Adding Printers to Jamf Pro via Web App

Here, we’ll discuss how to add a deployable printer object to Jamf Pro via the web application.


Your organization has legacy printers and print servers and the Macs you manage need to have these printers and queues added.
For quite some time, there has been ‘writing on the wall’ to indicate that the Jamf Admin application (formerly Casper Admin) will eventually be deprecated. Depending the details of your organization’s Jamf Pro implementation, it may already be problematic or impossible to make use of this application.

Why Not?

AirPrint is now and the future. AirPrint requires no device configuration. If you are in a position to make decisions regarding how your organization deploys printers, it is strongly suggested to avoid legacy systems and only implement AirPrint-enabled devices and print servers.

Gathering Info

In order to add a printer, we must first have several details collected from a Mac that has the printer configured.

Add The Printer to a Test Mac

Begin by adding the printer or print queue to a test Mac. Configure the printer in Printers & Scanners Preferences according to the manufacturer’s and your organization’s requirements. If the printer requires a specific driver, be sure to select it when you add the printer, installing the driver on the Mac if necessary. Make note of the path to the driver file (in this example, /Library/Printers/PPDs/Contents/Resources/Kyocera\ FS-4200DN.ppd).

Enable CUPS Web Interface

Open the Terminal application and enter cupsctl WebInterface=yes.

Collect Printer Info

  1. Navigate to http://localhost:631/printers. Make note of the queue name.
  2. Select the printer’s queue name to view details.
  3. Make note of the following values:
    • Description
    • Location
    • Connection

Create Printer Object in Jamf Pro

  1. Navigate to Settings > Computer Management > Printers in your Jamf Pro instance.
  2. Select the + New button.
  3. Enter the following CUPS data into the Jamf Pro printer object fields:
    • Jamf Display Name: CUPS Description
    • Jamf CUPS Name: CUPS Queue Name
    • Jamf Location: CUPS Location
    • Jamf Device URI: CUPS Connection
    • Jamf PPD: If driver is required:
      • Deselect Use generic PPD file
      • Use the Upload PPD button to upload a copy of the driver file (from its original and proper location – do not upload a copy from another location such as a Desktop or Downloads folder).
  4. Fill in all other fields as appropriate for your environment and deployment.
  5. Save.

Ensuring The Fortune 1’s Success With Apple

I spoke about my experiences with Walmart at the MacSysAdmin 2018 conference.

I was afforded the honor of speaking about my experiences with Walmart at the MacSysAdmin conference this year.

The session video can be viewed here.

A PDF of the slides is available here.

The conference hosted a great many informative presentations by speakers at the top of their profession. Archives for all sessions are available here.

macOS Updates 23 January 2018

macfamily-promo-osx-family-icon_2xApple have released updates to macOS High Sierra, macOS Sierra and OS X El Capitan today.

The updates for Sierra and El Capitan include mitigations for the Meltdown and Spectre vulnerabilities.

You can use the information below to search or report on the disposition of your inventory/fleet and read more from Apple.

  • macOS High Sierra 10.13.3
    Build numbers: 17D47 or 17D2047 (depending on hardware, both are current)
  • Security Update 2018-001 Sierra
    Build number: 16G1212
  • Security Update 2018-001 El Capitan
    Build number: 15G19009

For more information: About the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan

Jamf Pro EA: Member of AD Group

jamfProThis is an extension attribute script to determine if the user assigned to the computer is a member of a given AD group or groups.

In the example below, the script will return a “Yes” result if the user to which the computer is assigned in Jamf Pro is a member of the groups “ADGroupX” or “ADGroupY”.

The script will…

  • Get the computer’s serial number
  • Pull the computer record via the Jamf Pro API
  • Harvest the contents of the “username” field
  • Get the domain via dscl (computer must be bound to AD)
  • Determine if “username” is a member of “ADGroupX” or “ADGroupY”

This script can certainly be cleaned up a bit but does the job effectively.


