Getting LAPS password out of JamfPro (extension attribute) in PowerShell

New Contributor



Our new Anti-Ransomware product needs a way to shut mac systems down.

Something like ‘echo <password> | sudo –S shutdown –h now ‘ deployed via ssh would probably do the job; However we are using LAPS script by Phil Redfern (root password is also stored as an extension attribute).

The question is how to get the LAPS password out of Jamf – the Anti-Ransomware product uses PowerShell?

Any ideas?

Thanks, Regards, JK


Contributor II

In general, EA's can definitely be pulled with an `Invoke-RestMethod -Method Get` via the API for the computer record. From there you would just need to drill down to the specific information you need.

Hi Kendal, Thanks for your reply - much appreciated.

I know a bit about Jamf (but I’m not a scripting guru) and the aniransomware guy knows his PowerShell but we are struggling. Does he need to authenticate to Jamf to get the data (that’s my logic).

Phil Redfern’s script looks like this:


udid=$(/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/awk '/Hardware UUID:/ { print $3 }')

xmlString="<?xml version=\"1.0\" encoding=\"UTF-8\"?><computer><extension_attributes><extension_attribute><name>LAPS</name><value>$newPass</value></extension_attribute></extension_attributes></computer>"


oldPass=$(curl -s -f -u $apiUser:$apiPass -H "Accept: application/xml" $apiURL/JSSResource/computers/udid/$udid/subset/extension_attributes | xpath -e "//extension_attribute[name=$extAttName]" 2>&1 | awk -F'<value>|</value>' '{print $2}' | tail -n +1 )



We are looking for value of $oldPass – to get it we need udid first.

What he created so far is:


$apiCred = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes("${apiUser}:${apiPass}"))
$AuthHeader = "Basic ${apiCred}"
$Headers = @{'Authorization' = $AuthHeader}
$apiURL = ""
Try {
    [xml]$XMLResponse = (Invoke-WebRequest -Uri "${apiURL}" -Headers $Headers -Method Post -Body "" -ContentType "application/json").Content
    } catch [System.Net.WebException] {

        $res = $_.Exception.Response
        echo $res
$apiURL = "${Hostname}"
Try {

    [xml]$XMLResponse = (Invoke-WebRequest -Uri "${apiURL}" -Headers $Headers -Method Post).Content

    } catch [System.Net.WebException] {

        $res = $_.Exception.Response

        echo $res

Select-Xml -Xml $XMLResponse -XPath "/"



Pulling my hairs here


Here's a blurb we have used for getting items from within the computer info

$username = "<user>"
$password = "<password>"
$Headers = @{
    Authorization = 'Basic {0}' -f [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(('{0}:{1}' -f $username,$password)))
    Accept = 'application/json'
$url = "https://<yourURL>:8443/JSSResource/computers/name/$computerName"

$attributes = Invoke-RestMethod -Method Get -Uri $url -Headers $Headers
$computerInfo = $


Thank you! We should be able to test next week :)

Hi Kendal,

We run the script but the url results in error ‘not found’…

Real values replaced with Angle brackets – script run has real values.



$username = <username>
$password = <password>

$computername = <hostname>

$Headers = @{
    Authorization = 'Basic {0}' -f [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(('{0}:{1}' -f $username,$password)))
    Accept = 'application/json'
$url = "https://<jamfurl>:8443/JSSResource/computers/name/${computername}"
write-host $url

$attributes = Invoke-RestMethod -Method Get -Uri $url -Headers $Headers
$computerInfo = $


this it the output:


PS C:\Users\Administrator> C:\temp\JAMF-get-computer-info.ps1

Invoke-RestMethod : 
   Status page
Not Found
The server has not found anything matching the request URI
You can get technical details here.
Please continue your visit at our home page.
At C:\temp\JAMF-get-computer-info.ps1:13 char:15
+ ... ttributes = Invoke-RestMethod -Method Get -Uri $url -Headers $Headers ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExceptio 
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

PS C:\Users\Administrator> 



What am I doing wrong?




Presuming you're using Jamf Cloud, remove :8443 from your URL?