Create a smart group based on profile

martinf
New Contributor II

I'm looking to create a policy based on macs with certain configuration profile that is installed in self service.

I went to make a smart group but can't seem to find a criteria fro profile name like in the mobile smart groups.

Is there any way to do this?

9 REPLIES 9

strider_knh
Contributor II

That criteria is not available for Computers, only iOS device.

We wrote an extension attribute to collect this info that we could then base searches and groups off of.

I know the JSS stores this info but for some reason they do not allow us to use it for anything.

jhbush
Valued Contributor II

@martinf you can gather the profiles that are installed with an EA like this.

#!/bin/sh

# Displays all configuration profiles installed

profiles=`profiles -C -v | awk -F: '/attribute: name/{print $NF}'| sort | sed -e 's/^[ 	]*//'`

if [[ ! -z "$profiles" ]]; then

    echo "<result>$profiles</result>"

else

    echo "<result>Not Installed</result>"

fi

exit 0

Smart Groups can be based from that EA.

bentoms
Release Candidate Programs Tester

Hmm.. is there an FR for being able to scope Smart Groups for Computers based on profiles as per iOS?

martinf
New Contributor II

thanks @strider.knh that is exactly what i need and has worked!

Will make a real difference to us - i need to make most of our VPP apps available to all our users but i don't want to have to buy say 100 Final Cut Pro lics just to make it show in Self Service.

This way i can list a blank config profile in Self service and give it the FCP icon so the user feeling like they are installing it > then make a smart group for macs in this range > then scope the VPP FCP app to automatically install on any mac in this group.

I also see if the is FR for this and if not raise one.

AVmcclint
Honored Contributor

@jhbush1973 I discovered that the EA you shared with us might not work for me. I ran the command in Terminal as a test before putting the EA in place and here's what I get:

$ sudo profiles=`profiles -C -v | awk -F: '/attribute: name/{print $NF}'| sort | sed -e 's/^[ 	]*//'`
Password:
sudo: cert+AVcerts: command not found

It choked on a profile I have named "802.1x+computer cert+AVcerts". Did it choke on the space before cert or did it choke on the +?

henkelb
New Contributor III

From the post it looks like it failed on the space. The error message is saying that "cert+AVCerts" is not a valid command. You probably need to escape the space character some how.

mm2270
Legendary Contributor III

We have plenty of profiles with spaces in them, and the EA we use never has an issue getting the names. Here's what we use

#!/bin/sh

cProfiles=$(profiles -Pv | awk -F'attribute: name: ' '/attribute: name/{print $NF}')

echo "<result>$cProfiles</result>"

We have one that grabs the identifier names as well as the one above that gets the human readable names

#!/bin/sh

cProfilesIDs=$(profiles -Pv | awk -F'attribute: profileIdentifier: ' '/attribute: profileIdentifier/{print $NF}'

echo "<result>$cProfilesIDs</result>"

Finally, here's one I'm not using, but could be useful to someone. This gets both the names and the identifiers together and puts each grouping (name + identifier) on it's own line

#!/bin/sh

profilesAll=$(profiles -Pv | awk -F': ' '/attribute: name|attribute: profileIdentifier/{print $NF}' | sed 's/$/ =/;N' | paste -d" " - -)

echo "<result>$profilesAll</result>"

AVmcclint
Honored Contributor

@mm2270 That first one did the trick for my needs. Thanks!

mentos
New Contributor

@bentoms Did this ever make it to be FR or more?