Allow Teachers to Clear Passcode

RDowson
New Contributor III

Hi all,

I'm looking for some suggestions. We would like to allow teachers to be able to clear device passcodes as this gets the iPads back up and running quickly and reduces the number of calls to our service desk.

We would rather not give teachers access to the Jamf console. Is there any other method that exists that would do what we are looking for?

We also use AirWatch and that has a serf-service portal that can be used and it works reasonably well.

I know the Jamf API could probably help us but we don't have the time or expertise to write something from scratch.

8 REPLIES 8

Emmert
Valued Contributor

I have a web page that does this using the API, but it's not really written for public consumption. Here's a quick python script that might get you started down the right path. You'll want to set up a special user with basically no privileges for it to connect to your JSS with.

#!/usr/bin/python
import requests
import xml.etree.ElementTree as ET
import sys

usr = 'apirobot'
pwd = 'apirobotspassword'
jss = 'http://jss.whatever.xxx'
search = sys.argv[1]

print 'Searching for iPads belonging to ' + search + '
'

r = requests.get(jss + '/JSSResource/mobiledevices/match/' + search, auth=(usr, pwd))
stripped = r.text.encode('ascii', 'ignore')
root = ET.fromstring(stripped)

for results in root.findall('*/id'):

  print 'Mobile device found with ID ' + results.text + '
'

  s = requests.post(jss + '/JSSResource/mobiledevicecommands/command/ClearPasscode/id/' + results.text, auth=(usr, pwd))
  t = requests.post(jss + '/JSSResource/mobiledevicecommands/command/BlankPush/id/' + results.text, auth=(usr, pwd))

print 'Commands complete.'

Emmert
Valued Contributor

If those of you that don't own a mind reading helmet, here are the steps to get this working:

  1. From the command line, run: sudo easy_install pip
  2. Then: sudo pip install requests
  3. Copy this into a new text document named clearpasscode.py
  4. Fill in the variables for username, password, and JSS address
  5. From the same folder, run: chmod +x clearpasscode.py
  6. Run: ./clearpasscode.py with a space and then an argument afterwards, like the username an iPad is assigned to

If my dumb thing works it will find something and send it the clear passcode command. I guess the requests library (and the pip tool) aren't standard installs.

RDowson
New Contributor III

Thanks very much!
I think I'm close to getting it working but I'm getting the following when I run it:

Searching for iPads belonging to rdowson

Traceback (most recent call last):
  File "./clearpasscode.py", line 15, in <module>
    root = ET.fromstring(stripped)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/xml/etree/ElementTree.py", line 1311, in XML
    parser.feed(text)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/xml/etree/ElementTree.py", line 1659, in feed
    self._raiseerror(v)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/xml/etree/ElementTree.py", line 1523, in _raiseerror
    raise err
xml.etree.ElementTree.ParseError: mismatched tag: line 10, column 2

Do you know what is causing this? Scripting isn't my strong point.

cpominville
Contributor

There is an App called Classroom for Teachers to use to "manage" their students iPads. One of the features of this app, is to reset Apple ID passwords for their students. OOPs, sorry, you said DEVICE passcodes...

Emmert
Valued Contributor

@RDowson I'd interpret that error message as meaning that what it received from the server wasn't valid XML. Maybe try searching on an iPad serial instead of a username and see if you get similar results?

Edit: I bet your JSS is returning JSON instead of XML. Try adding this line below the imports:

headers = {'accept': 'application/xml;q=0.9, */*;q=0.8'}

And change the requests line to this:

r = requests.get(jss + '/JSSResource/mobiledevices/match/' + search, auth=(usr, pwd), headers=headers)

RDowson
New Contributor III

Serial number worked! Thanks again.

Emmert
Valued Contributor

Or that. Ha! The match API thing is really lenient and should work just like a regular JSS search.

cpominville
Contributor

Following this post, there is something I have missed. With 1-1 iPads, they do not connect to Wi-fi after a reboot until you enter a passcode. What have we been telling people for years, to do if things are not working with a computer, reboot! So people reboot the iPads. Then there is no Wi-fi connection!

We installed an ethernet adapter in a location, so the iPad can be plugged in by the secretary of the school and then we can send the remote command to remove the passcode.

It doesn't remove a call into our help desk, but at least we don't have to drive 6 hours (yes, 6 hours) to one of our remote schools to fix it.