Jamf Pro Binary Commands Reference Guide
The Jamf Pro Binary is a powerful command-line tool that allows administrators to manage macOS devices enrolled in Jamf Pro. This comprehensive guide covers all available commands that can be executed from the Terminal to perform various management tasks.
Table of Contents
Basic Usage
The Jamf Pro Binary is typically located at /usr/local/bin/jamf and requires administrator privileges for most operations.
sudo jamf [command] [options]
Most jamf commands require administrator privileges. Always use sudo when executing these commands.
Management Commands
| Command | Description | Example |
|---|---|---|
| jamf help | Display help information and available commands | sudo jamf help |
| jamf version | Display the version of the Jamf Pro Binary | sudo jamf version |
| jamf checkJSSConnection | Test connectivity to the Jamf Pro server | sudo jamf checkJSSConnection |
| jamf manage | Enable management on the device | sudo jamf manage |
| jamf unmanage | Disable management on the device | sudo jamf unmanage |
| jamf removeFramework | Remove the Jamf framework from the device | sudo jamf removeFramework |
Policy Commands
| Command | Description | Example |
|---|---|---|
| jamf policy | Execute all available policies | sudo jamf policy |
| jamf policy -event [trigger] | Execute policies with specific trigger | sudo jamf policy -event enrollment |
| jamf policy -id [policy_id] | Execute a specific policy by ID | sudo jamf policy -id 123 |
| jamf policy -forceNoRecon | Execute policies without running inventory update | sudo jamf policy -forceNoRecon |
Inventory Commands
| Command | Description | Example |
|---|---|---|
| jamf recon | Perform inventory update | sudo jamf recon |
| jamf recon -verbose | Perform inventory update with verbose output | sudo jamf recon -verbose |
| jamf recon -room [room] | Update inventory with room information | sudo jamf recon -room “Conference Room A” |
| jamf recon -department [dept] | Update inventory with department information | sudo jamf recon -department “IT” |
| jamf recon -building [building] | Update inventory with building information | sudo jamf recon -building “Main Office” |
| jamf recon -assetTag [tag] | Update inventory with asset tag | sudo jamf recon -assetTag “IT-001” |
Self Service Commands
| Command | Description | Example |
|---|---|---|
| jamf launchSelfService | Launch Self Service application | sudo jamf launchSelfService |
| jamf selfService | Execute Self Service policies | sudo jamf selfService |
Enrollment Commands
| Command | Description | Example |
|---|---|---|
| jamf enroll | Enroll the device with Jamf Pro | sudo jamf enroll -invitation [invitation_id] |
| jamf reenroll | Re-enroll the device with Jamf Pro | sudo jamf reenroll -username [username] |
| jamf displayMessage | Display enrollment message | sudo jamf displayMessage -message “Welcome to Company IT” |
Troubleshooting Commands
| Command | Description | Example |
|---|---|---|
| jamf flushPolicyHistory | Clear policy execution history | sudo jamf flushPolicyHistory |
| jamf resetPassword | Reset the management password | sudo jamf resetPassword |
| jamf createConf | Create configuration file | sudo jamf createConf -url [jss_url] |
| jamf fixDock | Fix dock settings | sudo jamf fixDock |
| jamf fixByHostFiles | Fix ByHost preference files | sudo jamf fixByHostFiles |
Advanced Commands
| Command | Description | Example |
|---|---|---|
| jamf bind | Bind computer to Active Directory | sudo jamf bind -domain [domain] -username [user] |
| jamf unbind | Unbind computer from Active Directory | sudo jamf unbind -domain [domain] |
| jamf startSSH | Enable SSH remote access | sudo jamf startSSH |
| jamf stopSSH | Disable SSH remote access | sudo jamf stopSSH |
| jamf changePassword | Change user password | sudo jamf changePassword -username [user] |
| jamf createAccount | Create local user account | sudo jamf createAccount -username [user] -realname [name] |
| jamf deleteAccount | Delete local user account | sudo jamf deleteAccount -username [user] |
| jamf enableARD | Enable Apple Remote Desktop | sudo jamf enableARD |
| jamf disableARD | Disable Apple Remote Desktop | sudo jamf disableARD |
| jamf setDesktopPicture | Set desktop wallpaper | sudo jamf setDesktopPicture -path [image_path] |
| jamf mcx | Apply managed preferences | sudo jamf mcx -username [user] |
Common Use Cases
Force Policy Execution
When you need to immediately execute policies without waiting for the normal check-in interval:
# Execute all available policies
sudo jamf policy
# Execute specific policy by ID
sudo jamf policy -id 25
# Execute policies with specific trigger
sudo jamf policy -event login
sudo jamf policy
# Execute specific policy by ID
sudo jamf policy -id 25
# Execute policies with specific trigger
sudo jamf policy -event login
Inventory Management
Regular inventory updates help maintain accurate device information:
# Standard inventory update
sudo jamf recon
# Inventory with location information
sudo jamf recon -room “Conference Room A” -building “Main Office”
# Verbose inventory for troubleshooting
sudo jamf recon -verbose
sudo jamf recon
# Inventory with location information
sudo jamf recon -room “Conference Room A” -building “Main Office”
# Verbose inventory for troubleshooting
sudo jamf recon -verbose
Troubleshooting Enrollment Issues
Common commands for resolving enrollment and management problems:
# Check server connectivity
sudo jamf checkJSSConnection
# Clear policy history
sudo jamf flushPolicyHistory
# Re-enroll device
sudo jamf reenroll -username admin
sudo jamf checkJSSConnection
# Clear policy history
sudo jamf flushPolicyHistory
# Re-enroll device
sudo jamf reenroll -username admin
💡 Pro Tip: Use the jamf help command to see all available options for any specific command. For example: sudo jamf policy -help
Best Practices
- Always use sudo: Most jamf commands require administrator privileges
- Test connectivity first: Use jamf checkJSSConnection before running other commands
- Use verbose output: Add -verbose flag when troubleshooting
- Schedule regular inventory: Run jamf recon periodically to maintain accurate device information
- Document custom triggers: Keep track of custom policy triggers used in your environment
- Monitor logs: Check /var/log/jamf.log for detailed execution information
Some commands like removeFramework will completely remove Jamf management from the device. Use with caution in production environments.
Additional Resources
- Jamf Pro Administrator Guide
- Jamf Nation Community Forums
- Official Jamf Documentation
- System logs at /var/log/jamf.log
Note: Command availability and options may vary depending on your Jamf Pro version and macOS version. Always refer to the official documentation for your specific environment.
