Skip to main content
Question

Detecting the network a computer is connected to?

  • April 29, 2016
  • 6 replies
  • 24 views
J
Forum|alt.badge.img+14
  • jhuls
  • Valued Contributor
  • 345 replies

Two projects I'm working on involve DEP and software updates and deployment. In both cases I'm needing to detect what network the computer is connected to so that it knows what policies it can or can't run. My first thought was to detect the ip range but then considered the fact that laptops could be on another network and fall into a similar ip range that we have on campus. Does anyone have any experience or ideas in how I could go about detecting what network one of our computers is on?

Whatever gets used, I suspect I would need to use a trigger for network change to run a policy to do this. I just don't know what might be a good option other than ip addresses. Ideas?

    6 replies

    T
    Forum|alt.badge.img+15
    • thoule
    • Contributor
    • 589 replies
    • April 29, 2016

    JAMF's suggested solution is to create a network range in your JSS (Settings -> Network Organization -> Network Segments). Then you can scope/limit policies based on those segments. Would that do what you need?

    stevewood
    Forum|alt.badge.img+35
    • stevewood
    • Hall of Fame
    • 1799 replies
    • April 29, 2016

    @jhuls Have you considered using Network Segments in the JSS? You can set segments by IP range and then limit your policies based on those ranges. Under the scope tab of a policy you can use Network Segments for a limitation or an exclusion.

    Network Segments

    Scope

    J
    Forum|alt.badge.img+14
    • jhuls
    • Author
    • Valued Contributor
    • 345 replies
    • April 29, 2016

    I forgot about that but wouldn't it only check against the ip range? I don't have access to the Network Segment section at the moment to look in more detail but that was my understanding of it. It'll be important to not have certain policies run if the user has a laptop on another network that might have the same ip range.

    stevewood
    Forum|alt.badge.img+35
    • stevewood
    • Hall of Fame
    • 1799 replies
    • April 29, 2016

    @jhuls so you have networks that overlap their IP ranges on campus? You are correct, Network Segment works based on the IP range only. If your network overlaps/duplicates like that, then I'm not certain there is a way to target policies to machines on specific networks. The only other thing I can think would be to try to utilize Buildings or Departments to also scope against.

    S
    Forum|alt.badge.img+12
    • sean
    • Contributor
    • 529 replies
    • April 29, 2016

    The domain name perhaps?

    Or do you use AD sites and services?

    /usr/libexec/PlistBuddy -c "Print :ActiveDirectory:sitename " /Library/Preferences/OpenDirectory/DynamicData/Active Directory/[YOUR DOMAIN].plist

    As for trigger the following file changes with network change:

    /Library/Preferences/SystemConfiguration/preferences.plist

    Launchd WatchPath.

    L
    Forum|alt.badge.img+16
    • Look
    • Valued Contributor
    • 1002 replies
    • May 1, 2016

    Depending on what your trying to do with laptops you could use a two policy arrangement where the first policy is called by whatever actions you think are neccesary, it then checks the network conditions (i.e. check subnet, ping servers whatever...) using a script and if they pass the test it calls the second deployment policy with a customer trigger.


    Terms & ConditionsCookie settingsAccessibility statement