Jamf Nation Community

cainehorr · ‎09-20-2018

I like to automate "All The Things". In order to do that, certain pieces of data need to be collected so as to make informed, logical decisions.

Part of my NoMAD rollout requires me to streamline my deployment process. In order to do that, I need to know which machines have a certain version of NoMAD Login+ and NoMAD Pro so I can install and update/upgrade accordingly.

I have written 5 unique Jamf Extension Attributes that provide me with the details I need in order to create a fully automated deployment and update/upgrade lifecycle for NoMAD Login+ and NoMAD Pro.

Once the Jamf Extension Attributes are properly configured, each device record, upon inventory collection (ie Recon), will provide the following details:

These details can be scoped against within Smart Groups, Advanced Searches, etc.

Without further ado, I give you my extension attributes in XML format, so you can upload directly into your Jamf instance.

NoMAD Login Installation Status.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Login Installation Status</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to acquire NoMAD Login+ Installation Status&#13;
# NoMAD_Login_Installation_Status.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-09-20&#13;
&#13;
if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then&#13;
  /bin/echo "&lt;result&gt;True&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;False&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit&#13;
</scriptContentsMac>
</extensionAttribute>

NoMAD Login Product Info.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Login Product Info</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to aquire NoMAD Login+ Product Info&#13;
# NoMAD_Login_Product_Info.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-09-20&#13;
&#13;
if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then&#13;
  productInfo=`/usr/bin/plutil -p /Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle/Contents/Info.plist | /usr/bin/grep -i "CFBundleExecutable" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`&#13;
  /bin/echo "&lt;result&gt;$productInfo&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;N/A&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit&#13;
</scriptContentsMac>
</extensionAttribute>

NoMAD Login Version.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Login Version</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to aquire NoMAD Login+ Version&#13;
# NoMAD_Login_Version.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-09-20&#13;
&#13;
if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then&#13;
  version=`/usr/bin/plutil -p /Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle/Contents/Info.plist | /usr/bin/grep -i "CFBundleShortVersionString" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`&#13;
  /bin/echo "&lt;result&gt;$version&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;N/A&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit&#13;
</scriptContentsMac>
</extensionAttribute>

NoMAD Pro Installation Status.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Pro Installation Status</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to acquire NoMAD Pro Installation Status&#13;
# NoMAD_Pro_Installation_Status.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-06-04&#13;
&#13;
if [ -e "/Applications/NoMAD Pro.app" ]; then&#13;
  /bin/echo "&lt;result&gt;True&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;False&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit&#13;
</scriptContentsMac>
</extensionAttribute>

NoMAD Pro Version.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Pro Version</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to aquire NoMAD Pro Version&#13;
# NoMAD_Pro_Version.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-09-20&#13;
&#13;
if [ -e "/Applications/NoMAD Pro.app" ]; then&#13;
  version=`/usr/bin/plutil -p /Applications/NoMAD Pro.app/Contents/Info.plist | /usr/bin/grep -i "CFBundleShortVersionString" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`&#13;
  /bin/echo "&lt;result&gt;$version&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;N/A&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit</scriptContentsMac>
</extensionAttribute>

Enjoy!

For those who would just prefer the raw shell scripts without all the crazy Jamf Pro Extension Attribute xml markup, here you go...

NoMAD_Login_Installation_Status.sh

#!/bin/bash

# Jamf Extension Attribute to acquire NoMAD Login+ Installation Status
# NoMAD_Login_Installation_Status.sh

# Written by Caine Hörr
# Written on 2018-09-20

if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then
  /bin/echo "<result>True</result>"
else
  /bin/echo "<result>False</result>"
fi

exit

NoMAD_Login_Product_Info.sh

#!/bin/bash

# Jamf Extension Attribute to aquire NoMAD Login+ Product Info
# NoMAD_Login_Product_Info.sh

# Written by Caine Hörr
# Written on 2018-09-20

if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then
  productInfo=`/usr/bin/plutil -p /Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle/Contents/Info.plist | /usr/bin/grep -i "CFBundleExecutable" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`
  /bin/echo "<result>$productInfo</result>"
else
  /bin/echo "<result>N/A</result>"
fi

exit

NoMAD_Login_Version.sh

#!/bin/bash

# Jamf Extension Attribute to aquire NoMAD Login+ Version
# NoMAD_Login_Version.sh

# Written by Caine Hörr
# Written on 2018-09-20

if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then
  version=`/usr/bin/plutil -p /Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle/Contents/Info.plist | /usr/bin/grep -i "CFBundleShortVersionString" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`
  /bin/echo "<result>$version</result>"
else
  /bin/echo "<result>N/A</result>"
fi

