Skip to main content

I created a couple of custom schemas in JSON for this new feature. Just cause I'm excited about it! I learned JSON schemas today to do this, so they might be a little basic but maybe someone will find them useful.
Enterprise Connect:



{
"$schema": "http://json-schema.org/schema#",

"definitions": {
"share": {
"type": "object",
"properties": {
"path": {"type": "string"}
}
}
},

"type": "object",
"properties": {
"adRealm": {"type": "string", "default": ""},
"alwaysGetNewTicket": {"type": "boolean", "default": "false"},
"checkForNetworkServer": {"type": "string", "default": ""},
"checkForNetworkType": {"type": "boolean", "default": "false"},
"checkShowLegacyCertificates": {"type": "boolean", "default": "false"},
"connectDelay": {"type": "integer", "default": 0, "minimum": 0},
"connectionCompletedScriptPath": {"type": "string", "default": ""},
"connectReminderNagInterval": {"type": "integer", "default": 86400, "minimum": 0},
"connectReminderTime": {"type": "integer", "minimum": 0},
"dailyReconnectTime": {"type": "integer", "default": 86400, "minimum": 0},
"debugMode": {"type": "boolean", "default": "false"},
"destroyKerbTicketUponCardRemoval": {"type": "boolean", "default": "true"},
"disablePasswordExpirationChecking": {"type": "boolean"},
"disablePasswordFunctions": {"type": "boolean", "default": "false"},
"managedshares": {
"type": "array",
"items": {"$ref": "#/definitions/share"},
"default": []
},
"mountNetworkHomeDirectory": {"type": "boolean", "default": "false"},
"orgLogoPath": {"type": "string"},
"orgUsernameLabel": {"type": "string"},
"passwordChangeScriptPath": {"type": "string"},
"passwordChangeURL": {"type": "string"},
"passwordExpireOverride": {"type": "integer", "minimum": 0},
"passwordNotificationDays": {"type": "integer", "default": 15, "minimum": 0},
"preferredDC": {"type": "string"},
"prepopulatedUsername": {"type": "string", "default": ""},
"pwReqComplexity": {"type": "boolean", "default": "false"},
"pwReqComplexityDisableUnicode": {"type": "boolean", "default": "false"},
"pwReqHistoryCount": {"type": "integer", "minimum": 0},
"pwReqLength": {"type": "integer", "minimum": 0},
"pwReqMinimumPasswordAge": {"type": "integer", "minimum": 0},
"pwReqText": {"type": "string", "default": ""},
"runAuditScript": {"type": "boolean"},
"runAuditScriptPath": {"type": "string"},
"runPasswordChangeScriptOnLocalPasswordSync": {"type": "boolean", "default": "true"},
"runPeriodicStateCheck": {"type": "boolean", "default": "true"},
"setupReminderNagInterval": {"type": "integer", "default": 86400, "minimum": 0},
"shareMountWaitSeconds": {"type": "integer", "default": 0, "minimum": 0},
"showKeychainIdentities": {"type": "boolean", "default": "false"},
"showMenuExtra": {"type": "boolean", "default": "true"},
"showUsernameWithSmartcard": {"type": "boolean", "default": "false"},
"smartCardMode": {"type": "boolean", "default": "false"},
"syncLocalPassword": {"type": "boolean"}
}
}


And Firefox:



{
"$schema": "http://json-schema.org/schema#",

"definitions": {
"bookmark": {
"type": "object",
"properties": {
"Folder": {"type": "string"},
"URL": {"type": "string"},
"Title": {"type": "string"},
"Favicon": {"type": "string"},
"Placement": {"type": "string"}
}
}
},

