Losing Jamf Remote - Filling the Void with Termius & Screens
As you may (or may not) be aware, in Jamf 10.40.0 - Jamf Remote was removed, and finally deprecated in favour of using TeamViewer.
Many users of Jamf Remote had a love/hate relationship with it. As with most of Jamf, it’s handy when it works.
In case you’re not a user of Jamf, or perhaps running an older version and enjoying your freedom, let’s start at the beginning.
What was Jamf Remote
Jamf Remote was an incredibly helpful tool (somewhat controversial view), that allowed you to perform many actions on a device on-demand. It was part of the Jamf Pro management applications that you could download from the portal. This included Composer, Jamf Admin, Recon, and Jamf Remote.
Once run, Jamf Remote would connect to your Jamf Pro instance, and return a full list of your computers. This could be displayed or filtered in various ways.
What are we greeted with now?
With their deprecation notice, Jamf suggest the use of TeamViewer.
Jamf Remote has been removed from Jamf Pro.
This includes the screen sharing workflow using Jamf Remote. Jamf recommends to use TeamViewer for remote administration. For instructions on how to integrate TeamViewer with Jamf Pro, see TeamViewer Integration in the Jamf Pro Documentation.
I feel their suggestion to use TeamViewer instead is, in my opinion, incredibly short-sighted. Screen sharing was far from Jamf Remotes only purpose, as is evident from the screenshot. So, what else could it do? Quite a bit, actually.
Once you had selected the computer, or computers, that you wanted to act on. You could then select one of the next tabs on the main screen. We’ll go across in order.
Packages
From here, you could select packages that were available within Jamf to deploy to the computers, without requiring a policy. This was really helpful if one, or maybe two machines needed something installing on the fly, without me needing to create a policy immediately. Not only that, but it meant I didn’t have to wait for those machines to check in and run the policy, which takes time.
This can be a very common requirement within education. A change in content by the lecturer may require some last-minute changes. So, deploying a package in this way instantly could make you look like a hero and save you from so many complaints.
Scripts
Much like Packages, this tab allowed you to run any scripts that you have in Jamf on the fly without requiring the machine to check in.
Printers
Ah, printers. The bane of my existence. This tab allowed for an incredibly quick and easy way to map and remove printers that you had configured in Jamf. This feature was incredibly helpful around the time of Print Nightmare patches on Windows, which rendered printing from macOS broken overnight. By adding ?encryption=no to the end of some queues, it allowed a rapid solution to be pushed out during a lecture so that they could continue. SSH’ing in to 40 machines individually to make this change, or waiting for a check in, just isn’t acceptable.
If a printer was broken, I could also remove it quickly to reduce confusion, avoiding any account charges that would need to be refunded through lost print jobs.
Again, you can see how waiting for machines to check in could have been problematic in that situation.
Dock
I’ll admit, this is not a feature I made use of at all. From memory (as I can’t open Remote right now), it allowed you to add and remove things from the dock. I vaguely remember trying it once, but it didn’t exactly have the desired effect. It seemed clunky.
Accounts
This allowed you to add or manipulate accounts on the system. There were some rare occasions where a user’s profile would become corrupt. Being able to delete it while on a call was useful.
Before I had LAPS implemented, it was also handy for creating an ad-hoc admin account for any local technician to quickly do something, easily removed afterwards.
Restart
Probably one of my most used tabs. This one did what it said on the tin. Configure some restart options. This allowed me to restart machines remotely in case they were having a moment. A quick restart, and all was well again.
Advanced
It’s terrible to admit. But, I can’t actually remember what was on this tab. I know I’ve used it. But, it was just one of those tools I used without thought.
Jamf Remote Summary
As you can see, all these tools had a use. And Jamf Remote was far from just a screen sharing tool. The real power came when you combined these functions.
I could select a room of computers, install a package, run a script after the package installed, perhaps do some other bits and pieces, and then restart the entire room.
Can TeamViewer do that, Jamf? No, no, it bloody can’t.
Other Use Cases & Thoughts
I could use it on short notice to produce fast results, but it also has other use cases.
One of those was for other technicians who didn’t use macOS devices. Jamf Remote was available on a Mac Mini that they could remote in to and sign in to Jamf Remote with their credentials. If I wasn’t available to push a package, or restart a machine, another tech could do it, regardless of the physical location. It gave our Windows using techs a level of support parity.
