Jamf Nation Community

Lessardrp · ‎09-16-2023

Sometimes when an app or profile is scoped to devices, they get stuck in a pending status indefinitely, but a blank push command will "wake up" the process and it will complete. I'd like a way to send a blank push to all devices if a major profile or app gets deployed to speed up distribution.

I can pull up a smart group of managed devices, go into the action menu and send commands to the group, but sending a blank push is not an option as a remote command using this method. And I'm not interested in doing it on an individual device basis from the management menu.

Is there a way to send a blank push remote command to all devices or a group of devices?

Thanks,

Rob

Steven_Xu · ‎09-17-2023

Try this scipt. Save as .sh file and run it in terminal, should work for you.

#!/bin/bash
# Created by Steven Xu on Dec. 10, 2022
# https://community.jamf.com/t5/user/viewprofilepage/user-id/41850
###################################################################
########### Modify the following parameters to fit your task  #####    
###################################################################

# your jss url
jss_url="https://xxxx.jamfcloud.com"

# Mobile device group id. Open the group in Jamf Pro and find the id in the browser url.
mgroup_id="19"

# Remote command action. 
# Supported command: https://developer.jamf.com/jamf-pro/reference/createmobiledevicecommandurl
command="BlankPush"

###################################################################
############     Don't modify from here              ##############
###################################################################

echo "Please login to your Jamf Pro Server: $jss_url"
read -p "Your account username: " api_user
stty -echo
read -p "Your password: " api_pass
stty -echo
echo

# Get authToken
authToken=$(curl -s -u "${api_user}:${api_pass}" "$jss_url/api/v1/auth/token" -X POST -H "accept: application/json" )
bearerToken=$(echo "$authToken" | plutil -extract token raw -)

# Token validation check
valid_check=$(curl -s -H "Authorization: Bearer ${bearerToken}" "$jss_url/api/v1/jamf-pro-version" -X GET | plutil -extract version raw -)
if [[ "$valid_check" == *error* ]]; then
	echo Get the token failed, try the correct username and password.
	exit 1
fi

# Get mobile device IDs from  the mobile device group. 
ids=`curl -ksu "$api_user:$api_pass" -X GET "$jss_url/JSSResource/mobiledevicegroups/id/$mgroup_id" -H "accept: application/xml" \
| xmllint --format --xpath /mobile_device_group/mobile_devices/mobile_device/id - | sed 's/<id>//g' | sed 's/<\/id>/,/g' | rev | sed 's/,//' | rev`

if [ -z "$ids" ]; then
    echo "no devices in this group"
    exit 0
	else 
	echo "Mobile device IDs in this groups: $ids"
fi

# Send command to the mobile devices
for id in $ids 
do 
	echo "Sending $command to device id: $id..."
	/usr/bin/curl \
     --header "Authorization: Bearer ${bearerToken}" \
     --request POST \
     --header "Content-Type: application/xml" \
     --url "${jss_url}/JSSResource/mobiledevicecommands/command/${command}/id/${id}"
	echo "\n"
done

# Set the token invalid
/usr/bin/curl \
     --header "Authorization: Bearer ${bearerToken}" \
     --request POST \
     --silent \
     --url "${jss_url}/api/v1/auth/invalidate-token"
echo "Done."

Vndrzl · 3 weeks ago

Here is a script to send a BlankPush command to all mobile devices.

#!/bin/bash

# Set the Jamf Pro URL here if you want it hardcoded.
jamfpro_url="https://Your_Jamf_Pro_URL"

# Set the username here if you want it hardcoded.
jamfpro_user="Username"

# Set the password here if you want it hardcoded.
jamfpro_password="Password"

# Function to gather and format bearer token
getBearerToken() {
    response=$(/usr/bin/curl -s -u "$jamfpro_user":"$jamfpro_password" "$jamfpro_url"/api/v1/auth/token -X POST)
    bearerToken=$(echo "$response" | plutil -extract token raw -)
    tokenExpiration=$(echo "$response" | plutil -extract expires raw - | awk -F . '{print $1}')
    tokenExpirationEpoch=$(date -j -f "%Y-%m-%dT%T" "$tokenExpiration" +"%s")
    echo "New bearer token generated."
    echo "Token valid until the following date/time UTC: " "$tokenExpiration"
}

# Function to check token expiration
checkTokenExpiration() {
    nowEpochUTC=$(date -j -f "%Y-%m-%dT%T" "$(date -u +"%Y-%m-%dT%T")" +"%s")
    if [[ tokenExpirationEpoch -lt nowEpochUTC ]]
    then
        echo "No valid token available, getting new token"
        getBearerToken
    fi
}

# Funtion to invalidate token
invalidateToken() {
    responseCode=$(/usr/bin/curl -w "%{http_code}" -H "Authorization: Bearer ${bearerToken}" $jamfpro_url/api/v1/auth/invalidate-token -X POST -s -o /dev/null)
    if [[ ${responseCode} == 204 ]]
    then
        echo "Bearer token successfully invalidated"
        bearerToken=""
        tokenExpirationEpoch="0"
    elif [[ ${responseCode} == 401 ]]
    then
        echo "Bearer token already invalid"
    else
        echo "An unknown error occurred invalidating the bearer token"
    fi
}


echo
echo "Credentials received"
echo

# Genrating bearer token
echo "Generating bearer token for server authentication..."
getBearerToken

# Get all mobile devices from Jamf Pro (this fetches a list of all devices)
DEVICE_LIST=$(curl -s -H "Authorization: Bearer $bearerToken" -X GET "$jamfpro_url/JSSResource/mobiledevices")

# Loop over each device ID and send the "Blank Push" command
for DEVICE_ID in $DEVICE_IDS; do
    echo "Sending blank push to device ID: $DEVICE_ID"
    
    # Send the blank push command (the command triggers the device to check in and refresh)
    RESPONSE=$(curl -s -H "Authorization: Bearer $bearerToken" -X POST "$jamfpro_url/JSSResource/mobiledevicecommands/command/BlankPush/id/$DEVICE_ID")

    # Check for a successful response
    if echo "$RESPONSE" | grep -q "<status>Command sent</status>"; then
        echo "Blank push sent successfully to device ID: $DEVICE_ID"
    else
        echo "Failed to send blank push to device ID: $DEVICE_ID"
    fi
    done

Jamf Nation Community

Send Blank Push Command to All Devices