Scheduling options for Smart group membership?

macservit
New Contributor III

Has anyone ever had luck using a smart group to change a device state based on time of day?

For example, create a smart group that has app restrictions and move devices in and out of that group based on a recurring schedule.

 

1 ACCEPTED SOLUTION

AJPinto
Honored Contributor III

I can think of a few ways, but they would all be very sloppy and not incredibly time accurate or would need extra servers/applications. 

 

All Jamf and device workflow:

Workflow: 7pm daemon runs dropping the file and running a recon. Jamf sees the file and adds the Mac to a collection which targets the device with the configuration profile (or untargets). 7am hits and the second daemon run removing the file and running a recon. Jamf sees the file is missing and untargets the device with the configuration profile (or targets).

  • Make a launch daemon that runs at a given time to place a file on the device and run a recon.
  • Extension Attribute to see that files exists
  • Smart Group that collects computers where that file exists.
  • Target the Configuration Profile at that smart group.
  • A second launch daemon deletes the file at a specified time.

Thoughts: This is really sloppy and could go wrong in many ways and only works for macOS.

 

Entirely Server-Side Workflow:

You would need another Server or Application that is time aware. The Server would run a script that uses Jamf API to change group collections around, or directly changes the scope of the Configuration Profiles.

Thoughts: This would be far more reliable and would lean on Windows Task Scheduler on a server and is a single point of failure rather than needing to keep up on what a fleet of devices may or may not be doing.

View solution in original post

2 REPLIES 2

AJPinto
Honored Contributor III

I can think of a few ways, but they would all be very sloppy and not incredibly time accurate or would need extra servers/applications. 

 

All Jamf and device workflow:

Workflow: 7pm daemon runs dropping the file and running a recon. Jamf sees the file and adds the Mac to a collection which targets the device with the configuration profile (or untargets). 7am hits and the second daemon run removing the file and running a recon. Jamf sees the file is missing and untargets the device with the configuration profile (or targets).

  • Make a launch daemon that runs at a given time to place a file on the device and run a recon.
  • Extension Attribute to see that files exists
  • Smart Group that collects computers where that file exists.
  • Target the Configuration Profile at that smart group.
  • A second launch daemon deletes the file at a specified time.

Thoughts: This is really sloppy and could go wrong in many ways and only works for macOS.

 

Entirely Server-Side Workflow:

You would need another Server or Application that is time aware. The Server would run a script that uses Jamf API to change group collections around, or directly changes the scope of the Configuration Profiles.

Thoughts: This would be far more reliable and would lean on Windows Task Scheduler on a server and is a single point of failure rather than needing to keep up on what a fleet of devices may or may not be doing.

macservit
New Contributor III

Thanks for this. I was afraid that an API solution might be the only reliable choice, but I was hoping maybe I had missed some obscure time-based criteria in the Smart Group setup options. ;-)