Help

Detecting the network a computer is connected to?

jhuls
Contributor III

Posted on ‎04-29-2016 08:46 AM

Two projects I'm working on involve DEP and software updates and deployment. In both cases I'm needing to detect what network the computer is connected to so that it knows what policies it can or can't run. My first thought was to detect the ip range but then considered the fact that laptops could be on another network and fall into a similar ip range that we have on campus. Does anyone have any experience or ideas in how I could go about detecting what network one of our computers is on?

Whatever gets used, I suspect I would need to use a trigger for network change to run a policy to do this. I just don't know what might be a good option other than ip addresses. Ideas?

0 Kudos
Reply
6 REPLIES 6

thoule
Valued Contributor II

Posted on ‎04-29-2016 09:09 AM

JAMF's suggested solution is to create a network range in your JSS (Settings -> Network Organization -> Network Segments). Then you can scope/limit policies based on those segments. Would that do what you need?

0 Kudos
Reply

stevewood
Honored Contributor II
Honored Contributor II

Posted on ‎04-29-2016 09:12 AM

@jhuls Have you considered using Network Segments in the JSS? You can set segments by IP range and then limit your policies based on those ranges. Under the scope tab of a policy you can use Network Segments for a limitation or an exclusion.

Network Segments

Scope

0 Kudos
Reply

jhuls
Contributor III

Posted on ‎04-29-2016 09:36 AM

I forgot about that but wouldn't it only check against the ip range? I don't have access to the Network Segment section at the moment to look in more detail but that was my understanding of it. It'll be important to not have certain policies run if the user has a laptop on another network that might have the same ip range.

0 Kudos
Reply

stevewood
Honored Contributor II
Honored Contributor II

Posted on ‎04-29-2016 10:03 AM

@jhuls so you have networks that overlap their IP ranges on campus? You are correct, Network Segment works based on the IP range only. If your network overlaps/duplicates like that, then I'm not certain there is a way to target policies to machines on specific networks. The only other thing I can think would be to try to utilize Buildings or Departments to also scope against.

0 Kudos
Reply

sean
Valued Contributor

Posted on ‎04-29-2016 12:55 PM

The domain name perhaps?

Or do you use AD sites and services?

/usr/libexec/PlistBuddy -c "Print :ActiveDirectory:sitename " /Library/Preferences/OpenDirectory/DynamicData/Active Directory/[YOUR DOMAIN].plist

As for trigger the following file changes with network change:

/Library/Preferences/SystemConfiguration/preferences.plist

Launchd WatchPath.

0 Kudos
Reply

Look
Valued Contributor III

Posted on ‎05-01-2016 02:41 PM

Depending on what your trying to do with laptops you could use a two policy arrangement where the first policy is called by whatever actions you think are neccesary, it then checks the network conditions (i.e. check subnet, ping servers whatever...) using a script and if they pass the test it calls the second deployment policy with a customer trigger.

0 Kudos
Reply