Last edit: October 01, 2017 10:03:12 AM CDT List of all cheatsheets The Reported IP Address is the IP address that the computer has on its local network IP Address is the IP address that the JSS sees the computer connecting from JAMF Tomcat: /user/local/jss. Standard Tomcat: /usr/share (RHEL) and /var/lib (ubuntu) See also MySQL & Tomcat for additional information Is Casper running/listening on proper port? netstat -ntlap | awk '/[8080 | 8443 | 443]/ && /LISTEN/' Binaries jamf Binary Detailed Listings jamf [PDF] Does the machine see the JSS? jamf checkJSSConnection See hiddens jamf help -hidden jamf help [verb] -hidden Install a package jamf install -package -path -target [-fut] [-feu] [-showProgress] Run SoftwareUpdate and bypass an internal SUS servers jamf runSoftwareUpdate -fromApple Save Inventory Details to a Local File sudo jamf recon -verbose -saveFormTo ~/Desktop/ Get JSS ID for a machine jamf recon 2>&1 | grep computer_id | grep -o '[0-9]\+' Read MDM Profile jamf mdm Make a profile from the JSS human-readable openssl smime -inform DER -verify -in /path/to/downloaded.mobileconfig -noverify -out /path/to/de-signed.mobileconfig plutil -convert xml1 /path/to/de-signed.mobileconfig jamfHelper Basic Example sudo /Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "Title TK" -timeout 15 -description "Copy Goes Here" -button1 "Tk" jamfhelper Flags Window -windowType [hud | utility | fs] hud: creates an Apple "Heads Up Display" style window utility: creates an Apple "Utility" style window fs: creates a full screen window the restricts all user input (WARNING: Remote access must be used to unlock machines in this mode -windowPosition [ul | ll | ur | lr] If no input is given, the window defaults to the center of the screen -icon path Sets the windows image filed to the image located at the specified path -title "string" Sets the window's title to the specified string -heading "string" Sets the heading of the window to the specified string -description "string" Sets the main contents of the window to the specified string -alignDescription [right | left | center | justified | natural] -alignHeading [right | left | center | justified | natural] -alignCountdown [right | left | center | justified | natural] Buttons -button1 "string" Creates a button with the specified label -button2 "string" Creates a second button with the specified label -defaultButton [1 | 2] Sets the default button of the window to the specified button. The Default Button will respond to “return” -cancelButton [1 | 2] Sets the cancel button of the window to the specified button. The Cancel Button will respond to “escape” WindowTimouts & Exit Options -kill Kills the JAMF Helper when it has been started with launchd -countdown Displays a string notifying the user when the window will time out -lockHUD Removes the ability to exit the HUD by selecting the close button -showDelayOptions "int, int, int,..." Enables the “Delay Options Mode”. The window will display a dropdown with the values passed through the string -timeout int Causes the window to timeout after the specified amount of seconds. Note: The timeout will cause the default button, button 1 or button 2, to be selected (in that order) jamfHelper Error Codes jamfHelper will print the following return values to stdout, 0: Button 1 was clicked 1: The Jamf Helper was unable to launch 2: Button 2 was clicked 3: Process was started as a launchd task XX1: Button 1 was clicked with a value of XX seconds selected in the drop-down XX2: Button 2 was clicked with a value of XX seconds selected in the drop-down 239: The exit button was clicked 240: The "ProductVersion" in sw_vers did not return 10.5.X, 10.6.X or 10.7.X 243: The window timed-out with no buttons on the screen 250: Bad "-windowType" 254: Cancel button was select with delay option present 255: No "-windowType" JDS check-in jamfds policy JDS sync jamfds inventory Database Get version of Database Utility sudo java -jar /usr/local/jss/bin/JSSDatabaseUtil.jar version How many pending policy pushes are in queue select apns_result_status, count(*) from mobile_device_management_commands group by apns_result_status; How many policy pushes are in queue per device select computer_id, count(*) from mobile_device_management_commands where apns_result_status="" group by computer_id order by count(*) ASC; Delete pending pushes for all devices delete from mobile_device_management_commands where apns_result_status != 'Acknowledged’; Delete pending pushes for a particular device delete from mobile_device_management_commands where apns_result_status != 'Acknowledged' and device_id=[device ID]; Equivalent of Computers > [computer] > History > Mac App Store Apps for all computers select application_name, count(*) as count from applications where mac_app_store=1 and report_id in (select last_report_id from computers_denormalized) group by application_name order by count desc