exit

NoMAD_Pro_Installation_Status.sh

#!/bin/bash

# Jamf Extension Attribute to acquire NoMAD Pro Installation Status
# NoMAD_Pro_Installation_Status.sh

# Written by Caine Hörr
# Written on 2018-06-04

if [ -e "/Applications/NoMAD Pro.app" ]; then
  /bin/echo "<result>True</result>"
else
  /bin/echo "<result>False</result>"
fi

exit

NoMAD_Pro_Version.sh

#!/bin/bash

# Jamf Extension Attribute to aquire NoMAD Pro Version
# NoMAD_Pro_Version.sh

# Written by Caine Hörr
# Written on 2018-09-20

if [ -e "/Applications/NoMAD Pro.app" ]; then
  version=`/usr/bin/plutil -p /Applications/NoMAD Pro.app/Contents/Info.plist | /usr/bin/grep -i "CFBundleShortVersionString" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`
  /bin/echo "<result>$version</result>"
else
  /bin/echo "<result>N/A</result>"
fi

exit

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

cainehorr · ‎09-20-2018

PS - Thanks to @mactroll and @macshome for all their help with the "little things" that led me to write these scripts / Jamf Extension Attributes.

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

nstrauss · ‎09-20-2018

@cainehorr Thanks for sharing. Don't you already get NoMAD.app and NoMAD Pro.app versions from regular inventory collection? Apps with standard version info using CFBundleShortVersionString should be reported correctly to a device's applications list.

For NoMADLogin.bundle I wonder if adding /Library/Security/SecurityAgentPlugins/ to Computer Management > Inventory Collection > Plug-ins would pull information or if it only searches for things ending in certain file extensions.

cainehorr · ‎09-20-2018

@nstrauss - You are correct regarding apps in /Applications...

My EA for NoMAD Pro is superfluous!

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

cainehorr · ‎09-20-2018

@nstrauss - I added /Library/Security/SecurityAgentPlugins/ to Jamf's inventory collection settings, ran a manage and a recon... nothing... So I'm guessing that Jamf is looking for the ".app" extension.

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

steveevans · ‎10-05-2018

Thanks for these Caine!! Very helpful to keep track of the NoMAD components.
Cheers!

GlobalHealingCe · ‎01-04-2019

Thanks for these Caine!

zachary_fisher · ‎01-04-2019

Thought I'd add one I use which detects if Local/IDP Password has been synced.

With this, you can force a Nomad/JAMF Connect popup screen to have them signin / sync.

#!/bin/sh
currentUser=$(stat -f%Su /dev/console)
passwordExists=$(defaults read /Users/$currentUser/Library/Preferences/menu.nomad.NoMADPro.plist PasswordCurrent)
if [ "$passwordExists" = 1 ];then
    echo "<result>Password Synced</result>"
    else
        echo "<result>Password not Synced</result>"
    fi

thomH · ‎03-26-2019

@nstrauss

For NoMADLogin.bundle I wonder if adding /Library/Security/SecurityAgentPlugins/ to Computer Management > Inventory Collection > Plug-ins would pull information or if it only searches for things ending in certain file extensions.

I added /Library/Security/SecurityAgentPlugins/NoMADLoginAD.bundle as a plugin and my smart group is succesfully counting Plug-In Title.

mtward · ‎03-26-2019

@cainehorr, @nstrauss How are you handling macOS point releases/major releases with NoLoAD and/or NoMAD installed? what does the Product Info EA assist you with? Thanks!

cainehorr · ‎03-27-2019

Unfortunately, we have pulled the plug on all things NoMAD. I have no further contributions to make at this time regarding this product.

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

nstrauss · ‎03-27-2019

@piagetblix That does work! Thank you.

With plug-in data available it's possible to make a smart group for reporting. Can then install the latest version on clients that need it.

sdamiano · ‎01-08-2020

Sorry to Necropost but I want to amend @zachary.fisher 's EA above for Jamf Connect Sync.

#!/bin/bash

#### Extension Attribute To Check If Jamf Connect Sync Is Signed In

currentUser=$(stat -f%Su /dev/console)
SignedIn=$(defaults read /Users/$currentUser/Library/Preferences/com.jamf.connect.sync.plist PasswordCurrent)
if [ "$SignedIn" = 1 ];then
    echo "<result>Password Synced</result>"
    else
        echo "<result>Password not Synced</result>"
    fi

pmac789 · ‎03-08-2022

HI @sdamiano ,

do you have to create a smart for it after adding this to the EA? is so, what criteria did you include in the smart group?

Jamf Nation Community

NoMAD Login+ and NoMAD Pro Jamf Extension Attributes