After upgrading to 10.11 on campus we wanted to find out which machines need our netboot server whitelisted to allow for booting remotely. I put together this quick EA that others may find useful.
#!/bin/sh
osvers_major=$(sw_vers -productVersion | awk -F. '{print $1}')
osvers_minor=$(sw_vers -productVersion | awk -F. '{print $2}')
# Checks to see if the OS on the Mac is 10.x.x.
if [[ ${osvers_major} -ne 10 ]]; then
echo "Unknown Version of Mac OS X"
fi
# Checks to see if the OS on the Mac is 10.11.x or higher.
if [[ ${osvers_major} -eq 10 ]] && [[ ${osvers_minor} -lt 11 ]]; then
echo "System Integrity Protection Not Available For `sw_vers -productVersion`"
fi
if [[ ${osvers_major} -eq 10 ]] && [[ ${osvers_minor} -ge 11 ]]; then
# Checks System Integrity Protection status on Macs
# running 10.11.x or higher
SIP_status=`/usr/bin/csrutil status | awk '/status/ {print $5}' | sed 's/.$//'`
# If it's disabled, just print disabled
if [[ $SIP_status == "disabled" ]]; then
echo "<result>SIP Disabled</result>"
# if it's enabled, we'll get the netboot list
elif [[ $SIP_status == "enabled" ]]; then
netbootList=`/usr/bin/csrutil netboot list`
echo "<result>$netbootList</result>"
fi
fi