Skip to main content
Question

NoMAD Login+ and NoMAD Pro Jamf Extension Attributes

  • September 20, 2018
  • 13 replies
  • 49 views
C
Forum|alt.badge.img+18

I like to automate "All The Things". In order to do that, certain pieces of data need to be collected so as to make informed, logical decisions.

Part of my NoMAD rollout requires me to streamline my deployment process. In order to do that, I need to know which machines have a certain version of NoMAD Login+ and NoMAD Pro so I can install and update/upgrade accordingly.

I have written 5 unique Jamf Extension Attributes that provide me with the details I need in order to create a fully automated deployment and update/upgrade lifecycle for NoMAD Login+ and NoMAD Pro.

Once the Jamf Extension Attributes are properly configured, each device record, upon inventory collection (ie Recon), will provide the following details:

These details can be scoped against within Smart Groups, Advanced Searches, etc.

Without further ado, I give you my extension attributes in XML format, so you can upload directly into your Jamf instance.

NoMAD Login Installation Status.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Login Installation Status</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to acquire NoMAD Login+ Installation Status&#13;
# NoMAD_Login_Installation_Status.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-09-20&#13;
&#13;
if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then&#13;
  /bin/echo "&lt;result&gt;True&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;False&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit&#13;
</scriptContentsMac>
</extensionAttribute>

NoMAD Login Product Info.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Login Product Info</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to aquire NoMAD Login+ Product Info&#13;
# NoMAD_Login_Product_Info.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-09-20&#13;
&#13;
if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then&#13;
  productInfo=`/usr/bin/plutil -p /Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle/Contents/Info.plist | /usr/bin/grep -i "CFBundleExecutable" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`&#13;
  /bin/echo "&lt;result&gt;$productInfo&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;N/A&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit&#13;
</scriptContentsMac>
</extensionAttribute>

NoMAD Login Version.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Login Version</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to aquire NoMAD Login+ Version&#13;
# NoMAD_Login_Version.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-09-20&#13;
&#13;
if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then&#13;
  version=`/usr/bin/plutil -p /Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle/Contents/Info.plist | /usr/bin/grep -i "CFBundleShortVersionString" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`&#13;
  /bin/echo "&lt;result&gt;$version&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;N/A&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit&#13;
</scriptContentsMac>
</extensionAttribute>

NoMAD Pro Installation Status.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Pro Installation Status</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to acquire NoMAD Pro Installation Status&#13;
# NoMAD_Pro_Installation_Status.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-06-04&#13;
&#13;
if [ -e "/Applications/NoMAD Pro.app" ]; then&#13;
  /bin/echo "&lt;result&gt;True&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;False&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit&#13;
</scriptContentsMac>
</extensionAttribute>

NoMAD Pro Version.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Pro Version</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to aquire NoMAD Pro Version&#13;
# NoMAD_Pro_Version.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-09-20&#13;
&#13;
if [ -e "/Applications/NoMAD Pro.app" ]; then&#13;
  version=`/usr/bin/plutil -p /Applications/NoMAD Pro.app/Contents/Info.plist | /usr/bin/grep -i "CFBundleShortVersionString" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`&#13;
  /bin/echo "&lt;result&gt;$version&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;N/A&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit</scriptContentsMac>
</extensionAttribute>

Enjoy!

For those who would just prefer the raw shell scripts without all the crazy Jamf Pro Extension Attribute xml markup, here you go...

NoMAD_Login_Installation_Status.sh

#!/bin/bash

# Jamf Extension Attribute to acquire NoMAD Login+ Installation Status
# NoMAD_Login_Installation_Status.sh

# Written by Caine Hörr
# Written on 2018-09-20

if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then
  /bin/echo "<result>True</result>"
else
  /bin/echo "<result>False</result>"
fi

exit

NoMAD_Login_Product_Info.sh

#!/bin/bash

# Jamf Extension Attribute to aquire NoMAD Login+ Product Info
# NoMAD_Login_Product_Info.sh

# Written by Caine Hörr
# Written on 2018-09-20

if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then
  productInfo=`/usr/bin/plutil -p /Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle/Contents/Info.plist | /usr/bin/grep -i "CFBundleExecutable" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`
  /bin/echo "<result>$productInfo</result>"
else
  /bin/echo "<result>N/A</result>"
fi

exit

NoMAD_Login_Version.sh

#!/bin/bash

# Jamf Extension Attribute to aquire NoMAD Login+ Version
# NoMAD_Login_Version.sh

# Written by Caine Hörr
# Written on 2018-09-20

if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then
  version=`/usr/bin/plutil -p /Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle/Contents/Info.plist | /usr/bin/grep -i "CFBundleShortVersionString" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`
  /bin/echo "<result>$version</result>"
else
  /bin/echo "<result>N/A</result>"
fi

exit

NoMAD_Pro_Installation_Status.sh

#!/bin/bash

# Jamf Extension Attribute to acquire NoMAD Pro Installation Status
# NoMAD_Pro_Installation_Status.sh

# Written by Caine Hörr
# Written on 2018-06-04

if [ -e "/Applications/NoMAD Pro.app" ]; then
  /bin/echo "<result>True</result>"
else
  /bin/echo "<result>False</result>"
fi

exit

NoMAD_Pro_Version.sh

#!/bin/bash

# Jamf Extension Attribute to aquire NoMAD Pro Version
# NoMAD_Pro_Version.sh

# Written by Caine Hörr
# Written on 2018-09-20

if [ -e "/Applications/NoMAD Pro.app" ]; then
  version=`/usr/bin/plutil -p /Applications/NoMAD Pro.app/Contents/Info.plist | /usr/bin/grep -i "CFBundleShortVersionString" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`
  /bin/echo "<result>$version</result>"
else
  /bin/echo "<result>N/A</result>"
fi

exit
Kind regards,Caine HörrA reboot a day keeps the admin away!
A
J
S

13 replies

C
Forum|alt.badge.img+18
  • cainehorr
  • Author
  • Valued Contributor
  • September 20, 2018

PS - Thanks to @mactroll and @macshome for all their help with the "little things" that led me to write these scripts / Jamf Extension Attributes.

