Posted on 11-22-2019 09:55 AM
Hi Everyone, I'm having an issue, I know that I can always exclude computers that are provisioned with depnotify to not run these policies in jamf... but I would have to exclude on every policy that runs at the networkstatechange trigger. Just wondering if this is a possibility... while depnotify is going through my installation workflow the networkstatechange trigger happens for some reason (not sure why, i'm connected via Ethernet (wifi is also on but Ethernet should take priority)) Is there a way to ignore the networkstatechange trigger while the dep user is logged in? Also another piece of info... the dep user is not an AD user.
Solved! Go to Solution.
Posted on 11-22-2019 11:56 AM
How many policies are you using the NetworkStateChange trigger on? Unless it's a huge amount, I would think the easiest way would be to add a Smart Group for your provisioned enrolled Macs to exclude from any policies that you don't want it to run on, until they are complete with the setup.
As for why the NetworkStateChange trigger is being called, well, sadly that's normal, at least in terms of how it works. The files/locations that the Jamf process monitors for network state change gets touched nearly constantly. Even when the IP doesn't refresh or change unfortunately. Even installations or a device being plugged into the machine can cause it to be modified. For this reason, I advise caution on using it on too many policies. You may be running a lot of policies on your Macs frequently and unnecessarily.
Posted on 11-22-2019 02:50 PM
I set the room to KISD DEP in the prestage and use this to create a smart group that I can exclude or target with policies. At the end of the Depnotify script I run a recon and set the room to DEP Complete. The computers are then removed from the smart group and can continue on as normal.
Posted on 11-22-2019 11:56 AM
How many policies are you using the NetworkStateChange trigger on? Unless it's a huge amount, I would think the easiest way would be to add a Smart Group for your provisioned enrolled Macs to exclude from any policies that you don't want it to run on, until they are complete with the setup.
As for why the NetworkStateChange trigger is being called, well, sadly that's normal, at least in terms of how it works. The files/locations that the Jamf process monitors for network state change gets touched nearly constantly. Even when the IP doesn't refresh or change unfortunately. Even installations or a device being plugged into the machine can cause it to be modified. For this reason, I advise caution on using it on too many policies. You may be running a lot of policies on your Macs frequently and unnecessarily.
Posted on 11-22-2019 12:05 PM
Might want to vote this up...
Postpone all policies until "Enrollment Complete" policy finishes
It mostly aligns with what you're thinking...
Posted on 11-22-2019 02:50 PM
I set the room to KISD DEP in the prestage and use this to create a smart group that I can exclude or target with policies. At the end of the Depnotify script I run a recon and set the room to DEP Complete. The computers are then removed from the smart group and can continue on as normal.
Posted on 11-22-2019 03:23 PM
@m.donovan Nice! I like that method, and may shamelessly steal appropriate it 😁
Posted on 11-25-2019 06:02 AM
@m.donovan I'm just starting with scripting... do you have an example of what setting the room to DEP Complete would look like?
Posted on 11-25-2019 06:21 AM
@sintichn Take a look at the help page for the Jamf binary - jamf help
. The recon
verb has options to update various User & Location fields in the computer record. For example:
/usr/local/bin/jamf recon -room "DEP Complete"