Jamf Nation Community

rcastorani · ‎09-13-2014

Is there a criteria or EA I could use to create a smart group for computers with pending commands?

I have a bunch of laptops, maybe 50-100, that have pending commands that will never succeed. I'm not sure if this is an issue with 9.4 or not but I spoke to JAMF Support who are looking into it.

I basically need to put them into a group, run removerFramework, then re-enroll then with Recon. I'm not sure yet how to systematize re-enrolling them yet but the first step is to group them together without having to go through each computer's management settings manually.

Below is a screenshot of the pending commands. Any ideas on how to automatically group these? Thanks.

external image link

mm2270 · ‎09-16-2014

You;d really be better off pulling a list of all installed profiles into the EA field, and then using the "Like" operator in a Smart Group to gather Macs that have any of the profiles installed (or not) that you may want. I personally try to avoid building an EA just to capture a single piece of information, especially if I know I may need additional EAs to capture other bits that can all be brought into one result. OTOH, if you only ever expect to install one profile on your Macs, then using an EA just to check for that one is fine.

But if you would like to see them all, something like this will pull the human readable names given to all installed profiles, which you can then use for a Smart Group using something along the lines of

Installed Profiles | Like | "some string"

The below only pulls computer level profiles.

#!/bin/sh

echo "<result>$(profiles -Cv | awk -F': ' '/attribute: name:/{print $NF}')</result>"

That will generate something like:

MDM Enrollment
Company Wireless
etc.

If you'd rather it gather the identifier strings, simply change the "attribute: name:" to "attribute: identifier:" The thing about the identifier is that with some profiles they are just a string of letters and numbers so they aren't very descriptive, so I think the actual name would make more sense, but either option is there.

View solution in original post

Damien · ‎09-15-2014

Could an extension attribute similar to this be useful to populate a field that you can create Smart groups with exclusions around?

#!/bin/sh
#
############################################################################
# Extension Attribute to check for an installed Mobile Config Profile.
#
############################################################################
Profile=sudo profiles -P | grep com.profileidentifier | awk '{print $4}'
echo "<result> $Profile </result>"

rcastorani · ‎09-15-2014

Thanks for the reply. I just added the EA. I'll let you know what this comes back with.

Damien · ‎09-15-2014

just looking that that it would possibly yield better results replacing awk '{print $4}'
with
awk '{print $NF}'

rcastorani · ‎09-16-2014

Thanks again. Am I correct that com.profileidentifier should be replaced with something like com.ProfileList, or should that stay how it is?

Damien · ‎09-16-2014

Hi Rick, Sorry i should have explained that a bit better. Run the following on a device that has the Profiles you mentioned successfully installed;

run sudo profiles -P

you will get an output similar to:

DeathStar:Desktop D4$ sudo profiles -P
Password:
D4[1] attribute: profileIdentifier: ipsadmins-macbook-pro.local.97703D0B
D4[2] attribute: profileIdentifier: com.stfrancis.8021x
There are 2 configuration profiles installed

Use this modified Extension Attribute and replace the com.stfrancis.8021x in the script to match the profile identifier in the above output to the profile your targeting.

*#!/bin/sh
Profile=sudo profiles -P | grep com.stfrancis.8021x | awk '{print $NF}'
if [ "$Profile" = "com.stfrancis.8021x" ]; then
echo "<result>Installed</result>"
else
echo "<result>Missing</result>"
fi

The end result will be that your extension Attribute field will either be Installed or Missing

mm2270 · ‎09-16-2014

You;d really be better off pulling a list of all installed profiles into the EA field, and then using the "Like" operator in a Smart Group to gather Macs that have any of the profiles installed (or not) that you may want. I personally try to avoid building an EA just to capture a single piece of information, especially if I know I may need additional EAs to capture other bits that can all be brought into one result. OTOH, if you only ever expect to install one profile on your Macs, then using an EA just to check for that one is fine.

But if you would like to see them all, something like this will pull the human readable names given to all installed profiles, which you can then use for a Smart Group using something along the lines of

Installed Profiles | Like | "some string"

The below only pulls computer level profiles.

#!/bin/sh

echo "<result>$(profiles -Cv | awk -F': ' '/attribute: name:/{print $NF}')</result>"

That will generate something like:

MDM Enrollment
Company Wireless
etc.

If you'd rather it gather the identifier strings, simply change the "attribute: name:" to "attribute: identifier:" The thing about the identifier is that with some profiles they are just a string of letters and numbers so they aren't very descriptive, so I think the actual name would make more sense, but either option is there.

Jamf Nation Community

Group based on Pending Commands?