Something else I often used it for was scheduled functions at a specific time. I would leave a Remote window open on the Mac Mini and have it do various things at obscene hours in the morning. Sure, I could have made a policy, set some specific client run restrictions and hoped the devices checked in, the binary hadn’t crapped its pants, and it ran. Or, I could rely on Jamf Remote to do exactly what I asked it to do at 3:33am on the dot.
Can TeamViewer do that, Jamf? No, no, it bloody can’t.
Some found Jamf Remote completely useless and were never able to connect to their users devices as they were all over the place, and not necessarily on a wired connection. Well, you missed out. There are ways you could have solved that particular problem, but let’s not get into that.
Others, like me, found the tool incredibly useful. Perhaps it’s a sector/environmental thing. If you’re one of those people, head over and give Jamf the feedback: https://ideas.jamf.com/ideas/JN-I-26370
To prove it’s not only me on one of my usual rants:
https://community.jamf.com/t5/jamf-pro/jamf-remote-deprecation-in-jamf-pro-10-40/m-p/270776
https://community.jamf.com/t5/jamf-pro/forced-deprecation-of-jamf-remote/m-p/277007
Pay attention Jamf. Your consistent path of destroying useful features and buying out other companies to smash in to your own isn’t what made you good. You are making terrible decisions which are causing serious detrimental regressions in management services. Continuing down this path will not end well. This is such a shame because the engineers at Jamf are so beyond incredibly talented.
I have had serious talks with both Mosyle and Kandji to move our fleet in the next 12 months. All going well, I have no intention of renewing our service.
I will not suggest a product that causes me more work and headaches than is necessary.
What Now?
Jamf is becoming an unusable, expensive bloat. How am I going to replace that lost functionality?
Let’s leave the negative part of this post behind and look to the more positive and the future.
Termius
I’ve been using this on my phone for quite some time. Mostly for accessing my Raspberry Pi via SSH.
Side Note: I use Tailscale on my devices, with the RPi running PiHole configured as the default DNS server. It makes for a far nicer experience across all the household devices.
But, it wasn’t until the other day when Jamf Remote failed on me that I even considered this.
Termius is an SSH client that runs on macOS, iOS, Windows, Linux, and Android. And it works seriously well.
What can it do? Well, rather than tap out all those features. A picture speaks a thousand words. And this post is already getting rather wordy.
How has this helped me? Well, it doesn’t completely replace the functionality, but, it does let me save some handy scripts as ‘snippets’. Here’s one example that could save me time.
With this in place, I could connect to a whole group of machines at once, and then run the snippet against them. It’s not perfect, but it gets me a lot closer!
You can even configure one of these to automatically run as soon as you connect to the device. Perhaps the first thing I want to do whenever I connect to the machine is to do a full inventory.
I just edit the host, and assigned a startup snippet. Start chaining this all together, and you’re getting close to restoring some functionality.
Presently, I’ve just exported a handful of computers from Jamf in CSV format, and imported them in to Termius. I’d love to see some integration here, like they’ve done with AWS/Digital Ocean.
Something like this continues to push me ever closer to the possibility of being able to do 95% of my role from an iPad.
TeamViewer Tensor / Screens
Replacing the Screen Sharing portion of Jamf Remote is pretty trivial. There are plenty of options out there.
Some places will be lucky enough to get TeamViewer. We’re one of those places, and have been working closely with TeamViewer to get the solution in place. We cover thousands of devices across various platforms, so this wasn’t too hard to sell.
However, not everyone can or want to introduce a solution of this size. If you’re one of these, I have found Screens 4 to be a fantastic option. In fact, sometimes I’ll still use it because it’s easier.
https://edovia.com/en/screens-mac/
One of the reasons I like it is down to the built-in Curtain mode to hide the screen.
Before now, I’d actually been making use of Curtain Mode from Two Canoes: https://twocanoes.com/curtain-mode/
I don’t think this is particularly an area that I need to discuss any further. Each to their own. There’s plenty of choice!
The End
If you’re looking for something to help fill the hole left by Jamf Remote, I hope these suggestions have helped.
As places like Mosyle and Kandji continue to improve their offerings and other tools like this to fill the gaps, Jamf should seriously consider what they’re trying to achieve.
Hell, even Intune (yes, they’re going back to calling it Intune again!) is really starting to catch up on their macOS offering. It’s not there yet, but another 6 months, I really think they’re going to make a dent. And, with conditional access being such an important part of the service these days, pushing it all in to one management tool will certainly have its perks.
Are you using other tools to solve this issue? I’d love to hear about them.