"type": "object",
"properties": {
"DisableSetDesktopBackground": {"type": "boolean", "default": "true"},
"Preferences": {
"type": "object",
"properties": {
"app.update.auto": {"type": "boolean", "default": "true"},
"security.default_personal_cert": {"type": "string", "default": "Ask Every Time"}
}
},
"DisableProfileImport": {"type": "boolean", "default": "true"},
"DisableSecurityBypass": {
"type": "object",
"properties": {
"InvalidCertificate": {"type": "boolean", "default": "true"},
"SafeBrowsing": {"type": "boolean", "default": "true"}
}
},
"DNSOverHTTPS":{
"type": "object",
"properties": {
"Enabled": {"type": "boolean", "default": "false"},
"Locked": { "type": "boolean", "default": "true"},
"ProviderURL": { "type": "string", "default": "URL_TO_ALTERNATE_PROVIDER" }
}
},
"CaptivePortal": { "type": "boolean", "default": "false" },
"DisableAppUpdate": { "type": "boolean", "default": "true" },
"DefaultDownloadDirectory": { "type": "string", "default": "${home}/Downloads" },
"DontCheckDefaultBrowser": { "type": "boolean", "default": "true" },
"SSLVersionMin": { "type": "string", "default": "tls1.2" },
"Certificates":{
"type": "object",
"properties": {
"Install": {
"type": "array",
"items": {"type": "string"},
"default": ["cert1.der","cert2.pem"]
},
"ImportEnterpriseRoots": { "type": "boolean", "default": "true" }
}
},
"Homepage":{
"type": "object",
"properties": {
"URL": { "type": "string", "default": "http://example.com" },
"Additional": {
"type": "array",
"items": {"type": "string"},
"default": ["https://www.example.com/extra-home1.htm","https://www.example.com/extra-home2.htm","https://www.example.com/extra-home3.htm"]
},
"Locked": { "type": "boolean", "default": "true" },
"StartPage": { "type": "string", "default": "homepage"}
}
},
"DisableFormHistory": { "type": "boolean", "default": "true" },
"SupportMenu":{
"type": "object",
"properties": {
"Title": { "type": "string", "default": "Click here for help" },
"URL": { "type": "string", "default": "http://example.edu/" },
"AccessKey": { "type": "string", "default": "C" }
}
},
"DisableSafeMode": { "type": "boolean", "default": "true" },
"ExtensionUpdate": { "type": "boolean", "default": "false" },
"DisableSystemAddonUpdate": { "type": "boolean", "default": "true" },
"DisableFirefoxScreenshots": { "type": "boolean", "default": "true"},
"FlashPlugin":{
"type": "object",
"properties": {
"Allow": {
"type": "array",
"items": {"type": "string"},
"default": ["https://www.example.com"]
},
"Block": {
"type": "array",
"items": {"type": "string"},
"default": ["https://www.example.org"]
},
"Default": { "type": "boolean", "default": "true" },
"Locked": { "type": "boolean", "default": "true" }
}
},
"DisableFirefoxAccounts": { "type": "boolean", "default": "true" },
"ExtensionSettings":{
"type": "object",
"properties": {
"*":{
"type": "object",
"properties": {
"blocked_install_message": {"type": "string", "default": "Custom error message"},
"install_sources": {
"type": "array",
"items": {"type": "string"},
"default": ["https://addons.mozilla.org/"]
},
"installation_mode": {"type": "string", "default": "blocked"}
}
},
"uBlock0@raymondhill.net":{
"type": "object",
"properties": {
"installation_mode": {"type": "string", "default": "force_installed"},
"install_url": {"type": "string", "default": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"}
}
}
}
},
"DisplayBookmarksToolbar": { "type": "boolean", "default": "true" },
"HardwareAcceleration": { "type": "boolean", "default": "false" },
"DisablePrivateBrowsing": { "type": "boolean", "default": "true" },
"EnterprisePoliciesEnabled": { "type": "boolean", "default": "false" },

"Bookmarks": {
"type": "array",
"items": {"$ref": "#/definitions/bookmark"},
"default": [{"Folder":"Example1Folder","URL":"https://www.example.org","Title":"Example1","Favicon":"https://www.example.org/favicon.ico","Placement":"toolbar"},{"Folder":"Example2Folder","URL":"https://www.example.com","Title":"Example2","Favicon":"https://www.example.com/favicon.ico","Placement":"menu"}]
},
"NetworkPrediction": { "type": "boolean", "default": "false" },
"EnableTrackingProtection":{
"type": "object",
"properties": {
"Fingerprinting": { "type": "boolean", "default": "true" },
"Value": { "type": "boolean", "default": "true" },
"Locked": { "type": "boolean", "default": "true" },
"Cryptomining": { "type": "boolean", "default": "true" }
}
},
"OverrideFirstRunPage": {"type": "string", "default": "https://www.example.com"},
"Extensions":{
"type": "object",
"properties": {
"Install": {
"type": "array",
"items": {"type": "string"},
"default": ["https://addons.mozilla.org/firefox/downloads/file/1053714/ghostery_privacy_ad_blocker-8.2.4-an+fx.xpi"]
},
"Uninstall": {
"type": "array",
"items": {"type": "string"},
"default": []
},
"Locked":
{
"type": "array",
"items": {"type": "string"},
"default": ["firefox@ghostery.com"]
}
}
},
"Authentication":{
"type": "object",
"properties": {
"NTLM": {
"type": "array",
"items": {"type": "string"},
"default": ["mydomain.com","https://myotherdomain.com"]
},
"Delegated": {
"type": "array",
"items": {"type": "string"},
"default": ["mydomain.com","https://myotherdomain.com"]
},
"AllowNonFQDN":{
"type": "object",
"properties": {
"SPNEGO": { "type": "boolean", "default": "true" },
"NTLM": { "type": "boolean", "default": "true" }
}
},
"AllowProxies":{
"type": "object",
"properties": {
"SPNEGO": { "type": "boolean", "default": "true" },
"NTLM": { "type": "boolean", "default": "true" }
}
},
"Locked": { "type": "boolean", "default": "true" },
"SPNEGO": {
"type": "array",
"items": {"type": "string"},
"default": ["mydomain.com","https://myotherdomain.com"]
}
}
},
"Proxy":{
"type": "object",
"properties": {
"SocksVersion": {"type": "string", "default": "4"},
"Mode": {"type": "string", "default": "manual"},
"HTTPProxy": {"type": "string", "default": "proxy.example.com:80"},
"Locked": { "type": "boolean", "default": "true" }
}
},
"SecurityDevices":{
"type": "object",
"properties": {
"NAME_OF_DEVICE": {"type": "string", "default": "PATH_TO_LIBRARY_FOR_DEVICE"}
}
},
"OverridePostUpdatePage": {"type": "string", "default": ""},
"BlockAboutSupport": { "type": "boolean", "default": "true" },
"LocalFileLinks": {
"type": "array",
"items": {"type": "string"},
"default": ["http://example.org","http://example.edu"]
},
"Permissions":{
"type": "object",
"properties": {
"Camera":{
"type": "object",
"properties": {
"Allow": {
"type": "array",
"items": {"type": "string"},
"default": ["https://example.org"]
},
"BlockNewRequests": { "type": "boolean", "default": "true" },
"Block": {
"type": "array",
"items": {"type": "string"},
"default": ["https://example.edu"]
},
"Locked": { "type": "boolean", "default": "true" }
}
},
"Microphone":{
"type": "object",
"properties": {
"Allow": {
"type": "array",
"items": {"type": "string"},
"default": ["https://example.org"]
},
"BlockNewRequests": { "type": "boolean", "default": "true" },
"Block": {
"type": "array",
"items": {"type": "string"},
"default": ["https://example.edu"]
},
"Locked": { "type": "boolean", "default": "true" }
}
},
"Location":{
"type": "object",
"properties": {
"Allow": {
"type": "array",
"items": {"type": "string"},
"default": ["https://example.org"]
},
"BlockNewRequests": { "type": "boolean", "default": "true" },
"Block": {
"type": "array",
"items": {"type": "string"},
"default": ["https://example.edu"]
},
"Locked": { "type": "boolean", "default": "true" }
}
},
"Notifications":{
"type": "object",
"properties": {
"Allow": {
"type": "array",
"items": {"type": "string"},
"default": ["https://example.org"]
},
"BlockNewRequests": { "type": "boolean", "default": "true" },
"Block": {
"type": "array",
"items": {"type": "string"},
"default": ["https://example.edu"]
},
"Locked": { "type": "boolean", "default": "true" }
}
}
}
} ,
"PasswordManagerEnabled": { "type": "boolean", "default": "false" },
"NoDefaultBookmarks": { "type": "boolean", "default": "true" },
"FirefoxHome":{
"type": "object",
"properties": {
"TopSites": { "type": "boolean", "default": "true" },
"Pocket": { "type": "boolean", "default": "false" },
"Search": { "type": "boolean", "default": "true" },
"Snippets": { "type": "boolean", "default": "false" },
"Locked": { "type": "boolean", "default": "true" },
"Highlights": { "type": "boolean", "default": "true" }
}
},
"DisableFeedbackCommands": { "type": "boolean", "default": "true" },
"DisablePasswordReveal": { "type": "boolean", "default": "true" },
"AppUpdateURL": {"type": "string", "default": "https://www.example.com/update.xml"},
"DisableTelemetry": { "type": "boolean", "default": "true" },
"DisableDeveloperTools": { "type": "boolean", "default": "true" },
"SearchBar": {"type": "string", "default": "separate"},
"WebsiteFilter":{
"type": "object",
"properties": {
"Block": {
"type": "array",
"items": {"type": "string"},
"default": ["<all_urls>"]
},
"Exceptions": {
"type": "array",
"items": {"type": "string"},
"default": ["https://www.google.com/*","https://www.yahoo.com/*"]
}
}
},
"DisableFirefoxStudies": { "type": "boolean", "default": "true" },
"DownloadDirectory": {"type": "string", "default": "${home}/Downloads"},
"BlockAboutConfig": { "type": "boolean", "default": "true" },
"DisableMasterPasswordCreation": { "type": "boolean", "default": "true" },
"SanitizeOnShutdown": { "type": "boolean", "default": "true" },
"InstallAddonsPermission":{
"type": "object",
"properties": {
"Allow": {
"type": "array",
"items": {"type": "string"},
"default": ["https://example.org","https://example.edu"]
},
"Default": { "type": "boolean", "default": "false" }
}
},
"DisablePocket": { "type": "boolean", "default": "true" },
"DisableBuiltinPDFViewer": { "type": "boolean", "default": "true" },
"DisableProfileRefresh": { "type": "boolean", "default": "true" },
"NewTabPage": { "type": "boolean", "default": "false" },
"OfferToSaveLoginsDefault": { "type": "boolean", "default": "false" },
"OfferToSaveLogins": { "type": "boolean", "default": "false" },
"SSLVersionMax": {"type": "string", "default": "tls1.3"},
"BlockAboutAddons": { "type": "boolean", "default": "true" },
"RequestedLocales": {
"type": "array",
"items": {"type": "string"},
"default": ["de","en-US"]
},
"BlockAboutProfiles": { "type": "boolean", "default": "true" },
"Cookies":{
"type": "object",
"properties": {
"Locked": { "type": "boolean", "default": "true" },
"ExpireAtSessionEnd": { "type": "boolean", "default": "true" },
"Default": { "type": "boolean", "default": "false" },
"Allow": {
"type": "array",
"items": {"type": "string"},
"default": ["https://www.example.org/"]
},
"RejectTracker": { "type": "boolean", "default": "true" },
"Block": {
"type": "array",
"items": {"type": "string"},
"default": ["https://www.example.edu/"]
},
"AcceptThirdParty": {"type": "string", "default": "never"}
}
},
"DisableForgetButton": { "type": "boolean", "default": "true" },
"PopupBlocking":{
"type": "object",
"properties": {
"Allow": {
"type": "array",
"items": {"type": "string"},
"default": ["https://www.example.org","https://www.example.edu"]
},
"Default": { "type": "boolean", "default": "true" },
"Locked": { "type": "boolean", "default": "true" }
}
}
}
}