# Is the user assigned to this computer a member of a given AD group or groups.
# In this example, the target groups are "ADGroupX" and "ADGroupY"

serialNumber=$(ioreg -l | awk -F'"' '/IOPlatformSerialNumber/ { print $4;}')
response=$(curl -v -k -u apiComputerReadUsername:apiComputerReadPassword -H "Accept: application/xml" -H "Content-Type: application/xml" https://JamfProUrl/JSSResource/computers/serialnumber/$serialNumber)

assignedUser=$(echo $response | xpath '/computer/location/username/text()' 2>/dev/null)

domain=$(dscl /Active\ Directory/ -read . | grep SubNodes | sed 's|SubNodes: ||g')

membership=$(dscl /Active\ Directory/"$domain"/All\ Domains read /Users/$assignedUser dsAttrTypeNative:memberOf | egrep 'ADGroupX|ADGroupY')

if [[ "$membership" == "" ]]; then
 echo "<result>No</result>"
 echo "<result>Yes</result>"

exit 0

The script can also be found on GitHub below.


the vocabulary of a person, language, or branch of knowledge.
“the size of the English lexicon”

– Google, 14 January 2017

To communicate complex technical concepts effectively, people need to speak the same language. The use of technical terms must remain consistent and logical to promote understanding. The absence of common, consistent language hinders the free exchange and easy comprehension of ideas. This is particularly true of system administrator communities that have to deal with a huge library of technical terminology.

Nerds (I use that term affectionately and apply it to myself) have a tendency to invent their own terms for products, processes, and concepts. Some technology professionals cling to incorrect terms, even after learning the correct ones. The best of us misspeak at times, especially when terms sound similar or describe similar things. That is fine, we’re all fallible humans.

The use of incorrect terminology becomes a problem when someone knows the correct term and deliberately uses an incorrect one out of preference. Those of us who have been working on Macs since they were all-in-one beige rectangles may feel a certain amount of “geek cred” when we use older terms, but this can confuse people who are new to the topic, making it difficult to join the conversation. This can also steepen the learning curve as a person new to the topic may not be aware of all of the historical or nonstandard terminology.

At The Mac Admin, we primarily discuss Apple products and services, so we use Apple’s own style guide to describe them. When discussing any other vendors’ products we will use that vendor’s style guide where available. When a guide is not available we will use the vendors’ documentation as a guide. When we need to discuss a concept that does not have any vendor-official term, we will do our best to be consistent and remove ambiguity by defining the term the first time we use it, remaining consistent in that definition, and avoiding terms known to have many conflicting definitions.

For further reading…

Apple Style Guide by Apple Inc.

Mavericks Update:Setting A Default Paper Size

printerThe Mac Admin reader David noted that the preference file and key referenced in Setting A Default Paper Size no longer manages the default paper size setting in OS X v10.9 Mavericks.

The new file is

This makes the new preference domain: org.cups.PrintingPrefs

The Key that governs the preference remains the same: DefaultPaperID

The values remain the same, repeated below for your convenience.

Paper Size String
US Legal na-legal
US Letter na-letter
A4 iso-a4
A5 iso-a5
JIS B5 jis-b5
B5 iso-b5
Envelope #10 na-number-10-envelope
Envelope DL iso-designated-long-envelope
Tabloid tabloid
A3 iso-a3
Tabloid Oversize arch-b
ROC 16K roc16k
Envelope Choukei 3 cho-3-envelope
Super B/A3 arch-b-extra

Creating OS X Mavericks Install Media

mavericksIT staff, and even consumers often want to have a physical bootable install disk for OS X.  In OS X Mavericks, Apple have provided a relatively simple command line tool for creating bootable install media.

To create the install media, mount a volume that you would like to use as an install disk.  This volume needs to be able to hold at least 5.36 GB of data to house the install media. Note that this volume will be erased and reconfigured as an OS X installer. With the desired volume mounted, open the Terminal application and execute the following command:

sudo /Applications/Install OS X --volume /Volumes/TargetVolumeName --applicationpath /Applications/Install OS X --nointeraction

Replace “TargetVolumeName” with the name of the volume you want to turn into a bootable OS X Mavericks installation disk.

See the screenshot below for the Terminal output from the command above.

Mavericks Installer Creation
Mavericks Installer Creation