Help

Re-Scoping all the policies to a new Department

Go to solution
johnjohn
New Contributor II

Posted on ‎10-26-2023 10:04 AM

We've decided to move our scoped policies and conf. profiles to smartgroups, as we realized this will save a lot of work in the long run. I don't seem to find an efficient way to do this, at the moment i have to go through every single policy and conf profile and change the scope manually, which isn't even the bad part, the worse is that i can't find a way to list all the policies scoped to one department.

When the policy is scoped to a few departments, it can't be found anymore in the search, it shows "2 computer groups, 2 departments" or something like that and that excludes the keyword from the search.

Any help/ideas would be highly appreciated.

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
mdp
Contributor

Posted on ‎11-22-2023 09:03 AM

Hi johnjohn -- 

If you're looking to do this via the API, here's some Python code that'll list all the policies and configuration profiles scoped to a particular department:

https://github.com/MatthewPrins/Jamf/blob/main/Policies_Profiles_Department.py

---
Matthew Prins -- Jamf Scripts @ Github

View solution in original post

Reply
5 REPLIES 5

Go to solution
bigben54
New Contributor III

‎10-26-2023 03:06 PM - edited ‎10-26-2023 03:07 PM

Like most everything with Jamf, there are a lot of ways to climb a tree, but here's one idea - you could add something to the policy that was a marker.

 

A one liner like this in the files and processes/execute command field (obviously change the policy name to something meaningful).

bigben54_2-1698357756019.png

 

 

touch /Library/Application\ Support/JAMF/policyxxx

 

 

 

Then create an extension attribute script that looks for that and returns a result you can search against.

bigben54_0-1698356910451.png

 

 

#!/bin/bash
printf '<result>'
if [[ -f /Library/Application\ Support/JAMF/policyxxx ]];then
    printf 'policyxxx'
fi
printf '</result>'

 

 

Then use a smart group or a saved advanced search based on department and the extension attribute having that marker.

bigben54_1-1698357540436.png

Or you could for instance create a group that didn't thave that marker and use it to run the policy... so many ways to extend it.

 

And if I can give you a tip on the re-scoping... in short, use the APIs. ;)

 

Reply

Go to solution
johnjohn
New Contributor II

Posted on ‎11-07-2023 04:15 AM

This seems like an extraordinary amount of work. And i don't even completely understand what it does, but to set this ext att to every policy would take me hours.

I will have a look into the API.

I am still convinced there must be an easier way to show all the policies scoped for one Department. thank you nevertheless.

 

0 Kudos
Reply

Go to solution
mdp
Contributor

Posted on ‎11-22-2023 09:03 AM

Hi johnjohn -- 

If you're looking to do this via the API, here's some Python code that'll list all the policies and configuration profiles scoped to a particular department:

https://github.com/MatthewPrins/Jamf/blob/main/Policies_Profiles_Department.py

---
Matthew Prins -- Jamf Scripts @ Github
Reply

Go to solution
johnjohn
New Contributor II
In response to mdp

Posted on ‎12-06-2023 04:19 PM

This is pretty much what i was looking for and i can confirm it works. And as a bonus there's a bunch of other really useful scripts in that library

Reply

Go to solution
mdp
Contributor
In response to johnjohn

Posted on ‎12-07-2023 05:50 AM

Glad it worked for your situation!

---
Matthew Prins -- Jamf Scripts @ Github
0 Kudos
Reply