Help

FileVault 2: How to sort by Disk Drive Type (i.e. Rotational vs. SSD)

Go to solution
sepiemoini
Contributor III
Contributor III

Posted on ‎09-15-2015 09:23 AM

I am looking to create a Smart Computer Group which targets all Mac laptops in my environment that are not encrypted. Specifically, I would like to isolate those which have Solid-State Drives (SSD) and EXCLUDE disk drive types that are using older, rotational hard disk drives (HDD). Additionally, I would like (if possible) to exclude any plugged in media like thumb drives and external drives that may be in use. This group should only target INTERNAL media only. However, I'm not sure if that is possible.

Please review my current group criteria and let me know your thoughts. Thanks!

262300b968af4e7cb81e98cd183ab230

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
sepiemoini
Contributor III
Contributor III

Posted on ‎09-15-2015 12:33 PM

Thanks, @bkramps!

Giving this a shot:

#!/bin/bash Medium=$(system_profiler SPSerialATADataType | grep Medium Type | sed -e 's/^[Medium Type: ]*//') echo "<result>$Medium</result>"

Should the results show instantly in my JSS?

25bd83c5672042b78c1e59da181989f7

View solution in original post

0 Kudos
11 REPLIES 11

Go to solution
BrysonTyrrell
Contributor II

Posted on ‎09-15-2015 10:28 AM

This is an old extension attribute we used to differentiate between Macs with HDD and SSD boot volumes. It might help achieve what you're trying to do.

#!/usr/bin/python
import plistlib
import subprocess

p = plistlib.readPlistFromString(subprocess.check_output(['system_profiler', 'SPStorageDataType', '-xml']))

def mediumtype():
    for i in range(len(p[0]['_items'])):
        if str(p[0]['_items'][i]['mount_point']) == "/":
            return str(p[0]['_items'][i]['com.apple.corestorage.pv'][0]['medium_type'])

print("<result>" + mediumtype().upper() + "</result>")
0 Kudos

Go to solution
bkramps
New Contributor III

Posted on ‎09-15-2015 10:33 AM

@sepiemoini let's look at your request in 2 parts.

  • I believe the best way to find out if the drive is SSD or not is to use an Extension Attribute. Others can let me know if there is a JSS field available that I don't see. The ext attribute could be (I've only tested this on Yosemite)
#!/bin/sh
echo "<result>" `diskutil info / | grep "Solid State" | awk '{ print $3 }'` "</result>"

That assumes that your Root (aka /) disk is the main internal disk. It will give you a Yes or No answer.

  • The better way to setup your criteria is to change FileVault 2 Status to "Is Not" "Boot Partitions Encrypted". That way the Smart Group will discard external Media. If you keep "No Partitions Encrypted" then External drives and mounted images will fall into the group. After you get the FV2 Status setup, then you can add the Ext Attribute as an AND Criteria.
0 Kudos

Go to solution
sepiemoini
Contributor III
Contributor III

Posted on ‎09-15-2015 11:40 AM

Thanks, @bkramps--I've update the FileVault 2 Status field as suggested. Regarding the custom extension attribute, neither examples seem to work properly. Any other ideas @brysontyrrell @bkramps?

e0c038ad7362431f842722d68eb9025d

0 Kudos

Go to solution
bkramps
New Contributor III

Posted on ‎09-15-2015 12:17 PM

@sepiemoini In your echo statement, you want result, not return. That may be where your error lies.
When I put your Ext Attribute into my environment and change to result, I get the desired result.

0 Kudos

Go to solution
mjsanders
New Contributor III

Posted on ‎09-15-2015 12:20 PM

If you know the model identifier (MacBookPro12,2) you can make a table which has SSD or not (use Mactracker and the like)

Is that easier than finding the type of disk with you own script?

0 Kudos

Go to solution
sepiemoini
Contributor III
Contributor III

Posted on ‎09-15-2015 12:33 PM

Thanks, @bkramps!

Giving this a shot:

#!/bin/bash Medium=$(system_profiler SPSerialATADataType | grep Medium Type | sed -e 's/^[Medium Type: ]*//') echo "<result>$Medium</result>"

Should the results show instantly in my JSS?

25bd83c5672042b78c1e59da181989f7

0 Kudos

Go to solution
bkramps
New Contributor III

Posted on ‎09-15-2015 12:36 PM

@sepiemoini No, each machine will report that attribute at next Update (aka recon). You can force a recon on a machine if you want via Terminal with sudo jamf recon -verbose
With the verbose tag, you can see if the attribute is actually run.

0 Kudos

Go to solution
sepiemoini
Contributor III
Contributor III

Posted on ‎09-15-2015 12:40 PM

@bkramps Noted and thanks! Some machine are still reporting attributes from the previous iterations of this custom extension attribute. I assume that these will go away and update to the new string/variables when they check back in?

0 Kudos

Go to solution
bkramps
New Contributor III

Posted on ‎09-15-2015 12:49 PM

@sepiemoini Yes, the next time those machines do an inventory they will rerun the Attribute script and put in the new data.

0 Kudos

Go to solution
sepiemoini
Contributor III
Contributor III

Posted on ‎09-16-2015 06:23 AM

Thanks for the help, @bkramps! I've gone ahead and marked the above as the solution. When I left work last night, 16 of 447 machines had checked back in with the proper extension attribute field populate. This morning that number had sky-rocketed to 148! I'll continue to monitor this and proceed with my FV2 encryption project following a higher return of machines who have checked in.

0 Kudos

Go to solution
Warren
New Contributor II

Posted on ‎05-24-2018 07:27 AM

Just used the script to differentiate between SSD and the HDDs in my environment. Nicely done all.

0 Kudos