This page documents the external/internal behavior of Casper.
Casper installed itself into the following directories:
- /Library/Application Support/JAMF
- ManagementFrameworkScripts - a set of scripts that runs on certain events
- StartupScript.sh - Activated when jamf is started
- loginhook.sh - Activated when user login
- logouthook.sh - Activated when user logout
- Receipts - Indications of all packages that have been installed
- .blacklist.xml - XML configuration that allows JAMF to block user from certain thing, eg. Installing El Capitan
- ManagementFrameworkScripts - a set of scripts that runs on certain events
- /Library/LaunchDaemons
- com.jamfsoftware.startupItem.plist - This calls the StartupScript.sh
- com.jamfsoftware.jamf.daemon.plist - This starts the jamf daemon
- com.jamfsoftware.task.1.plist - Custom task, this is currently set to refresh the policy every 300secs
- /Library/Preferences
- com.jamfsoftware.jamf.plist - Casper configuration, use XCode to show/modify the properties
- /var/root/Library/Preferences/com.apple.loginwindow.plist - This calls the login/logout hook
- Executables:
- /usr/local/jamf/bin/jamf
- /usr/local/jamf/bin/jamfAgent
How do you know if you have Casper installed?
Run jamf version on the terminal. It should show the version currently installed.
$ jamf version
version=9.81
How to remove Casper?
Run sudo jamf removeFramework
How to update inventory to the Casper server?
Run sudo jamf recon
How to apply (or force install) all of the softwares from the Casper server?
Run sudo jamf policy
How to disable Casper without removing it? There are two files that need to be renamed:
- /usr/local/jamf/bin/jamf
- /usr/local/jamf/bin/jamfAgent
Then kill all of the jamf related process, either with pkill or kill -9. To verify your running processes: ps A | grep -i jamf.
How to remove the IT policies?
First, verify if the JAMF Enrollment policy is there, by doing sudo profiles -Pv. You should see something similar to:
_computerlevel[6] attribute: name: MDM Profile
_computerlevel[6] attribute: configurationDescription: MDM Profile for mobile device management
_computerlevel[6] attribute: installationDate: 2016-02-19 18:16:02 +0000
_computerlevel[6] attribute: organization: Ciena Corporation
_computerlevel[6] attribute: profileIdentifier: 00000000-0000-0000-A000-4A414D460003
_computerlevel[6] attribute: profileUUID: 00000000-0000-0000-A000-4A414D460003
_computerlevel[6] attribute: profileType: Configuration
_computerlevel[6] attribute: removalDisallowed: FALSE
_computerlevel[6] attribute: version: 1
_computerlevel[6] attribute: containsComputerItems: TRUE
_computerlevel[6] attribute: internaldata: TRUE
_computerlevel[6] payload count = 2
_computerlevel[6] payload[1] name = JAMF Enrollment Payload: SCEP
_computerlevel[6] payload[1] description = Configuration to connect to your SCEP
The JAMF profile is structured as a tree hierarchy, which contains many different profiles. Unfortunately all of the leaf profiles aren't removable. To remove the profile, you have to remove the root policy, which is the JAMF MDM profile.
To remove the MDM profile, do: sudo profiles -R -p 00000000-0000-0000-A000-4A414D460003
To re-add back the profiles, just do: jamf manage
How to handle IT incident report? If you received this kind of email, how do you resolve it?
IT Service Incident
Incident Created
Short Description:
Mac has not checked into Casper in over 30 days, please re-enroll and ensure all udpates are installed.
Eko,
Incident INC0198128 has been created on your behalf by Sandi Young and we are currently working to resolve the issue.
Please click the following link to view the incident: INC0198128
Detailed description:
Mac has not checked into Casper in over 30 days, please re-enroll and ensure all udpates are installed.
First, re-register yourself as part of Casper slave, by doing jamf manage.
$ sudo /usr/local/jamf/bin/jamf manage
Getting management framework from the JSS...
Enforcing management framework...
Checking availability of https://casper.ciena.com:8443/...
The JSS is available.
Enforcing login/logout hooks...
The computer was successfully enrolled in MDM with the JSS.
Enforcing scheduled tasks...
Creating launch daemon...
Creating launch agent...
Installing Self Service plug-in Inside Ciena...
Installing Self Service plug-in Oracle...
Installing Self Service plug-in Service Now...
Installing Self Service plug-in Workday...
Checking availability of https://casper.ciena.com:8443/...
The JSS is available.
And then follows by re-download all of the software by doing jamf recon.
$ sudo /usr/local/jamf/bin/jamf recon
Retrieving inventory preferences from https://casper.ciena.com:8443/...
Finding extension attributes...
Locating package receipts...
Locating software updates...
Locating accounts...
Locating plugins...
Locating applications...
Searching path: /Applications
Searching path: /Library/Internet Plug-Ins
Locating hard drive information...
Locating printers...
Locating hardware information (Mac OS X 10.11.5)...
Gathering application usage information...
Submitting data to https://casper.ciena.com:8443/...
<computer_id>602</computer_id>
Please note all of these activities, and if you see anything suspicious or things that you don't like, you can reverse it. Sometimes the update modifies some of the internal policy (eg. Set Firefox to specific version), those restrictions can be reversed by modifying the Mac policy.
And like usual, rename the /usr/local/jamf/bin/jamfAgent to other name, and kill all processes that has jamf, followed by removing all the profiles as described in the previous "How To".
Hi,
Ever faced a "error 101" when trying to delete a profile ? Either I run
sudo profiles -r -P XXXXXand I get a 101 unauthorized message, or nothing happens, and a grep shows profile is still there...Anything in mind that could help ?
Thanks.