Skip to main content

Sometimes when an app or profile is scoped to devices, they get stuck in a pending status indefinitely, but a blank push command will "wake up" the process and it will complete. I'd like a way to send a blank push to all devices if a major profile or app gets deployed to speed up distribution.

I can pull up a smart group of managed devices, go into the action menu and send commands to the group, but sending a blank push is not an option as a remote command using this method. And I'm not interested in doing it on an individual device basis from the management menu.

Is there a way to send a blank push remote command to all devices or a group of devices?

Thanks,

Rob 

Try this scipt. Save as .sh file and run it in terminal, should work for you.

#!/bin/bash
# Created by Steven Xu on Dec. 10, 2022
# https://community.jamf.com/t5/user/viewprofilepage/user-id/41850
###################################################################
########### Modify the following parameters to fit your task #####
###################################################################

# your jss url
jss_url="https://xxxx.jamfcloud.com"

# Mobile device group id. Open the group in Jamf Pro and find the id in the browser url.
mgroup_id="19"

# Remote command action.
# Supported command: https://developer.jamf.com/jamf-pro/reference/createmobiledevicecommandurl
command="BlankPush"

###################################################################
############ Don't modify from here ##############
###################################################################

echo "Please login to your Jamf Pro Server: $jss_url"
read -p "Your account username: " api_user
stty -echo
read -p "Your password: " api_pass
stty -echo
echo

# Get authToken
authToken=$(curl -s -u "${api_user}:${api_pass}" "$jss_url/api/v1/auth/token" -X POST -H "accept: application/json" )
bearerToken=$(echo "$authToken" | plutil -extract token raw -)

# Token validation check
valid_check=$(curl -s -H "Authorization: Bearer ${bearerToken}" "$jss_url/api/v1/jamf-pro-version" -X GET | plutil -extract version raw -)
if [[ "$valid_check" == *error* ]]; then
echo Get the token failed, try the correct username and password.
exit 1
fi

# Get mobile device IDs from the mobile device group.
ids=`curl -ksu "$api_user:$api_pass" -X GET "$jss_url/JSSResource/mobiledevicegroups/id/$mgroup_id" -H "accept: application/xml" \\
| xmllint --format --xpath /mobile_device_group/mobile_devices/mobile_device/id - | sed 's/<id>//g' | sed 's/<\\/id>/,/g' | rev | sed 's/,//' | rev`

if [ -z "$ids" ]; then
echo "no devices in this group"
exit 0
else
echo "Mobile device IDs in this groups: $ids"
fi

# Send command to the mobile devices
for id in $ids
do
echo "Sending $command to device id: $id..."
/usr/bin/curl \\
--header "Authorization: Bearer ${bearerToken}" \\
--request POST \\
--header "Content-Type: application/xml" \\
--url "${jss_url}/JSSResource/mobiledevicecommands/command/${command}/id/${id}"
echo "\\n"
done

# Set the token invalid
/usr/bin/curl \\
--header "Authorization: Bearer ${bearerToken}" \\
--request POST \\
--silent \\
--url "${jss_url}/api/v1/auth/invalidate-token"
echo "Done."

 

Here is a script to send a BlankPush command to all mobile devices. 


 


#!/bin/bash

# Set the Jamf Pro URL here if you want it hardcoded.
jamfpro_url="https://Your_Jamf_Pro_URL"

# Set the username here if you want it hardcoded.
jamfpro_user="Username"

# Set the password here if you want it hardcoded.
jamfpro_password="Password"

# Function to gather and format bearer token
getBearerToken() {
response=$(/usr/bin/curl -s -u "$jamfpro_user":"$jamfpro_password" "$jamfpro_url"/api/v1/auth/token -X POST)
bearerToken=$(echo "$response" | plutil -extract token raw -)
tokenExpiration=$(echo "$response" | plutil -extract expires raw - | awk -F . '{print $1}')
tokenExpirationEpoch=$(date -j -f "%Y-%m-%dT%T" "$tokenExpiration" +"%s")
echo "New bearer token generated."
echo "Token valid until the following date/time UTC: " "$tokenExpiration"
}

# Function to check token expiration
checkTokenExpiration() {
nowEpochUTC=$(date -j -f "%Y-%m-%dT%T" "$(date -u +"%Y-%m-%dT%T")" +"%s")
if [[ tokenExpirationEpoch -lt nowEpochUTC ]]
then
echo "No valid token available, getting new token"
getBearerToken
fi
}

