Jamf Smart Group Help - If completed then add to group?

matherton
New Contributor

Not sure how to even word the title of this.... 

Trying to figure out if there is a way that if a computer in a static group runs a policy and is "completed" (not failed) then it will add it self to another group (assuming smart groups).

Using this for our transition to a new AV solutions, want to make sure the old one removal goes through before the new one installs.

6 REPLIES 6

gabe2385
Contributor

@matherton there are a few ways you can do it but my question is, if the policy you are pushing some kind of package or script? what you can do is in the policy update the inventory and create a smart group Packages Installed By Casper (they should really change this) to have them moved to that group. You can also do a dummy receipt, which is what we use in a lot of our script but that is a little bit more complex. 

Tribruin
Valued Contributor
Valued Contributor

Depending on what you are installing, you could create a smart group to look for the new application in the Applications folder. Or, you could create an EA that checks if the application/agent is installed and then create a Smart Group against that EA. 

 

For example, we have an EA that verifies that Crowdstrike is installed and activated. I would just create a Smart Group that checks that EA. 

matherton
New Contributor

policy to remove the old AV is a script and the new av is a package+Script. 

I have some smart groups setup to show who has the old AV installed, and a new smart group for who has the New AV installed.

Trying to find the easiest way when i add someone to the policy to remove the old, once its done it moves (or adds them) to the installer for the new.  

ljcacioppo
Contributor III

I'm not sure if there's a reason this wouldn't work with your AV products, but to me, it sounds like the approach I would take would be making a policy to remove the old AV, and include a files and processes payload using the Execute Command section to call the install of the new AV product by custom trigger (like the image below). As long as you have the new AV with that custom trigger, it should run that after the initial uninstall and without the use of receipts or additional smart groups.

Now if there's a reason this won't work, I would use the same execute command to touch a hidden file or something that an Extension Attribute could then check for.

Screen Shot 2022-02-21 at 2.39.57 PM.png

I didnt even think custom events.... this might work!

Edit.... maybe not... there is configuration profiles on top of the that go along with the policy package

matherton
New Contributor

I guess i could scope the policies to the groups in the way of....

Remove AV Scope - Smart group showing X.app installed

Install New AV - Smart group showing X.app not installed