Blog

Working with Jamf School

I’ve been using Jamf School at work for 3 years now. This is the first year (2024) in which I believe ALL of our faculty and staff Macs are enrolled in JS. Previously to the 21-22 school year, the school paid for Jamf Pro to manage the iPads for the K-5th graders and used imaging to deploy the Macs. I arrived in 2021, and that summer we began to move our devices and configurations to Jamf School.

Pfsense Https V2

Well, well, well, exactly 90 days later (the expiration date of the previous HTTPS certificate…) I had to dig in and manually renew the cert. I believe I’m the only one using it, so the impact was quite small. This time, I started from the PfSense web GUI and just clicked “renew”. It took a really long time and I didn’t notice any popups when it was done. I eventually logged into the unit via ssh and found the log file with cat /tmp/acme/us-pfsense/acme_issuecert.

Unifi Controller HTTPS

Here’s another HTTPS certificate story. This time, a self-hosted Unifi Controller was the “invalid certificate” annoyance. Yesterday, it began with attempting to use acme.sh from GitHub on our Ubuntu 22.04.1 LTS server which has unifi running on it. I did encounter a similar error to my last story, and I had to change my DNS servers again. That probably deserves another blog post so I don’t forget how to do it next time.

A Real pfsense HTTPS Certificate

Yesterday, I learned how to get Let’s Encrypt working on our PfSense router. First I set ssh to only use public keys, then installed the sudo package and the acme.sh package in the GUI. https://gaurangpatel.net/installing-nano-in-pfsense (this was very handy, as I am a nano user.) https://jarrodstech.net/how-to-pfsense-haproxy-setup-with-acme-certificate-and-cloudflare-dns-api/ The kicker was getting /etc/resolv.conf to not use internal DNS routing. We use OpenDNS Umbrella’s free teir and we block the VPN category. acme.

Hello World

First post!

Working with Jamf School

Planted November 15, 2024

I’ve been using Jamf School at work for 3 years now. This is the first year (2024) in which I believe ALL of our faculty and staff Macs are enrolled in JS. Previously to the 21-22 school year, the school paid for Jamf Pro to manage the iPads for the K-5th graders and used imaging to deploy the Macs. I arrived in 2021, and that summer we began to move our devices and configurations to Jamf School. I and asked “Why aren’t we using Jamf on the Macs too?” and immediately started deploying the new fleet of Macbook Air M1’s in Jamf School through Apple School Manager, which was probably half of the fleet at the time. These days, I’m trying to do things the Jamf way. Starting in 2023 and finishing in Feburary of 2024, I earned my Jamf Pro Expert certificate, and learned way more about how Jamf + Apple’s MDM framework works.

It’s been a long time since I wrote a blog post, so I wanted to scribble down what’s been up recently:

Deploying Jamf Connect to already working computer labs

We bought Jamf Connect licenses to enable “Sign in with Google” to the Macbook Air loaner computers as well as our labs computers. The loaners were very easy since they are basically just blank slates ready to go. I did have to change a configuration to not prompt the users to try to sync with already existing accounts like “admin” but it seems like everyone likes it so far.

The Labs have been a different story. I’ve rolled it out to the Yearbook Lab so far, which as 14 machines all with Adobe installed on them. The students have licenses assigned to their accounts and they typically use Lightroom to import their photos before saving to the “yearbook drive”, but there are still files on the “yearbook” shared account they have been using.

Scripts in Jamf School

If you want to do anything fancy in Jamf School, like you can just “do” in Jamf Pro, you’ll be writing scripts. I used bolt.ai to write a quick little landing page for my Jamf School Collection. Most recently, a “On Login” script to migrate the data from /Users/yearbook/Desktop plus a few other locations to a shortcut in /Users/Shared/ and placing that shortcut on the $currentSignedInUser’s desktop. (Here is an example, but not the same example as the example I just exampled.)


For now, that’s all. We’ll see if all this work is null and void if we really do move to Jamf Pro this upcoming summer like I hope we do. -AS