Posted on 09-04-2016 09:48 AM
Is it possible to make a smart group of machines that have violated a piece of Restricted Software
Posted on 09-04-2016 11:18 AM
I've just had a look and it doesn't seem to be in the smart group criteria options.
You can use the "has xxxxx application installed" option, but there may be a delay before the info updates if inventory updates are weekly.
Posted on 09-05-2016 12:21 AM
Yeah I was going to use this, the problem is, we have a particular piece of software that gets removed on Violation. Which then means the smart group doesn't work because they don't have it.
It doesn't even appear in the event logs!!
Posted on 09-05-2016 05:06 AM
As I recall restricted software actions are logged in the JSS server log if that helps you at all.
Posted on 09-05-2016 10:01 AM
I will have to try and have a look. Not sure where the server logs are though
Posted on 10-05-2016 10:54 AM
A lazy man's way to do this would be emailed on violation, if you don't have direct access to the server log. It would be a lot more labor intensive to translate it all from email to static computer groups, but it is possible. Although a script and the API might work...