NoMAD Login+ and NoMAD Pro Jamf Extension Attributes

cainehorr
Contributor III

I like to automate "All The Things". In order to do that, certain pieces of data need to be collected so as to make informed, logical decisions.

Part of my NoMAD rollout requires me to streamline my deployment process. In order to do that, I need to know which machines have a certain version of NoMAD Login+ and NoMAD Pro so I can install and update/upgrade accordingly.

I have written 5 unique Jamf Extension Attributes that provide me with the details I need in order to create a fully automated deployment and update/upgrade lifecycle for NoMAD Login+ and NoMAD Pro.

Once the Jamf Extension Attributes are properly configured, each device record, upon inventory collection (ie Recon), will provide the following details:

c8479d56145d4f39b5c8eaeb5fd92e65

These details can be scoped against within Smart Groups, Advanced Searches, etc.

Without further ado, I give you my extension attributes in XML format, so you can upload directly into your Jamf instance.

NoMAD Login Installation Status.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Login Installation Status</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to acquire NoMAD Login+ Installation Status&#13;
# NoMAD_Login_Installation_Status.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-09-20&#13;
&#13;
if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then&#13;
  /bin/echo "&lt;result&gt;True&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;False&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit&#13;
</scriptContentsMac>
</extensionAttribute>

NoMAD Login Product Info.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Login Product Info</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to aquire NoMAD Login+ Product Info&#13;
# NoMAD_Login_Product_Info.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-09-20&#13;
&#13;
if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then&#13;
  productInfo=`/usr/bin/plutil -p /Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle/Contents/Info.plist | /usr/bin/grep -i "CFBundleExecutable" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`&#13;
  /bin/echo "&lt;result&gt;$productInfo&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;N/A&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit&#13;
</scriptContentsMac>
</extensionAttribute>

NoMAD Login Version.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Login Version</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to aquire NoMAD Login+ Version&#13;
# NoMAD_Login_Version.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-09-20&#13;
&#13;
if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then&#13;
  version=`/usr/bin/plutil -p /Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle/Contents/Info.plist | /usr/bin/grep -i "CFBundleShortVersionString" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`&#13;
  /bin/echo "&lt;result&gt;$version&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;N/A&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit&#13;
</scriptContentsMac>
</extensionAttribute>

NoMAD Pro Installation Status.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Pro Installation Status</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to acquire NoMAD Pro Installation Status&#13;
# NoMAD_Pro_Installation_Status.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-06-04&#13;
&#13;
if [ -e "/Applications/NoMAD Pro.app" ]; then&#13;
  /bin/echo "&lt;result&gt;True&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;False&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit&#13;
</scriptContentsMac>
</extensionAttribute>

NoMAD Pro Version.xml

<?xml version="1.0" encoding="UTF-8"?><extensionAttribute>
<displayName>NoMAD Pro Version</displayName>
<description/>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
# Jamf Extension Attribute to aquire NoMAD Pro Version&#13;
# NoMAD_Pro_Version.sh&#13;
&#13;
# Written by Caine Hörr&#13;
# Written on 2018-09-20&#13;
&#13;
if [ -e "/Applications/NoMAD Pro.app" ]; then&#13;
  version=`/usr/bin/plutil -p /Applications/NoMAD Pro.app/Contents/Info.plist | /usr/bin/grep -i "CFBundleShortVersionString" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`&#13;
  /bin/echo "&lt;result&gt;$version&lt;/result&gt;"&#13;
else&#13;
  /bin/echo "&lt;result&gt;N/A&lt;/result&gt;"&#13;
fi&#13;
&#13;
exit</scriptContentsMac>
</extensionAttribute>

Enjoy!

For those who would just prefer the raw shell scripts without all the crazy Jamf Pro Extension Attribute xml markup, here you go...

NoMAD_Login_Installation_Status.sh

#!/bin/bash

# Jamf Extension Attribute to acquire NoMAD Login+ Installation Status
# NoMAD_Login_Installation_Status.sh

# Written by Caine Hörr
# Written on 2018-09-20

if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then
  /bin/echo "<result>True</result>"
else
  /bin/echo "<result>False</result>"
fi

exit

NoMAD_Login_Product_Info.sh

#!/bin/bash

# Jamf Extension Attribute to aquire NoMAD Login+ Product Info
# NoMAD_Login_Product_Info.sh

# Written by Caine Hörr
# Written on 2018-09-20

if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then
  productInfo=`/usr/bin/plutil -p /Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle/Contents/Info.plist | /usr/bin/grep -i "CFBundleExecutable" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`
  /bin/echo "<result>$productInfo</result>"
else
  /bin/echo "<result>N/A</result>"
fi

