Skip to main content

Two projects I'm working on involve DEP and software updates and deployment. In both cases I'm needing to detect what network the computer is connected to so that it knows what policies it can or can't run. My first thought was to detect the ip range but then considered the fact that laptops could be on another network and fall into a similar ip range that we have on campus. Does anyone have any experience or ideas in how I could go about detecting what network one of our computers is on?



Whatever gets used, I suspect I would need to use a trigger for network change to run a policy to do this. I just don't know what might be a good option other than ip addresses. Ideas?

JAMF's suggested solution is to create a network range in your JSS (Settings -> Network Organization -> Network Segments). Then you can scope/limit policies based on those segments. Would that do what you need?

@jhuls Have you considered using Network Segments in the JSS? You can set segments by IP range and then limit your policies based on those ranges. Under the scope tab of a policy you can use Network Segments for a limitation or an exclusion.



Network Segments



Scope

I forgot about that but wouldn't it only check against the ip range? I don't have access to the Network Segment section at the moment to look in more detail but that was my understanding of it. It'll be important to not have certain policies run if the user has a laptop on another network that might have the same ip range.

@jhuls so you have networks that overlap their IP ranges on campus? You are correct, Network Segment works based on the IP range only. If your network overlaps/duplicates like that, then I'm not certain there is a way to target policies to machines on specific networks. The only other thing I can think would be to try to utilize Buildings or Departments to also scope against.

The domain name perhaps?



Or do you use AD sites and services?



/usr/libexec/PlistBuddy -c "Print :ActiveDirectory:sitename " /Library/Preferences/OpenDirectory/DynamicData/Active Directory/[YOUR DOMAIN].plist


As for trigger the following file changes with network change:



/Library/Preferences/SystemConfiguration/preferences.plist


Launchd WatchPath.

Depending on what your trying to do with laptops you could use a two policy arrangement where the first policy is called by whatever actions you think are neccesary, it then checks the network conditions (i.e. check subnet, ping servers whatever...) using a script and if they pass the test it calls the second deployment policy with a customer trigger.

Reply


Terms & ConditionsCookie settings