Help

Removable configuration profile triggerable via execution URL?

jwng
New Contributor III

2 weeks ago

So I have a configuration profile thats installable via execution URL:

jamfselfservice://content?entity=configprofile&id=120&action=execute .

Said config profile has the "Allow Removal" flag checked.

 

Does JAMF Self Service have a "remove" URL similar to the execution URL , that I can use in Shell script, so I can have a non interactive , script triggered removal of the config profile?

 

 

 

0 Kudos
2 REPLIES 2

RaGL
New Contributor III

2 weeks ago

I'm not aware of any "remove" URL, but you can use "/usr/bin/profiles -R -p [Profile Identifier]" in your script. 
To get the identifier, you can just check in Jamf in a computer record, which got the profile installed and check for the Identifier there.

0 Kudos

AJPinto
Honored Contributor III

2 weeks ago

When I need to give users the ability to install/remove configuration profiles, I do it a bit differently. 

 

  1. Package a "flag file" with Jamf Composer in a directory that is not often used, but not deleted with reboots.
    1. Flag file is just a blank text document with a specific name that I will pick up with an Extension Attribute for a Smart Group collection.
  2. Make an Extension Attribute to look for that specific Flag File. 
  3. Make a Smart Group looking for if the Flag File exists.
  4. Make two Policies:
    1. One Policy to deploy the package that places the flag file on the device and run a recon. Scope this to devices without the flag file.
    2. Two Policy to run a script to delete the flag file on the device and run a recon. Scope this to devices with the flag file.
  5. Scope the Configuration Profile to the Smart Group that has the flag file.

 

The functional behavior.

  1. User opens Self Service (or whatever trigger you want) and runs the policy to place the flag file on the device. Recon finishes, Jamf sees the group change and targets the Configuration Profile for install.
  2. When the user needs the config profile removed, they run the policy again (technically a different policy but I make them look the same) to remove the Flag file. Recon finishes, Jamf sees the group change and removes the Configuration Profile.
  3. Bonus, since this is being done with a policy and a "flag file" you can use sudo jamf policy -event ### to trigger the policy whenever you want from CLI.
0 Kudos