Skip to main content
Solved

Group based on Pending Commands?

  • September 13, 2014
  • 6 replies
  • 0 views
R
Forum|alt.badge.img+5

Is there a criteria or EA I could use to create a smart group for computers with pending commands?

I have a bunch of laptops, maybe 50-100, that have pending commands that will never succeed. I'm not sure if this is an issue with 9.4 or not but I spoke to JAMF Support who are looking into it.

I basically need to put them into a group, run removerFramework, then re-enroll then with Recon. I'm not sure yet how to systematize re-enrolling them yet but the first step is to group them together without having to go through each computer's management settings manually.

Below is a screenshot of the pending commands. Any ideas on how to automatically group these? Thanks.

external image link

Best answer by mm2270

You;d really be better off pulling a list of all installed profiles into the EA field, and then using the "Like" operator in a Smart Group to gather Macs that have any of the profiles installed (or not) that you may want. I personally try to avoid building an EA just to capture a single piece of information, especially if I know I may need additional EAs to capture other bits that can all be brought into one result. OTOH, if you only ever expect to install one profile on your Macs, then using an EA just to check for that one is fine.

But if you would like to see them all, something like this will pull the human readable names given to all installed profiles, which you can then use for a Smart Group using something along the lines of

Installed Profiles | Like | "some string"

The below only pulls computer level profiles.

#!/bin/sh

echo "<result>$(profiles -Cv | awk -F': ' '/attribute: name:/{print $NF}')</result>"

That will generate something like:

MDM Enrollment
Company Wireless
etc.

If you'd rather it gather the identifier strings, simply change the "attribute: name:" to "attribute: identifier:" The thing about the identifier is that with some profiles they are just a string of letters and numbers so they aren't very descriptive, so I think the actual name would make more sense, but either option is there.

View original
    Did this topic help you find an answer to your question?

    6 replies

    D
    Forum|alt.badge.img+4
    • Damien
    • Contributor
    • 23 replies
    • September 15, 2014

    Could an extension attribute similar to this be useful to populate a field that you can create Smart groups with exclusions around?

    #!/bin/sh
    #
    ############################################################################
    # Extension Attribute to check for an installed Mobile Config Profile.
    #
    ############################################################################
    Profile=sudo profiles -P | grep com.profileidentifier | awk '{print $4}'
    echo "<result> $Profile </result>"

    R
    Forum|alt.badge.img+5
    • rcastorani
    • Author
    • Contributor
    • 32 replies
    • September 15, 2014

    Thanks for the reply. I just added the EA. I'll let you know what this comes back with.

    D
    Forum|alt.badge.img+4
    • Damien
    • Contributor
    • 23 replies
    • September 16, 2014

    just looking that that it would possibly yield better results replacing awk '{print $4}'
    with
    awk '{print $NF}'

    R
    Forum|alt.badge.img+5
    • rcastorani
    • Author
    • Contributor
    • 32 replies
    • September 16, 2014

    Thanks again. Am I correct that com.profileidentifier should be replaced with something like com.ProfileList, or should that stay how it is?

    D
    Forum|alt.badge.img+4
    • Damien
    • Contributor
    • 23 replies
    • September 16, 2014

    Hi Rick, Sorry i should have explained that a bit better. Run the following on a device that has the Profiles you mentioned successfully installed;

    run sudo profiles -P

    you will get an output similar to:

    DeathStar:Desktop D4$ sudo profiles -P
    Password:
    D4[1] attribute: profileIdentifier: ipsadmins-macbook-pro.local.97703D0B
    D4[2] attribute: profileIdentifier: com.stfrancis.8021x
    There are 2 configuration profiles installed

    Use this modified Extension Attribute and replace the com.stfrancis.8021x in the script to match the profile identifier in the above output to the profile your targeting.

    *#!/bin/sh
    Profile=sudo profiles -P | grep com.stfrancis.8021x | awk '{print $NF}'
    if [ "$Profile" = "com.stfrancis.8021x" ]; then
    echo "<result>Installed</result>"
    else
    echo "<result>Missing</result>"
    fi

    The end result will be that your extension Attribute field will either be Installed or Missing

    mm2270
    Forum|alt.badge.img+16
    • mm2270
    • Legendary Contributor
    • 7880 replies
    • Answer
    • September 17, 2014

    You;d really be better off pulling a list of all installed profiles into the EA field, and then using the "Like" operator in a Smart Group to gather Macs that have any of the profiles installed (or not) that you may want. I personally try to avoid building an EA just to capture a single piece of information, especially if I know I may need additional EAs to capture other bits that can all be brought into one result. OTOH, if you only ever expect to install one profile on your Macs, then using an EA just to check for that one is fine.

    But if you would like to see them all, something like this will pull the human readable names given to all installed profiles, which you can then use for a Smart Group using something along the lines of

    Installed Profiles | Like | "some string"

    The below only pulls computer level profiles.

    #!/bin/sh

echo "<result>$(profiles -Cv | awk -F': ' '/attribute: name:/{print $NF}')</result>"

    That will generate something like:

    MDM Enrollment
Company Wireless
etc.

    If you'd rather it gather the identifier strings, simply change the "attribute: name:" to "attribute: identifier:" The thing about the identifier is that with some profiles they are just a string of letters and numbers so they aren't very descriptive, so I think the actual name would make more sense, but either option is there.

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings