Hi all, I'm struggling to come up with a good solution to what I can only imagine is a common one: We use a config profile to deploy a certificate for connecting to our wireless network. Sometimes users delete that issued cert accidentally. Sometimes there are issues and our support staff may need to delete the cert during troubleshooting. But - how do you get a new one issued? The device still has the config profile - it just needs a new cert. Do you Unscope and rescope the specific device (and absolutely positively make sure you don't accidentally click the "apply to all devices" option)? Do you duplicate the config profile and put a copy in Self Service? But then you'd have 2 profiles potentially on the device that do the same thing? Maybe you could remove the device from the scope of the other config profile when the Self Service one is run? But then, down the line, when you may need to update/change this config profile - how do you force it to those few users who now only have the Self Service profile?
Maybe with some fancy API work you could have a button in Self Service that removed the device from the scope, and then re-added it? Is that even possible with the API?
Anyway, been struggling with this one for a bit and very curious to hear how others are approaching and/or dealing with it.
Thank you! Matt
Best answer by sdagley
@mbezzo Here's an example of my script to add/remove a computer to/from a static group:
#!/bin/bash
# Add and remove a computer from a group example by @sdagley
# Thanks to unknown author for the example of breaking out the xmlHeader and apiData
# for API calls
#
# Parameter 4 - JSS URL
# Parameter 5 - Encrypted username for Jamf Pro API access account
# Parameter 6 - Encrypted password for Jamf Pro API access account
jssAddress="$4"
jssAPIUsernameEncrypted="$5"
jssAPIUsernameSalt="UsernameSaltHere"
jssAPIUsernamePassphrase="UsernamePassphraseHere"
jssAPIPasswordEncrypted="$6"
jssAPIPasswordSalt="PasswordSaltHere"
jssAPIPasswordPassphrase="PasswordPassphraseHere"
function DecryptString() {
# Usage: ~$ DecryptString "Encrypted String" "Salt" "Passphrase"
echo "${1}" | /usr/bin/openssl enc -aes256 -d -a -A -S "${2}" -k "${3}"
}
jssAPIUsername=$(DecryptString $jssAPIUsernameEncrypted $jssAPIUsernameSalt $jssAPIUsernamePassphrase)
jssAPIPassword=$(DecryptString $jssAPIPasswordEncrypted $jssAPIPasswordSalt $jssAPIPasswordPassphrase)
ComputerName=$(/usr/sbin/scutil --get ComputerName)
apiURL="JSSResource/computergroups/id/"
#XML header stuff
xmlHeader="<?xml version="1.0" encoding="UTF-8"?>"
TargetGroupID="GroupID#Here"
TargetGroupName="GroupNameHere"
# Add computer to a group
apiData="<computer_group><id>${TargetGroupID}</id><name>${TargetGroupName}</name><computer_additions><computer><name>$ComputerName</name></computer></computer_additions></computer_group>"
curl -sSkiu ${jssAPIUsername}:${jssAPIPassword} "${jssAddress}/${apiURL}${TargetGroupID}"
-H "Content-Type: text/xml"
-d "${xmlHeader}${apiData}"
-X PUT
TargetGroupID="GroupID#Here"
TargetGroupName="GroupNameHere"
# Delete computer from a group
apiData="<computer_group><id>${TargetGroupID}</id><name>${TargetGroupName}</name><computer_deletions><computer><name>$ComputerName</name></computer></computer_deletions></computer_group>"
curl -sSkiu ${jssAPIUsername}:${jssAPIPassword} "${jssAddress}/${apiURL}${TargetGroupID}"
-H "Content-Type: text/xml"
-d "${xmlHeader}${apiData}"
-X PUT
exit 0