@mm2270 I was able to upload this into a configuration profile for testing. Would you mind sharing how I can blacklist all extensions by default, then whitelist a only a select few with firefox? I am able to do something similar with chrome, but still trying to figure out firefox.


@jorge.blandon Here is a link to a Git where many jsons are for different programs
https://github.com/Jamf-Custom-Profile-Schemas


Has Anyone Created a Chrome one yet


Great thread. I wanted to post a default for those not familiar with JSON. You can copy/paste after finding out which value types and values you need for your custom domain settings. I found this especially easy using ProfileCreator and looking at the raw XML values then converting it to JSON.



This should save time exporting and creating new profiles with ProfileCreator while still using ProfileCreator as the reference for some application specific custom settings - ie use that GUI to find the settings you want then port it to a JSON schema so you can keep it up-to-date in Jamf Pro.



{

"$schema": "http://json-schema.org/schema#",

"type": "object",
"properties": {

"keyNameString": {
"type": "string",
"title": "This String",
"description": "Enter the string value",
"default": "myString"
},

"keyNameNumber": {
"type": "number",
"title": "This Number",
"description": "This number is an array of choices. The default is 0",
"default": 0,
"enum": [0, 1, 2, 3, 4]
},

"keyNameBoolean": {
"type": "boolean",
"title": "This Boolean",
"description": "This boolean is true or false. The default is false.",
"default": "false"

}

}

}


EDIT: Larger template here - https://github.com/j-samuel-clark/jamf-scripts/blob/master/jsonSchemaTemplate.json


I see there is one for NoMAD, but what about NoMAD Login?


@jbisgett I've been meaning to work toward creating one, but I haven't had a lot of time lately. Check back once in a while and there will be one eventually.


I'm still having a little trouble with this. I am trying to enable the "Turn on new meeting experience" checkbox in the Teams settings. I cannot simply replace the file because it contains other important user settings.
I've found the file and the key.



/Users/r[user]/Library/Application Support/Microsoft/Teams/desktop-config.json


and



{"appPreferenceSettings":{"callingMWEnabledPreferenceKey":true}


but I am having trouble making it work.



I tried using the tool found here to no avail. I built the following schema, uploaded it to the custom settings payload then deployed to a test device but it had no effect.



Am I approaching this the wrong way? Can someone point me in the right direction?




Would it be simpler to just edit the JSON with a script to change the value to TRUE?


Maybe a group of us can work on developing a script that can be added to Xcode/build tools to generate a basic JSON Schema for all the preferences available in source code. I assume there's a way to scan the source code for defaults.


@djrory The problem, I think, is that you're using a custom application schema to (try to) update the settings in a json file, which isn't what this is used for. What the custom schemas ultimately do is give you a simple GUI interface for configuring and sending out Configuration Profiles, which are just xml/plist files. IOW, I don't believe a Config Profile can affect a json file on the local machine. You'll probably have to directly manipulate the json file settings and see if it works to apply the change. If it does, there's likely a way it can be scripted.



Either that, or keep digging and investigating to see if there's an actual plist setting and value that stores that same item. If you find one, then using a Custom Application Schema would make sense.


Hello, I have the following Schema setup where I want to bock all Chrome Extensions except the ones our School has approved.
I attached a picture of what we have for a Schema.



Then in Properties I have the extension ID set to under Add/Remove key hoping to block them all and then I am adding the Extension ID of the ones we want to allow. However it is not working when I test with a test account on a laptop and I have it scoped to the test account and the laptop being used. Even just for testing the I took the one Key I had with the out and then just left the one extension ID I wanted to allow in there, but set to block and was still able to add it. I was hoping to block Chrome extensions this way instead of using a plist as we have done that before and it works. Any advice would be great. Hope I posted this in the right area.


Great thread.Do we have a similar JSON file for Microsoft Office/Office 365 aswell ?


@Santosh There are already built-in configurations for Microsoft in the Application & Custom Settings editor. Select Source->Jamf Repository and then the Preference Domain popup will list several com.microsoft domains to choose from.


@sdagley correct.

that's what i understood for the JAMF Documentation. We are using JAMF PRO 10.19 Under Application & Custom Settings editor,when i Select Source as Jamf Repository i dont see any Preference domain as popup


@Santosh Are you saying that the popup menu shown in your image below the Preferences Domain label doesn't display any choices? The feature is there in 10.19, so it should work. I'm on a newer version and here's what that editor looks like for me:





When clicked I see this:




@Santosh A lot of strange issues in Jamf Pro can be resolved by clearing your browser cache, restarting the browser and trying again. I would try that to see if the pop up menu options show up after that. If they don't, then it might be time to open a support ticket with Jamf about it.



Also, since you stated you're on 10.19, that likely means you have an on-prem Jamf Pro setup, correct? If so, you might have to work with Jamf support to see if something went wrong with the last update you did on the server. Or you could try upgrading to a more recent version.


