Posted on 09-16-2023 03:17 PM
Sometimes when an app or profile is scoped to devices, they get stuck in a pending status indefinitely, but a blank push command will "wake up" the process and it will complete. I'd like a way to send a blank push to all devices if a major profile or app gets deployed to speed up distribution.
I can pull up a smart group of managed devices, go into the action menu and send commands to the group, but sending a blank push is not an option as a remote command using this method. And I'm not interested in doing it on an individual device basis from the management menu.
Is there a way to send a blank push remote command to all devices or a group of devices?
Thanks,
Rob
Posted on 09-17-2023 01:43 AM
Try this scipt. Save as .sh file and run it in terminal, should work for you.
#!/bin/bash
# Created by Steven Xu on Dec. 10, 2022
# https://community.jamf.com/t5/user/viewprofilepage/user-id/41850
###################################################################
########### Modify the following parameters to fit your task #####
###################################################################
# your jss url
jss_url="https://xxxx.jamfcloud.com"
# Mobile device group id. Open the group in Jamf Pro and find the id in the browser url.
mgroup_id="19"
# Remote command action.
# Supported command: https://developer.jamf.com/jamf-pro/reference/createmobiledevicecommandurl
command="BlankPush"
###################################################################
############ Don't modify from here ##############
###################################################################
echo "Please login to your Jamf Pro Server: $jss_url"
read -p "Your account username: " api_user
stty -echo
read -p "Your password: " api_pass
stty -echo
echo
# Get authToken
authToken=$(curl -s -u "${api_user}:${api_pass}" "$jss_url/api/v1/auth/token" -X POST -H "accept: application/json" )
bearerToken=$(echo "$authToken" | plutil -extract token raw -)
# Token validation check
valid_check=$(curl -s -H "Authorization: Bearer ${bearerToken}" "$jss_url/api/v1/jamf-pro-version" -X GET | plutil -extract version raw -)
if [[ "$valid_check" == *error* ]]; then
echo Get the token failed, try the correct username and password.
exit 1
fi
# Get mobile device IDs from the mobile device group.
ids=`curl -ksu "$api_user:$api_pass" -X GET "$jss_url/JSSResource/mobiledevicegroups/id/$mgroup_id" -H "accept: application/xml" \
| xmllint --format --xpath /mobile_device_group/mobile_devices/mobile_device/id - | sed 's/<id>//g' | sed 's/<\/id>/,/g' | rev | sed 's/,//' | rev`
if [ -z "$ids" ]; then
echo "no devices in this group"
exit 0
else
echo "Mobile device IDs in this groups: $ids"
fi
# Send command to the mobile devices
for id in $ids
do
echo "Sending $command to device id: $id..."
/usr/bin/curl \
--header "Authorization: Bearer ${bearerToken}" \
--request POST \
--header "Content-Type: application/xml" \
--url "${jss_url}/JSSResource/mobiledevicecommands/command/${command}/id/${id}"
echo "\n"
done
# Set the token invalid
/usr/bin/curl \
--header "Authorization: Bearer ${bearerToken}" \
--request POST \
--silent \
--url "${jss_url}/api/v1/auth/invalidate-token"
echo "Done."
yesterday
Here is a script to send a BlankPush command to all mobile devices.
#!/bin/bash
# Set the Jamf Pro URL here if you want it hardcoded.
jamfpro_url="https://Your_Jamf_Pro_URL"
# Set the username here if you want it hardcoded.
jamfpro_user="Username"
# Set the password here if you want it hardcoded.
jamfpro_password="Password"
# Function to gather and format bearer token
getBearerToken() {
response=$(/usr/bin/curl -s -u "$jamfpro_user":"$jamfpro_password" "$jamfpro_url"/api/v1/auth/token -X POST)
bearerToken=$(echo "$response" | plutil -extract token raw -)
tokenExpiration=$(echo "$response" | plutil -extract expires raw - | awk -F . '{print $1}')
tokenExpirationEpoch=$(date -j -f "%Y-%m-%dT%T" "$tokenExpiration" +"%s")
echo "New bearer token generated."
echo "Token valid until the following date/time UTC: " "$tokenExpiration"
}
# Function to check token expiration
checkTokenExpiration() {
nowEpochUTC=$(date -j -f "%Y-%m-%dT%T" "$(date -u +"%Y-%m-%dT%T")" +"%s")
if [[ tokenExpirationEpoch -lt nowEpochUTC ]]
then
echo "No valid token available, getting new token"
getBearerToken
fi
}
# Funtion to invalidate token
invalidateToken() {
responseCode=$(/usr/bin/curl -w "%{http_code}" -H "Authorization: Bearer ${bearerToken}" $jamfpro_url/api/v1/auth/invalidate-token -X POST -s -o /dev/null)
if [[ ${responseCode} == 204 ]]
then
echo "Bearer token successfully invalidated"
bearerToken=""
tokenExpirationEpoch="0"
elif [[ ${responseCode} == 401 ]]
then
echo "Bearer token already invalid"
else
echo "An unknown error occurred invalidating the bearer token"
fi
}
echo
echo "Credentials received"
echo
# Genrating bearer token
echo "Generating bearer token for server authentication..."
getBearerToken
# Get all mobile devices from Jamf Pro (this fetches a list of all devices)
DEVICE_LIST=$(curl -s -H "Authorization: Bearer $bearerToken" -X GET "$jamfpro_url/JSSResource/mobiledevices")
# Loop over each device ID and send the "Blank Push" command
for DEVICE_ID in $DEVICE_IDS; do
echo "Sending blank push to device ID: $DEVICE_ID"
# Send the blank push command (the command triggers the device to check in and refresh)
RESPONSE=$(curl -s -H "Authorization: Bearer $bearerToken" -X POST "$jamfpro_url/JSSResource/mobiledevicecommands/command/BlankPush/id/$DEVICE_ID")
# Check for a successful response
if echo "$RESPONSE" | grep -q "<status>Command sent</status>"; then
echo "Blank push sent successfully to device ID: $DEVICE_ID"
else
echo "Failed to send blank push to device ID: $DEVICE_ID"
fi
done