Jamf Nation Community

I'm looking for a similar thing, but one add-on. Delete a machine if it doesn't contact the JSS in 90 days, but if later on it does, to have it somehow add back.

We have many machines that go into people's drawers or aren't turned on for extended periods of time. These kill our update reporting. If we could have them 'fall off' when they haven't contacted then as soon as they do contact, add them back as active machines. I've been working around this by changing their status to unmanaged, but I still have to do a lot of manual clean up.

I'm open to ideas and/or suggestions.

Hi,

We would like to automate the process of deleting the computers not reporting for more than 90 days. I think this will be followed in many environments. Can someone give me an idea on doing this?

Regards,
Karthikeyan

@jbestine - We tend to add one additional item of criteria to our reporting to account for this, which is to include a
"Last Contact Time | less than x days ago | 61" (we use 60 days in our case) You can use the same method for Smart Groups to keep any groups down to only "active" systems for policies. The beauty of this is, if a Mac starts checking in again, it should fall into any of your groups and also start showing up in reports.

As for auto re-enrolling a Mac that has been deleted, there is no easy way to accomplish this, but its something we've also discussed and looked into.

The only way I can see to possibly accomplish this would be to do something along these lines:
1- Pre-deploy a QuickAdd.pkg to a hidden location on your systems, like /private/var/casper/
2- Create and deploy a LaunchDaemon that would do something like run once a day to run a script also hidden on the Mac.
3- The script would:
a) attempt to contact your JSS, possibly using the "jss_url" item from /Library/Preferences/com.jamfsofware.jamf.plist, if its there.
b) If it can connect, it would then check to see if the Mac exists in the JSS based on a search by its MAC address using the API
c) If it doesn't find its own record, assume its been deleted and install the QuickAdd.pkg from the hidden location to re-enroll the Mac.

Since LaunchDaemons run as root it shouldn't have an issue with permissions to run the installation.

Unfortunately, assuming one could even get all this to work reliably, this won't help in the case of Macs that have already gone silent, since you'd need them to check in before you can deploy any of these items to them.
But it could help for future cases of Macs gone MIA.

I havent done any of this. Its just "theory" If I ever do get around this, I will update this thread with new information.

All that said, its not the best idea to delete Macs from your JSS inventory unless there's a good reason. Because you lose all the history stored with the computer when you do that. Stuff like Application Usage, hardware changes, etc, for example. If your primary concern is to keep them out of reports, I'd just use the Last Contact Time item mentioned above.