# Funtion to invalidate token
invalidateToken() {
responseCode=$(/usr/bin/curl -w "%{http_code}" -H "Authorization: Bearer ${bearerToken}" $jamfpro_url/api/v1/auth/invalidate-token -X POST -s -o /dev/null)
if [[ ${responseCode} == 204 ]]
then
echo "Bearer token successfully invalidated"
bearerToken=""
tokenExpirationEpoch="0"
elif [[ ${responseCode} == 401 ]]
then
echo "Bearer token already invalid"
else
echo "An unknown error occurred invalidating the bearer token"
fi
}


echo
echo "Credentials received"
echo

# Genrating bearer token
echo "Generating bearer token for server authentication..."
getBearerToken

# Get all mobile devices from Jamf Pro (this fetches a list of all devices)
DEVICE_LIST=$(curl -s -H "Authorization: Bearer $bearerToken" -X GET "$jamfpro_url/JSSResource/mobiledevices")

# Loop over each device ID and send the "Blank Push" command
for DEVICE_ID in $DEVICE_IDS; do
echo "Sending blank push to device ID: $DEVICE_ID"

# Send the blank push command (the command triggers the device to check in and refresh)
RESPONSE=$(curl -s -H "Authorization: Bearer $bearerToken" -X POST "$jamfpro_url/JSSResource/mobiledevicecommands/command/BlankPush/id/$DEVICE_ID")

# Check for a successful response
if echo "$RESPONSE" | grep -q "<status>Command sent</status>"; then
echo "Blank push sent successfully to device ID: $DEVICE_ID"
else
echo "Failed to send blank push to device ID: $DEVICE_ID"
fi
done

 


 

Here is a script to send a BlankPush command to all computers. 


 


#!/bin/bash

# Set the Jamf Pro URL here if you want it hardcoded.
jamfpro_url="https://Your_Jamf_Pro_URL"

# Set the username here if you want it hardcoded.
jamfpro_user="Username"

# Set the password here if you want it hardcoded.
jamfpro_password="Password"

# Function to gather and format bearer token
getBearerToken() {
response=$(/usr/bin/curl -s -u "$jamfpro_user":"$jamfpro_password" "$jamfpro_url"/api/v1/auth/token -X POST)
bearerToken=$(echo "$response" | plutil -extract token raw -)
tokenExpiration=$(echo "$response" | plutil -extract expires raw - | awk -F . '{print $1}')
tokenExpirationEpoch=$(date -j -f "%Y-%m-%dT%T" "$tokenExpiration" +"%s")
echo "New bearer token generated."
echo "Token valid until the following date/time UTC: " "$tokenExpiration"
}

# Function to check token expiration
checkTokenExpiration() {
nowEpochUTC=$(date -j -f "%Y-%m-%dT%T" "$(date -u +"%Y-%m-%dT%T")" +"%s")
if [[ tokenExpirationEpoch -lt nowEpochUTC ]]
then
echo "No valid token available, getting new token"
getBearerToken
fi
}

# Function to invalidate token
invalidateToken() {
responseCode=$(/usr/bin/curl -w "%{http_code}" -H "Authorization: Bearer ${bearerToken}" $jamfpro_url/api/v1/auth/invalidate-token -X POST -s -o /dev/null)
if [[ ${responseCode} == 204 ]]
then
echo "Bearer token successfully invalidated"
bearerToken=""
tokenExpirationEpoch="0"
elif [[ ${responseCode} == 401 ]]
then
echo "Bearer token already invalid"
else
echo "An unknown error occurred invalidating the bearer token"
fi
}

echo
echo "Credentials received"
echo

# Generating bearer token
echo "Generating bearer token for server authentication..."
getBearerToken

# Get all computers from Jamf Pro (this fetches a list of all computers)
DEVICE_LIST=$(curl -s -H "Authorization: Bearer $bearerToken" -X GET "$jamfpro_url/JSSResource/computers")

# Extract the computer IDs from the response
DEVICE_IDS=$(echo "$DEVICE_LIST" | grep -o '<id>[0-9]*</id>' | sed 's/<id>\\([0-9]*\\)<\\/id>/\\1/')

# Loop over each computer ID and send the "Blank Push" command
for DEVICE_ID in $DEVICE_IDS; do
echo "Sending blank push to computer ID: $DEVICE_ID"

# Send the blank push command and capture the HTTP status code
httpCode=$(curl -w "%{http_code}" -s -H "Authorization: Bearer $bearerToken" -X POST "$jamfpro_url/JSSResource/computercommands/command/BlankPush/id/$DEVICE_ID" -o /dev/null)

# Check if the push was successful
if [[ "$httpCode" == "201" ]]; then
echo "Blank push sent successfully to computer ID: $DEVICE_ID"
else
echo "Failed to send blank push to computer ID: $DEVICE_ID (HTTP Status: $httpCode)"
fi
done

 

To send a blank push to Macs, what permission is required. I’m looking in the api/clients and I can find it “Send Blank Pushes to Mobile Devices” but not a comparable for computers.

Terms & ConditionsCookie settings