Kind regards,Caine HörrA reboot a day keeps the admin away!
N
Forum|alt.badge.img+12
  • nstrauss
  • Valued Contributor
  • September 20, 2018

@cainehorr Thanks for sharing. Don't you already get NoMAD.app and NoMAD Pro.app versions from regular inventory collection? Apps with standard version info using CFBundleShortVersionString should be reported correctly to a device's applications list.

For NoMADLogin.bundle I wonder if adding /Library/Security/SecurityAgentPlugins/ to Computer Management > Inventory Collection > Plug-ins would pull information or if it only searches for things ending in certain file extensions.

C
Forum|alt.badge.img+18
  • cainehorr
  • Author
  • Valued Contributor
  • September 20, 2018

@nstrauss - You are correct regarding apps in /Applications...

My EA for NoMAD Pro is superfluous!

Kind regards,Caine HörrA reboot a day keeps the admin away!
C
Forum|alt.badge.img+18
  • cainehorr
  • Author
  • Valued Contributor
  • September 20, 2018

@nstrauss - I added /Library/Security/SecurityAgentPlugins/ to Jamf's inventory collection settings, ran a manage and a recon... nothing... So I'm guessing that Jamf is looking for the ".app" extension.

Kind regards,Caine HörrA reboot a day keeps the admin away!
S
Forum|alt.badge.img+3
  • steveevans
  • New Contributor
  • October 5, 2018

Thanks for these Caine!! Very helpful to keep track of the NoMAD components.
Cheers!

G
Forum|alt.badge.img+1

Thanks for these Caine!

Z
Forum|alt.badge.img+9

Thought I'd add one I use which detects if Local/IDP Password has been synced.

With this, you can force a Nomad/JAMF Connect popup screen to have them signin / sync.

#!/bin/sh
currentUser=$(stat -f%Su /dev/console)
passwordExists=$(defaults read /Users/$currentUser/Library/Preferences/menu.nomad.NoMADPro.plist PasswordCurrent)
if [ "$passwordExists" = 1 ];then
    echo "<result>Password Synced</result>"
    else
        echo "<result>Password not Synced</result>"
    fi
A
S
Z
T
Forum|alt.badge.img+5
  • thomH
  • Contributor
  • March 26, 2019

@nstrauss

For NoMADLogin.bundle I wonder if adding /Library/Security/SecurityAgentPlugins/ to Computer Management > Inventory Collection > Plug-ins would pull information or if it only searches for things ending in certain file extensions.

I added /Library/Security/SecurityAgentPlugins/NoMADLoginAD.bundle as a plugin and my smart group is succesfully counting Plug-In Title.

N
M
Forum|alt.badge.img+10
  • mtward
  • Contributor
  • March 27, 2019

@cainehorr, @nstrauss How are you handling macOS point releases/major releases with NoLoAD and/or NoMAD installed? what does the Product Info EA assist you with? Thanks!

C
Forum|alt.badge.img+18
  • cainehorr
  • Author
  • Valued Contributor
  • March 27, 2019

Unfortunately, we have pulled the plug on all things NoMAD. I have no further contributions to make at this time regarding this product.

Kind regards,Caine HörrA reboot a day keeps the admin away!
N
Forum|alt.badge.img+12
  • nstrauss
  • Valued Contributor
  • March 27, 2019

@piagetblix That does work! Thank you.

With plug-in data available it's possible to make a smart group for reporting. Can then install the latest version on clients that need it.

S
Forum|alt.badge.img+8
  • sdamiano
  • Valued Contributor
  • January 8, 2020

Sorry to Necropost but I want to amend @zachary.fisher 's EA above for Jamf Connect Sync. 

#!/bin/bash

#### Extension Attribute To Check If Jamf Connect Sync Is Signed In

currentUser=$(stat -f%Su /dev/console)
SignedIn=$(defaults read /Users/$currentUser/Library/Preferences/com.jamf.connect.sync.plist PasswordCurrent)
if [ "$SignedIn" = 1 ];then
    echo "<result>Password Synced</result>"
    else
        echo "<result>Password not Synced</result>"
    fi
D
Z
P
Forum|alt.badge.img+3
  • pmac789
  • New Contributor
  • March 9, 2022

Sorry to Necropost but I want to amend @zachary.fisher 's EA above for Jamf Connect Sync. 

#!/bin/bash

#### Extension Attribute To Check If Jamf Connect Sync Is Signed In

currentUser=$(stat -f%Su /dev/console)
SignedIn=$(defaults read /Users/$currentUser/Library/Preferences/com.jamf.connect.sync.plist PasswordCurrent)
if [ "$SignedIn" = 1 ];then
    echo "<result>Password Synced</result>"
    else
        echo "<result>Password not Synced</result>"
    fi

HI @sdamiano ,

do you have to create a smart for it after adding this to the EA? is so, what criteria did you include in the smart group?

Terms & ConditionsCookie settingsAccessibility statement