into outfile '/path/to/output'; See registered APNS tokens for a machine use jamfsoftware; select computer_name, computer_id, apn_token from computers; Get size of the database SELECT table_name AS "Tables", round(((data_length + index_length) / 1024 / 1024), 2) "Size in MB" FROM information_schema.TABLES WHERE table_schema = "jamfsoftware" ORDER BY (data_length + index_length) DESC; Turn off Limited Access update limited_access_mode_settings set access_mode=[0] where address='[ip of server]'; Keys in the computers table as of 9.100 (describe computers;) alt_mac_address apn_token asset_tag bar_code_1 bar_code_2 ble_capable computer_id computer_name default_distribution_point_id default_distribution_server_id default_netboot_server_id default_software_update_server_id delay_user_mdm device_certificate device_push_token file_vault_2_eligibility_message gatekeeper_status initial_entry_date_epoch itunes_store_account_hash itunes_store_account_is_active jamf_version last_ip last_reported_ip logged_in_user mac_address management_password_encrypted management_username mdm_access_rights mdm_certificate mdm_cert_dirty platform push_magic requires_token_update sip_status udid user_removed_mdm_profile xprotect_version API You can do the GET/PUT/DELETE off of any unique identifier in the JSS. It varies per object e.g. JSS ID, Serial Number, Name, Mac Address, UDID, etc You can POST to /id/0 or /id/XXX to have it automatically select the next available ID in the JSS Flags: -u, --user Means specify the user name and password to use for server authentication. With no password provided you will be prompted. -X, --request Specifies the request type: GET, PUT, POST, DELETE. GET is the default value so it doesn’t have to be called out -o, --output Means to write output to instead of stdout. -k, --insecure Means allow invalid certificate if you dont have a trusted 3rd party SSL cert in your JSS. -T, --upload-file Means for transfer a file. "-T /path/to/file.xml" -d, --data Means data to send in the requested PUT or POST, you can use this to pass values in-line without it having to read from a file. -v, --verbose Means be more verbose/talkative during the operation. -H, --header Means header to append to data sent or type of data received. e.g. -H "Content-Type: application/xml" auto appends the xml header when uploading, e.g. -H "Application: application/xml" means to download in xml or JSON depending on whats specified. GET/Read curl -k -u username:password https://jssaddress.com:8443/JSSResource/computers/serialnumber/actualSerialNumber -o ~/Desktop/computer.xml GET/Read force download in XML curl -k -H "Accept: application/xml" -u username:password https://jssaddress.com:8443/JSSResource/computers/serialnumber/actualSerialNumber -o ~/Desktop/computer.xml PUT/Update from XML File curl -k -u username:password https://jssaddress.com:8443/JSSResource/computers/serialnumber/actualSerialNumber -T ~/Desktop/Computer.xml -X PUT PUT/Update from XML in Line curl -k -H "Content-Type: application/xml" -u username:password https://jssaddress.com:8443/JSSResource/computers/serialnumber/actualSerialNumber -d "mike" -X PUT POST/Create from XML in File curl -k -u username:password https://jssaddress.com:8443/JSSResource/buildings/id/0 -T ~/Desktop/newbuilding.xml -X POST POST/Create from XML in line curl -k -H "Content-Type: application/xml" -u username:password https://jssaddress.com:8443/JSSResource/buildings/id/0 -d "NewBuilding" -X POST DELETE/Delete curl -k -u username:password https://jssaddress.com:8443/JSSResource/buildings/id/actualIDNumber -X DELETE Get a list of MDM capable users curl -H "Accept: text/xml" —silent -u ${apiUser}:${apiPass} https://$jssAddress/JSSResource/computers/serialnumber/$serialNumber | xpath 2>&1 /computer/general/mdm_capable_users/mdm_capable_user | sed -e 's/<mdm_capable_user>//;s/<\/mdm_capable_user>//' -e 's/— NODE —//g' memcached Get version echo version | nc 127.0.0.1 11211 Get current settings echo stats settings | nc localhost 11211 Get performance stats echo stats | nc 127.0.0.1 11211 The most useful statistics here are the number of hits, misses, and evictions. How much memory (in bytes) is memcached using echo stats slabs | nc 127.0.0.1 11211 | awk '/total_malloced/ {print $3}' How many items are currently cached echo stats | nc 127.0.0.1 11211 | awk '/curr_items/' How many items memcache has had to remove to make space for newer items echo stats | nc 127.0.0.1 11211 | awk '/evictions/' If high number, might need to allocate more memory to memcached How many times an item wasn't in the cache echo stats | nc 127.0.0.1 11211 | awk '/get_misses/' Number of bytes memached has supplied to the network echo stats | nc 127.0.0.1 11211 | awk '/bytes_written/' Get performance stats with libmemcached-tools installed (Ubuntu) memcstat --servers=127.0.0.1 The most useful statistics here are the number of hits, misses, and evictions.