Hi all, just thought I would share this so that others are aware and to see if anyone else has had a similar issue. We are still trying to work out exactly what happened but this is what we think happened...
There is an Extension Attribute with TRUE / FALSE / or empty as possible values.
There is a Smart Group for machines where this Value is exactly TRUE.
When the Extension Attribute name was shortened the madness began! Basically a whole bunch of machines then became members of the Smart Group and had policies applied as a result. The machines then appear to slowly over time fall back out of the group as the system realises they aren't meant to be there.
Whats odd though is that everything you look at correctly reflects the new name and the machines show the value of this as FALSE, as they did with the previous name, but they still show in the membership of the group.
I can't think of any logic that would put them in the group but that certainly looks like what has happened, if they had fallen out of the group it would make some sense as maybe they no longer met the condition but they shouldn't be moving into the group!
In the end I did fix it, simply by clicking edit then save on the smart group and it immediately updated the group memebership to the correct machines!
Anyway just be careful when renaming EA's I guess...
We are on 9.81 further to this have found another built in extension attribute that behaves possibly even worse...
Core Storage Partition Scheme on Boot Partition
if you use "is yes" it incorrectly returns all machines where the value is "No".
if you use "is Yes" it correctly returns all machines where the value is "Yes".
Interestingly though "is not no" and "is not No" both correctly return all machines with "Yes".
I would be interested to know if others can replicate the same behaviour in their environment, I was just using the static saved computer searches for this.
At risk of having a conversation with myself.... Does anyone know how to log an actual bug report?
I have worked out exactly what is happening. There is a bug/behaviour in Casper where a Smart group with no conditions would contain all computers in the JSS.
Changing the EA name appears to temporarily render any conditions using it somehow invalid or none existent so the JSS ignores it, if it's the only condition on a group it then adds every machine in the JSS to the group.
There is a feature request to reverse this behaviour that really needs implementing!
The issue you're describing is a known issue. Look here for a Feature request asking it not to do that. (Nevermind, didn't see you also posted the same FR info) I have no clue why a Smart Group with no criteria ends up capturing all Macs, but its an extremely dangerous default that JAMF has inexplicably left in place now for some time. I really hope they address this. More than a few folks have been bitten by this thing, though as far as I know, this is the first time I've heard that just renaming an EA added as criteria to a Smart Group would cause this to happen.
I agree, luckily for us it only affected a small number of machines before it as discovered and it was a 5 minute fix, but the potential for havoc from this behaviour is pretty darn horrible depending on what it ended up propogating to the machines! That is why I was particularly interested if anyone else had seen the same behaviour.