Jamf Nation Community

steve_summers · ‎03-06-2018

Greetings. I'm trying to find the best way to configure smart group criteria to detect a MacBook that doesn't have their recovery key setup in the JSS.
I have a workflow to send these folks whose key is missing, but the criteria to setup a smart group doesn't seem to pick them up. We do not use Institutional keys, only personal and I do have a key-redirection config profile in place.

Anyone have a working smart group to pick up when recovery keys are "Not Configured" in Jamf Pro and wouldn't mind sharing the search criteria? I've tried multiple ways and when I do it and spot check a few machines, they actually have keys in the Jamf Pro server.

Thanks.

mm2270 · ‎03-06-2018

Have you tried?

( FileVault 2 Status | is | All Partitions Encrypted
or
FileVault 2 Status | is | Boot Partitions Encrypted )
and
FileVault 2 Individual Key Validation | is | Unknown

That seems to get those systems on my server. Note the parens around the first 2 criteria items. I believe that will be important.
Alternatively, if you happen to use your own FV2 Status EA, like the one from @rtrouton, you can swap that in place of those first 2 criteria items.

View solution in original post

mm2270 · ‎03-06-2018

Have you tried?

( FileVault 2 Status | is | All Partitions Encrypted
or
FileVault 2 Status | is | Boot Partitions Encrypted )
and
FileVault 2 Individual Key Validation | is | Unknown

That seems to get those systems on my server. Note the parens around the first 2 criteria items. I believe that will be important.
Alternatively, if you happen to use your own FV2 Status EA, like the one from @rtrouton, you can swap that in place of those first 2 criteria items.

steve_summers · ‎03-06-2018

Thanks mm2270. This got me where i needed to be!

Jamf Nation Community

Detect