You can add "repos" of other people's recipes using the autopkg repo-add command.

But there is an element of risk in using other people's recipes -- a bad actor could create a malicious recipe, or a well-meaning admin could introduce an error into a recipe that causes unexpected issues.

You should audit any third-party recipes you use, especially if you do not know the recipe creator/maintainer. This means becoming familiar enough with AutoPkg recipes to be able to read and understand them.
By default, AutoPkg (and by extension, AutoPkgr) will stop runs for recipes without trust info set. To set trust info, you need to create a recipe override and store that trust info in your override. The override recipes should then be the recipes you run on a schedule with AutoPkgr. Here's a quick overview on how that works.

Fave Friday

Quiet night at home club from Threadless

Getting Warmer cowl by Espace Tricot on Ravelry

Flower Mr. Saturn by SaradaBoru on RedBubble

Gremlins tank from H&M

Love Me More layered tulle skirt and A Fan of Bowknot crop top from Chicwish

Have a great weekend!

Branding Self Service 10

If you live under a rock you may not have heard that Jamf released Jamf Pro 10 this week. It is a giant overhaul of the user interface of the web interface and Self Service, so you can basically chuck all of my old branding the JSS/Self Service stuff in the bin. Phew.

The new dashboard and UI for Jamf Pro 10.
Self Service 10

The dashboard is way more visually appealing now, and the use of space of the tiles on the dashboard flows much better than the version 9 JSS. It's a huge change, as you can probably tell by looking at the above. So is Self Service, and something you may have noticed in the stock imagery above is the icon and name within the application are for a company, not just the default Jamf Self Service icon. This is because Jamf has built in branding the application into the Jamf Pro server. No need to download and hack and upload and deploy manually with every update. Hooray!

In Jamf Pro 10, all you need to do is head to Settings > Computer Management > Self Service, and you'll see a page with Configuration and Branding settings. The very first option is to change the name of the application. If you do this, it will automatically deploy (assuming you have auto-install turned on) the Self Service app with the name of your choice.

Fave Friday

Excuse Me Princess pin by Be Subtle Prins

Matrix Brass Off shampoo and conditioner (does a great job of getting rid of orange brassiness in lightened hair)

Crochet pet bed pattern by Bernat (via Joann Fabrics)

White pearl UFO halo ring by williamwhite on Etsy

This offbeat wedding dress look. I could see myself going for a look like this for my wedding!

Have a great weekend!