Archive Policies and Configuration Profiles

New Contributor II

Hi All,

I took over a Jamf role about 9 months ago in education (with no handover and sparse documentation)
(I've been a mac admin for many years but new to jamf)

There are about existing 150 profiles and 70ish config' profiles.

I'm just about getting to grips with it all and I'm planning on upgrading to catalina (Intel macs) and reinstall latest 3rd party software (mostly audio) in december

I'd love to clean sweep the lot and start from scratch - but I'm sure there's some great stuff already in place that I won't know I need till it's gone!

Is there any way of exporting /archiving everything in a way where I could bring back individual elements if needed ?


Legendary Contributor III

Rather than outright deleting stuff you're unsure about, I would consider creating a new Category in Jamf Pro, like "Disabled" or "Archived" for example and move all the ones you'd like to get out of your view into that category, and disable them. You have to be careful to understand whether something active is really being used or if it's really just old and not needed anymore before you disable them though. But for policies it's just unchecking the "enabled" checkbox. For Configuration Profiles, it would be removing the scope from them to ensure they aren't being pushed to any of your machines.

Outside of the above, there are 2 other ways I can think of to truly "archive" these items.

One would be to use the API in the case of policies to export them into an xml file.
With profiles it's easy. There's a download button within each profile when viewing it. Just download them into .mobileconfig files for safe keeping. You can easily re-import any downloaded profile in most cases using those mobileconfig files.

To re-import a policy from an xml file would take a bit more work, but it's doable with the right knowhow. In the very least the xml will be readable enough for you to see how it was set up, in terms of the payloads, scope and triggers for example. So it can be recreated if all else fails.

Lastly, you can take a look at the Jamf Pro Summary, located at the bottom of the page when you click the Settings gear icon. You can check "Policies" and "macOS Configuration Profiles" from the available options and get an organized and detailed summary of all the items currently in the server for those categories.

Hope the above helps.

New Contributor II

Thanks, defiantly helpful - some useful ideas there! I've not played with the API yet, so will do some research. Not sure why I hadn't thought about just downloading the .mobilconfigs, Thanks!



To add onto what mm270 said. Our company has gone through a similar exercise to the one you are embarking on. I'll summarise how we handled and maybe there will be some things in there that may be of help to you. 

We targeted different components of the JAMF config, listed out the information and assessed each bit to determine if it was still relevant or could be streamlined. The segments we looked at were policies, config profiles, smart groups and static groups.  

Our policies are grouped into different categories, application, utilities etc. 
As it can be challenging to easily tell in the native interface if scripts or packages are orphaned we used a bash script that pulls that information and puts it into a handy CSV for you. Script is an older one mm2270  wrote which was a massive help to us starting out, link to script. Highly recommend creating a local read only account to use with the script. This CSV was used to help review scopes, versioning, JAMF reports for usage. They were then deactivated and shifted into our Archive category to be fully removed in next quarter if still determined as not required. As mm2270 mentioned the JAMF summary is great for getting a snapshot of your settings.  

Config profiles we download a copy of the mobileconfig and back them up to our network shares. As mm270 mentioned very easy to them reimport if you find it was still needed. 

Smart group review allowed us to clean up old ones and remove nesting from groups to improve performance.  

Hopefully something in here is of help to you. 

Esteemed Contributor II

@Eddie_DJ Jamf Migrator will export Polices and Configuration Profiles, as well as many other item types, from a JSS as a .xml file that I _believe_ can be re-imported (I've never tried it personally).

New Contributor II

Thanks @AntMac  that script looks great! Great to hear from someone that's already been through this!
@sdagley  I'm not sure Jamf migrator is exactly what I want but it sure looks Interesting 👍

Esteemed Contributor II

@Eddie_DJ  Don't get caught up in the Jamf Migrator name. It can also be used as an archiving tool when you enable Save Only and Raw Source XML in the Export settings.