Posted on 03-04-2020 08:24 AM
We have in self service one button for off-boarding process, it will erase disk and reinstall a clean macOS (https://bitbucket.org/prowarehouse-nl/erase-install/). This computer could be resigned to someone or unsubscribe definitely. In this last case, we want to keep information in Jamf inventory but for sure, not pay jamf licence for for years.... so we need to change the status from managed to unmanaged.(is this the correct answer?)
We don't know what's the best approach to do it.... any suggestion? Thanks :)
Posted on 03-04-2020 08:59 AM
I've added this to my script to accomplish exactly what you are trying to do with an erase-install script. You will need to create a service account in your JSS that has permission to update users and computer objects.
#Use Jamfs encrypted parameter tool to log in to JSS
#This is found at https://github.com/jamf/Encrypted-Script-Parameters
function DecryptString() {
# Usage: ~$ DecryptString "Encrypted String" "Salt" "Passphrase"
echo "${1}" | /usr/bin/openssl enc -aes256 -d -a -A -S "${2}" -k "${3}"
}
jsspw=$(DecryptString $stringtodecrypt $salt $k)
# Get JSS ID for current computer.
#get serial number and look up JSS ID
serial=$(system_profiler SPHardwareDataType | awk '/Serial Number/{print $NF}')
echo "the computers serial is $serial"
computerID=$(curl -sku $jssapiuser:$jsspw $jssurl/JSSResource/computers/serialnumber/$serial -H "Accept: text/xml" -X GET | xmllint --xpath '/computer/general/id/text()' -)
echo "the computers JSS ID is $computerID"
#Unmanage device in JSS
/usr/bin/curl -sku $jssapiuser:$jsspw $jssurl/JSSResource/computers/id/$computerID -H "Content-Type: text/xml" -X PUT -d "<computer><general><remote_management><managed>false</managed></remote_management></general></computer>"
/usr/bin/curl -sku $jssapiuser:$jsspw $jssurl/JSSResource/computercommands/command/UnmanageDevice/id/$computerID -X POST
#Flush All Logs
/usr/local/jamf/bin/jamf flushPolicyHistory
Posted on 03-09-2020 06:16 AM
Thanks for your reply! It looks interesting but I will like to avoid to use user API
Posted on 03-09-2020 06:40 AM
@yann.palacios If you don't want to use the API you'll need to manually edit the computer record in your Jamf Pro console to mark the machine as unmanaged.