Jamf pro 300 ( Day 1 ) Section 1 : Jamf Pro
Section 1 : Jamf Pro
Lession 1 LDAP
Lession 2 Certificates and Tokens
Lession 3 Infrastructure
Lession 4 Self Service
Lession 5 Enrollment
Lession 6 Framework
Lession 7 Logs
Lession 1 LDAP
Task 1 2 New LDAP
Task 3 mobile device configuration profile
Task 4
Collect user and location information from LDAP
include hidden account (computer)
Task 5 Extension Attribute
Lession 2 Certificates and Tokens
Task 1 Certificate authority for Jamf pro
Task 2
Jamf push proxy token 可半年更新
self service
Push proxy
Lession 3 Infrastructure
Task 1 New File Share Distribution Point
Task 2 Create Sites
Task 3 Standard group (Testing Admins) (site access:Testing) (administrator privileges)
Task 4 Standard group (Jame pro Admins) (site access:full access) (custom privileges)
Use Jame Admin
Save with Jamf Admin
Create,read,update.delete network segments
Task 5 Create standard user jamfpro300 (group access)
Task 6 Assign computer device to site Testing
Task 7 Smart Compupter Group (Testing site) (enrolled in past 7 days)
Task 8 class network segment
Replicating Files to a File Share Distribution Point
During replication, all files on the master distribution point are replicated to the file share distribution point that you choose.
-
Open Jamf Admin and authenticate to the Jamf Pro server.
-
In the sidebar, select the file share distribution point you want to replicate files to.
-
Click Replicate.
-
https–www.jamf.com-jamf-nation-articles-309-using-iis-to-enable-https-downloads-on-a-windows-server-2012-or-2016-file-share-distribution-point
Using Apache HTTP Server to Enable HTTP Downloads on a Linux File Share Distribution Point Knowledge Base Jamf Nation
Setting Up a File Share Distribution Point on Linux Using Samba Knowledge Base Jamf Nation
Cloud Distribution Point – Jamf Pro Administrator’s Guide Jamf
http://docs.jamf.com/10.10.0/jamf-pro/administrator-guide/Cloud_Distribution_Point.html
Lession 4 Self Service
Task 1
Task 2 Brand
Task 3 Self service bookmark
Task 4 iOS
Lession 5 Enrollment
Task 1
Task 2
Task 3 Enroll iOS and Mac OS wirh kcox LDAP user
Task 4 Login to self service wirh kcox LDAP user (check bookmark)
another setting
https://pro.jamf.training:8443/08/enroll/?type=QuickAdd (new version)
security & privacy → allow
system preference → profile → Apply
QuickAdd Package
recon (JamfManage Jamf1234) (拖拉至 recon)
compose
Lession 6 Framework
Task 1
Task 2
update management framework and print current time to /Users/Shared/managementRime.txt
updateFramework.sh
#!/bin/bash
timeStamp=`date +%F\ %T`
logFile=”/Users/Shared/ManagementTime.log”
echo “$timeStamp – Updated Management Framework for Jamf.” >> ${logFile}
jamf manage >> ${logFile}
sudo sh /Library/Jamf300/UpdateFramework.sh
Task 3
Compose a daemon to execute the script with time interval 1200 sec
cp /Library/LaunchDaemons/com.jamfsoftware.task.1.plist /Library/LaunchDaemons/com.d8services.task.1.plist
sudo cp /Library/LaunchDaemons/com.jamfsoftware.task.1.plist /Library/Jamf300/com.d8services.task.1.plist
Password:
<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>Label</key>
<string>com.jamfsoftware.task.Every 5 Minutes</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Jamf300/UpdateFramework.sh</string>
</array>
<key>StartInterval</key>
<integer>1200</integer>
<key>UserName</key>
<string>root</string>
</dict>
</plist>
Task 4
Agents
Unload the Dock agent from memory
launchctl unload /System/Library/LaunchAgents/com.apple.Dock.plist
Load the Dock agent into memory
launchctl load /System/Library/LaunchAgents/com.apple.Dock.plist
Start the Dock process
launchctl start com.apple.Dock.agent
Daemons
Update Jamf management framework
jamf manage
Print the date to a file
date +%F\ %T >> /PATH/TO/FILE
date +%F\ %T >> /Users/Shared/managementTime.txt
Daemon to call a script on a timer
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>CUSTOM_LABEL_HERE</string>
<key>ProgramArguments</key>
<array>
<string>bash</string>
<string>/PATH/TO/FILE</string>
</array>
<key>StartInterval</key>
<integer>NUMBER_OF_SECONDS</integer>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Set ownership and permission for a daemon
chown root:wheel /PATH/TO/FILE
chown root:wheel /Users/Shared/managementTime.txt
chmod 644 /PATH/TO/FILE
chmod 644 /Users/Shared/managementTime.txt
Load a daemon
launchctl load /PATH/TO/FILE
launchctl load /Users/Shared/managementTime.txt
Lession 7 Logs
Task 1
Task 2
Task 3
Task 4
To Enable Debug Mode for Jamf Applications:
Create a directory named “debug” within:
/path/to/Jamf Application.app/Contents/Support
For example:
touch /Applications/Jamf\ Pro/Jamf\ Admin.app/Contents/Support/debug
Task 5
curl https://pro.jamf.training:8443/08/healthCheck.html
/Library/Jamf300/healthCheck.sh
#!/bin/bash
serverURL=https://pro.jamf.training:8443/08/healthCheck.html
timeStamp=`date +%F\ %T`
logFile=”/Users/Shared/HealthStatus.log”
ServerStatus=`curl -sk $serverURL`
echo “${timeStamp} – Checking ${serverURL}” >> ${logFile}
if [[ ${ServerStatus}==”[]” ]];then
echo “${timeStamp} – Result is Good” >> ${logFile}
else
echo “${timeStamp} WARNING:Server is Dead… FIX IT NOW!!!” >> ${logFile}
fi
namo 編輯檔案
近期留言