exit

NoMAD_Login_Version.sh

#!/bin/bash

# Jamf Extension Attribute to aquire NoMAD Login+ Version
# NoMAD_Login_Version.sh

# Written by Caine Hörr
# Written on 2018-09-20

if [ -e "/Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle" ]; then
  version=`/usr/bin/plutil -p /Library/Security/SecurityAgentPlugins/NoMADLoginOkta.bundle/Contents/Info.plist | /usr/bin/grep -i "CFBundleShortVersionString" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`
  /bin/echo "<result>$version</result>"
else
  /bin/echo "<result>N/A</result>"
fi

exit

NoMAD_Pro_Installation_Status.sh

#!/bin/bash

# Jamf Extension Attribute to acquire NoMAD Pro Installation Status
# NoMAD_Pro_Installation_Status.sh

# Written by Caine Hörr
# Written on 2018-06-04

if [ -e "/Applications/NoMAD Pro.app" ]; then
  /bin/echo "<result>True</result>"
else
  /bin/echo "<result>False</result>"
fi

exit

NoMAD_Pro_Version.sh

#!/bin/bash

# Jamf Extension Attribute to aquire NoMAD Pro Version
# NoMAD_Pro_Version.sh

# Written by Caine Hörr
# Written on 2018-09-20

if [ -e "/Applications/NoMAD Pro.app" ]; then
  version=`/usr/bin/plutil -p /Applications/NoMAD Pro.app/Contents/Info.plist | /usr/bin/grep -i "CFBundleShortVersionString" | /usr/bin/awk '{ print $3 }' | /usr/bin/tr -d '"'`
  /bin/echo "<result>$version</result>"
else
  /bin/echo "<result>N/A</result>"
fi

exit
13 REPLIES 13

cainehorr
Contributor III

PS - Thanks to @mactroll and @macshome for all their help with the "little things" that led me to write these scripts / Jamf Extension Attributes.

nstrauss
Contributor II

@cainehorr Thanks for sharing. Don't you already get NoMAD.app and NoMAD Pro.app versions from regular inventory collection? Apps with standard version info using CFBundleShortVersionString should be reported correctly to a device's applications list.

For NoMADLogin.bundle I wonder if adding /Library/Security/SecurityAgentPlugins/ to Computer Management > Inventory Collection > Plug-ins would pull information or if it only searches for things ending in certain file extensions.

cainehorr
Contributor III

@nstrauss - You are correct regarding apps in /Applications...

0dda376649db4d74a879f0100f257d17

My EA for NoMAD Pro is superfluous!

cainehorr
Contributor III

@nstrauss - I added /Library/Security/SecurityAgentPlugins/ to Jamf's inventory collection settings, ran a manage and a recon... nothing... So I'm guessing that Jamf is looking for the ".app" extension.

steveevans
New Contributor II

Thanks for these Caine!! Very helpful to keep track of the NoMAD components.
Cheers!

GlobalHealingCe
New Contributor II

Thanks for these Caine!

zachary_fisher
New Contributor III

Thought I'd add one I use which detects if Local/IDP Password has been synced.

With this, you can force a Nomad/JAMF Connect popup screen to have them signin / sync.

#!/bin/sh
currentUser=$(stat -f%Su /dev/console)
passwordExists=$(defaults read /Users/$currentUser/Library/Preferences/menu.nomad.NoMADPro.plist PasswordCurrent)
if [ "$passwordExists" = 1 ];then
    echo "<result>Password Synced</result>"
    else
        echo "<result>Password not Synced</result>"
    fi

thomH
New Contributor III

@nstrauss

For NoMADLogin.bundle I wonder if adding /Library/Security/SecurityAgentPlugins/ to Computer Management > Inventory Collection > Plug-ins would pull information or if it only searches for things ending in certain file extensions.

I added /Library/Security/SecurityAgentPlugins/NoMADLoginAD.bundle as a plugin and my smart group is succesfully counting Plug-In Title.

mtward
New Contributor III

@cainehorr, @nstrauss How are you handling macOS point releases/major releases with NoLoAD and/or NoMAD installed? what does the Product Info EA assist you with? Thanks!

cainehorr
Contributor III

Unfortunately, we have pulled the plug on all things NoMAD. I have no further contributions to make at this time regarding this product.

nstrauss
Contributor II

@piagetblix That does work! Thank you.

With plug-in data available it's possible to make a smart group for reporting. Can then install the latest version on clients that need it.

sdamiano
Contributor II

Sorry to Necropost but I want to amend @zachary.fisher 's EA above for Jamf Connect Sync.

#!/bin/bash

#### Extension Attribute To Check If Jamf Connect Sync Is Signed In

currentUser=$(stat -f%Su /dev/console)
SignedIn=$(defaults read /Users/$currentUser/Library/Preferences/com.jamf.connect.sync.plist PasswordCurrent)
if [ "$SignedIn" = 1 ];then
    echo "<result>Password Synced</result>"
    else
        echo "<result>Password not Synced</result>"
    fi

HI @sdamiano ,

do you have to create a smart for it after adding this to the EA? is so, what criteria did you include in the smart group?