Category: Jamf Pro

Adding Printers to Jamf Pro via Web App

Here, we’ll discuss how to add a deployable printer object to Jamf Pro via the web application.

Why?

Your organization has legacy printers and print servers and the Macs you manage need to have these printers and queues added.
For quite some time, there has been ‘writing on the wall’ to indicate that the Jamf Admin application (formerly Casper Admin) will eventually be deprecated. Depending the details of your organization’s Jamf Pro implementation, it may already be problematic or impossible to make use of this application.

Why Not?

AirPrint is now and the future. AirPrint requires no device configuration. If you are in a position to make decisions regarding how your organization deploys printers, it is strongly suggested to avoid legacy systems and only implement AirPrint-enabled devices and print servers.

Gathering Info

In order to add a printer, we must first have several details collected from a Mac that has the printer configured.

Add The Printer to a Test Mac

Begin by adding the printer or print queue to a test Mac. Configure the printer in Printers & Scanners Preferences according to the manufacturer’s and your organization’s requirements. If the printer requires a specific driver, be sure to select it when you add the printer, installing the driver on the Mac if necessary. Make note of the path to the driver file (in this example, /Library/Printers/PPDs/Contents/Resources/Kyocera\ FS-4200DN.ppd).

Enable CUPS Web Interface

Open the Terminal application and enter cupsctl WebInterface=yes.

Collect Printer Info

  1. Navigate to http://localhost:631/printers. Make note of the queue name.
  2. Select the printer’s queue name to view details.
  3. Make note of the following values:
    • Description
    • Location
    • Connection

Create Printer Object in Jamf Pro

  1. Navigate to Settings > Computer Management > Printers in your Jamf Pro instance.
  2. Select the + New button.
  3. Enter the following CUPS data into the Jamf Pro printer object fields:
    • Jamf Display Name: CUPS Description
    • Jamf CUPS Name: CUPS Queue Name
    • Jamf Location: CUPS Location
    • Jamf Device URI: CUPS Connection
    • Jamf PPD: If driver is required:
      • Deselect Use generic PPD file
      • Use the Upload PPD button to upload a copy of the driver file (from its original and proper location – do not upload a copy from another location such as a Desktop or Downloads folder).
  4. Fill in all other fields as appropriate for your environment and deployment.
  5. Save.

Jamf Pro EA: Member of AD Group

jamfProThis is an extension attribute script to determine if the user assigned to the computer is a member of a given AD group or groups.

In the example below, the script will return a “Yes” result if the user to which the computer is assigned in Jamf Pro is a member of the groups “ADGroupX” or “ADGroupY”.

The script will…

  • Get the computer’s serial number
  • Pull the computer record via the Jamf Pro API
  • Harvest the contents of the “username” field
  • Get the domain via dscl (computer must be bound to AD)
  • Determine if “username” is a member of “ADGroupX” or “ADGroupY”

This script can certainly be cleaned up a bit but does the job effectively.

#!/bin/sh

# Is the user assigned to this computer a member of a given AD group or groups.
# In this example, the target groups are "ADGroupX" and "ADGroupY"

serialNumber=$(ioreg -l | awk -F'"' '/IOPlatformSerialNumber/ { print $4;}')
response=$(curl -v -k -u apiComputerReadUsername:apiComputerReadPassword -H "Accept: application/xml" -H "Content-Type: application/xml" https://JamfProUrl/JSSResource/computers/serialnumber/$serialNumber)

assignedUser=$(echo $response | xpath '/computer/location/username/text()' 2>/dev/null)

domain=$(dscl /Active\ Directory/ -read . | grep SubNodes | sed 's|SubNodes: ||g')

membership=$(dscl /Active\ Directory/"$domain"/All\ Domains read /Users/$assignedUser dsAttrTypeNative:memberOf | egrep 'ADGroupX|ADGroupY')

if [[ "$membership" == "" ]]; then
 echo "<result>No</result>"
 else
 echo "<result>Yes</result>"
 fi

exit 0

The script can also be found on GitHub below.

https://github.com/themacadmin/extensionAttributes/blob/master/EAMemberOfADGroup

Casper Suite: Firmware Updates Extension Attribute

casperSuiteAs promised, here is the follow up to my previous post.

People who have followed this blog will know that I like zero touch. Unfortunately, firmware updates usually require physically touching a computer. In the absence of a scriptable robot that can go around to users’ desks pressing buttons, this process is hard to automate. Thankfully, firmware updates are relatively infrequent compared to other Apple Software Updates.

Using an Extension Attribute in the Casper Suite, I have been able to achieve the following goals…

  • Automate Apple Software Updates without continually running Software Update on computers that only have firmware updates available.
  • Generate a list of computers that require firmware updates.  This list is given to technicians as a work list of computers to visit and run the firmware updates on.

Here’s the script to use in the Extension Attribute (I call it “Available FWUs”)…

#!/bin/bash
# Populate "Firmware Updates Available" extension attribute
# Get firmware update count
fwupdcount=`softwareupdate -l | grep -c -e Firmware -e firmware -e EFI -e SMC`
echo "<result>$fwupdcount</result>"

The fourth line is looking for available software updates with names that contain the terms “Firmware”, “firmware”, “EFI”, and “SMC”.  This covers all of the firmware updates I can find on apple.com/support.  If additional terms become needed in the future, one can add ” -e <desiredTerm>” to the command between “SMC” and the final backtick.

The result will be an integer.  An Advanced Search for computers with Available FWUs more than 0 will give you the firmware update work list.  I use a Smart Computer Group containing computers with Available SWUs more than 0 and Available FWUs less than 1 as the scope for an automated Software Update policy.

I hope this is helpful!

Note: Recent Apple firmware updates haven’t been requiring manual interaction.  This process may not be needed if your environment consists solely of new hardware.

Reprint: Extending the Casper Suite with Dummy Packages

mt-cover-0909Questions about this article have come up in conversations with other Mac sysadmins.  As the reprint rights have since reverted back to me, I’m glad to share the content.

This content is copyright © 2009 by Miles A. Leacy IV.  Permission is granted to redistribute the article in it’s unaltered form.

Download the article at the link below (opens in a new window):

https://drive.google.com/open?id=1Qax-mKcTWgBnu9IANZGORyaiLDG65VV1

A few notes:

  • The Dummy Package/Dummy Receipt workflow is no longer necessary as of Casper Suite version 7.  Extension Attributes provide the same functionality in a much more usable (not to mention supported) fashion.
  • The script contained in the article can be altered to be used in an Extension Attribute. This will be covered in a follow up post on this site.
  • You may want to add terms other than “Firmware” to the script, such as “SMC”, “EFI”, etc., to cover all known firmware updates.

I hope some of you will find this article useful.