Jamf Pro LAPS scripts

Example scripts for managing, administerting, and auditing Jamf Pro LAPS accounts.

Use these as models for creating scripts for your own workflows.

talkingmoose / Download device model information from Jamf.zsh

Last active April 7, 2026 19:53

Apple doesn't provide a 1:1 list of devices for iOS, iPadOS, tvOS, watchOS, and visionOS. However, Jamf does maintain a public list for its Jamf Pro servers. This script downloads the listm parses the information, and creates a record of each device followed by its display name.

	#!/bin/zsh
	# set -x # show command
	# trap read debug # require a RETURN after each command

	# download mobile device data from Jamf

	xml=$( /usr/bin/curl \
	--silent \
	--url https://hw-model-names.services.jamfcloud.com/1/mobileDeviceModels.xml )

talkingmoose / iOS and iPadOS 18 and watchOS 11 compatible devices (regex)

Last active November 6, 2025 10:15

Regex looks for all iPhone and iPad models compatible with iOS or iPadOS 18 and Apple Watch models compabiel with watchOS 11. May not be up-to-date with newly released models.

	https://support.apple.com/guide/iphone/iphone-models-compatible-with-ios-18-iphe3fa5df43/ios
	https://support.apple.com/guide/ipad/ipad-models-compatible-with-ipados-18-ipad213a25b2/ipados
	https://www.apple.com/watchos/watchos-11/

	Published Date: June 10, 2024
	Updated November 1, 2024

	Verification: https://regex101.com/r/0UDJHk/7

	1) Exact regex — Matches major model identifier numbers based on Jamf's hardware model identifiers list (more accurate):

talkingmoose / Sequoia-compatible Macs (regex)

Last active August 30, 2025 21:44

Regex looks for all Mac models compatible with macOS Sequoia. May not be up-to-date with newly released models.

	https://www.apple.com/macos/macos-sequoia/
	Published Date: June 10, 2024
	Updated November 8, 2024
	Updated May 28, 2025

	Verification: https://regex101.com/r/bNOMXz/10

	1) Exact regex — Matches major model identifier numbers based on Apple's knowledge base article (more accurate):

	^(Mac(1[3-6]\|BookPro1[5-8]\|BookAir(9\|10)\|Pro7)\|iMac(Pro1\|(19\|2[01]))\|Macmini[89]),\d+$

talkingmoose / Re-enroll computers for LAPS.zsh

Last active April 17, 2026 20:19

Use a Jamf Pro policy to re-enroll a computer to install a LAPS management account, and then create a launch daemon and script to update inventory immediately.

	#!/bin/zsh

	:<<ABOUT_THIS_SCRIPT
	-------------------------------------------------------------------------------

	Written by:William Smith
	Technical Enablement Manager
	Jamf
	bill@talkingmoose.net
	https://gist.github.com/talkingmoose/9f4638932df28c4bebde5dd47be1812a

talkingmoose / Location Information.zsh

Created April 9, 2024 16:50

Add the following script to a Jamf Pro extension attribute to collect service provider location information based on public IP address when updating inventory.

	#!/bin/zsh

	# get public IP address
	publicIP=$( /usr/bin/curl http://ifconfig.me/ip \
	--location \
	--silent \
	--max-time 10 )

	# get GeoIP data
	locationData=$( /usr/bin/curl http://ip-api.com/xml/$publicIP \

talkingmoose / iOS and iPadOS 17 compatible devices (regex)

Last active June 22, 2023 16:28

Regex looks for all iPhone and iPad models compatible with iOS or iPadOS 17. May not be up-to-date with newly released models.

	https://www.apple.com/ios/ios-17-preview/
	https://www.apple.com/ipados/ipados-17-preview/

	Published Date: June 5, 2023

	Verification: https://regex101.com/r/m9HV8T/3

	1) Exact regex — Matches major model identifier numbers based on Jamf's hardware model identifiers list (more accurate):

	^iPhone1[1-5],\d\|iPad([7-9]\|1[1-4]),\d+$

talkingmoose / Sonoma-compatible Macs (regex)

Last active December 13, 2024 21:37

Regex looks for all Mac models compatible with macOS Sonoma. May not be up-to-date with newly released models.

	https://support.apple.com/en-us/HT213772
	Published Date: March 8, 2024

	Verification: https://regex101.com/r/GCfKMt/11

	1) Exact regex — Matches major model identifier numbers based on Apple's knowledge base article (more accurate):

	^(Mac(1[345]\|BookPro1[5-8]\|BookAir([89]\|10)\|Pro7)\|iMac(Pro1\|(19\|2[01]))\|Macmini[89]),\d+$

	2) Current or higher regex — Matches model identifiers based on Apple's knowledge base article and may match higher versions before this regex is updated (more future-proof).

talkingmoose / Managed Apple admin password last set time.zsh

Created June 2, 2023 20:07

Reads managed Apple admin account for date and time of last password change and reports in ISO 8601 format.

	#!/bin/zsh

	# get LAPS account username
	lapsUsername=$( /usr/libexec/PlistBuddy -c "Print :Users:0:shortName" /var/db/ConfigurationProfiles/Settings/.setupUser )

	# read LAPS account for password information
	userPasswordInfo=$( /usr/bin/dscl . read "/Users/$lapsUsername" accountPolicyData \| /usr/bin/tail -n +4 )

	# extract Unix epoch date from account password information
	passwordChangeDateEpoch=$( /usr/bin/xpath -e '//key[text()="passwordLastSetTime"]/following-sibling::real[1]/text()' 2>/dev/null <<< "$userPasswordInfo" )

talkingmoose / Download and Install Jamf Connect.zsh

Last active November 26, 2025 05:15

Downloads and installs the latest available Jamf Connect software for Mac directly on the client. This avoids having to manually download and store an up-to-date installer on a distribution server every month.

	#!/bin/zsh

	:<<ABOUT_THIS_SCRIPT
	-------------------------------------------------------------------------------

	Written by:William Smith
	Partner Program Manager
	Jamf
	bill@talkingmoose.net
	https://gist.github.com/talkingmoose/94882adb69403a24794f6b84d4ae9de5

William Smith talkingmoose

Jamf Pro LAPS scripts