@mm2270 @sdagley Thanks a lot for your response. i have tried to test in multiple browsers and different systems. But i still have the same problem. as you guys said it could be something with my JAMF PRO version. i will try to update to the latest version and see. even if still it dosen't work then i will open a support ticket with JAMF


This is fantastic Stuff! Thanks to everyone putting these together! Any of you amazing souls working on one for Cisco Anyconnect for Big Sur and webfiltering? I found some information(https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/upgrade/AnyConnect_macOS_BigSur_Advisory.pdf) but i have no idea how to translate the webfilter properties into a json file.


@LovelessinSEA The web filter payload isn't something you'd create as a part of an Application & Custom Settings payload. You'd need to create a signed .mobileconfig externally and then upload to Jamf Pro, or wait for Jamf to add the ability to directly create that payload.


I'm trying to learn how to create these json schemas, however, seem to be struggling. Does anyone know if there are any videos or detailed documentation on this? I'm trying to setup one for Defender ATP. I even tried to use schema builder here: https://github.com/BIG-RAT/Managed-App-Schema-Builder. However, I'm doing something wrong because I get an error when I try to save the configuration profile in Jamf.



Any advice is greatly appreciated!


Hey @bcbackes,
for a general idea of how JSON Schema works you can look here: https://json-schema.org/learn/getting-started-step-by-step.html
There are options specific to JAMF. Best bet would be to look at samples of other people.


Ok, I was messing around with Citrix Workspace and looking at how I could lock down some settings in the "com.citrix.receiver.nomas.plist" file. Basically, I was looking to set the following settings:
AutoUpdateState
CEIPEnabled
CitrixCastingEnabled
CrashReportingEnabled



I've added the schema below. Everything was locked down when deploying this out with a configuration profile with the exception of the Citrix Casting Enabled key. For some strange reason, it wasn't greyed out like the others and I was able to enable it afterwards. The rest work great. The Auto Update State actually disappears from Preferences when you select Disabled.



Let me know what I can do better. Thanks!



{
"title": "com.citrix.receiver.nomas",
"description": "Citrix Workspace",
"properties": {
"AutoUpdateState": {
"type": "string",
"title": "AutoUpdateState",
"description": "Options are: Auto, Manual, Disabled.",
"examples": [
"Auto",
"Manual",
"Disabled"
]
},
"CEIPEnabled": {
"description": "Enable Customer Experience Improvement Program",
"title": "CEIPEnabled",
"type": "boolean"
},
"CitrixCastingEnabled": {
"description": "Enables Citrix Casting to External Hubs",
"title": "CitrixCastingEnabled",
"type": "boolean"
},
"CrashReportingEnabled": {
"description": "Crash Reporting",
"title": "CrashReportingEnabled",
"type": "boolean"
}
}
}

Is anyone having issues with NoMAD's preferences from @mscottblake Here?



I'm trying to add the KeychainItems section and all i get is "Configure" and then a blank area - no where to add the actually items I want. Am I missing something?



Ideally, I'm trying to add "com.apple.network.eap.user.item.wlan.ssid.NETWORKNAME" "<<shortname>>" to sync wifi credentials.



Jamf Screenshot



The KeychainItems section has this as its code



        "KeychainItems": {
"title": "KeychainItems",
"description": "A Dictionary or Keychain Items matching an item name to an account name. On password change, NoMAD will update these items with the user’s new password.",
"propertyOrder": 10,
"anyOf": :
{
"title": "Not Configured",
"type": "null"
},
{
"title": "Configured",
"type": "object"
}
],
"options": {
"infoText": "Key: KeychainItems"
},
"links": :{
"rel": "More information",
"href": "https://nomad.menu/help/preferences-and-what-they-do/"
}]
},

@HeightsCollege The KeychainItems cannot be modified in this manner. The XML is expecting an array of <dict>s, but it is not possible to do this with the current implementation of the Jamf schema.



You can see the same issue with the Jamf Connect schema.


Thanks for the clarifications @mscottblake. So basically its only in the schema to allow for when Jamf supports it? Meaning that config of those parameters are limited to plist upload at the moment.
Also excited about NoMAD 2 thats been shared on macadmins slack - hopefully fix a number of issues.


Reply