Skip to main content
Solved

Script check to see if configuration profile is installed

  • September 11, 2018
  • 8 replies
  • 3 views

Forum|alt.badge.img+8
  • New Contributor
  • 6 replies

Hello,

I want to check to see if a configuration profile has come down and been installed before I proceed with a script in self service. I know I can list the configuration profiles using the "profiles" command but I'm not sure how to check if a profile has come down and proceed if it has and wait x amount of time if it hasn't.

Any help would be appreciated.

Thank you!

Best answer by maiksanftenberg

This is what we do via $4 in Jamf Pro to check for the profile.

#!/bin/sh profiles=`profiles -C -v | awk -F: '/attribute: name/{print $NF}' | grep "$4" if [ "$profiles" == " $4" ]; then echo "Profile exists" else echo "Profile does not exists" fi exit 0

If you need this to pause, well then I would create a loop to check this.

View original
Did this topic help you find an answer to your question?

8 replies

Forum|alt.badge.img+9
  • Valued Contributor
  • 99 replies
  • Answer
  • September 12, 2018

This is what we do via $4 in Jamf Pro to check for the profile.

#!/bin/sh profiles=`profiles -C -v | awk -F: '/attribute: name/{print $NF}' | grep "$4" if [ "$profiles" == " $4" ]; then echo "Profile exists" else echo "Profile does not exists" fi exit 0

If you need this to pause, well then I would create a loop to check this.


Forum|alt.badge.img+8
  • Contributor
  • 44 replies
  • September 12, 2018

You could use "Smart Groups" to determine if the machine has the configuration profile installed


Forum|alt.badge.img+8
  • Author
  • New Contributor
  • 6 replies
  • September 12, 2018

Oh thanks! I was trying something similar but trying to check if the value returned as successful or not. FYI, you might want to edit the line to include the closing back tick =)

@Quan.nong Smart groups take time to populate and cause overhead. For our purposes, this is a script that gets run very soon after enrollment so we needed a check in the policy itself.

Thanks!


Forum|alt.badge.img+8
  • Author
  • New Contributor
  • 6 replies
  • September 13, 2018

To expand further, I'm looping the check a few times so it's not indefinite but I want it to quit if it hits the the number of times I set. How would I do this. Right now I have:

profiles=profiles -C -v | awk -F: '/attribute: name/{print $NF}' | grep "$4" n=0 while [ "$profiles" != "$4" ] && [[ $n -lt 3 ]]; do echo "Profile does not exist" && sleep 3; n=$((n+1)) done echo "Profile exists" exit 0

What I want to do is if the counter hits 3 (in this example) to exit out rather than continuing on.


Forum|alt.badge.img+3
  • New Contributor
  • 9 replies
  • October 10, 2018

@Bko I think I'm going to copy and modify your script a bit. You can accomplish what you want with a different exit code. The block above will always exit 0 if you add another if statement in your loop you can set a condition of failure.

I need to test this but some of my software isn't installing correctly due to the kernel extension profile installing after the installation policy executes.

#!/bin/sh
profiles=`profiles -C -v | awk -F: '/attribute: name/{print $NF}' | grep "$4"`
timelimit=600
time=0
while [ "$profiles" != "$4" ] && [[ $time -lt $timelimit ]]; do
    echo "Profile does not exist, waiting one minute..." && sleep 60; time=$((time+60))
    if [ $time == $timelimit ]; then
        echo "The profile was not installed within the time limit"
        exit 1
    fi
done
    echo "Profile exists"
    jamf policy -event some-dep-policy
exit 0

Forum|alt.badge.img
  • New Contributor
  • 1 reply
  • January 16, 2020

I want to check if configuration profile of ATP defender has installed on devices which I scope. As I have scope around 40+ Mac devices but in that some of the devices showing inactive or no sensor data status in ATP defender portal.
Pls can someone help me here?


Forum|alt.badge.img+12
  • Valued Contributor
  • 359 replies
  • January 16, 2020

I am a bit puzzled about the need to check this with scripts. If the profile comes from the MDM, the MDM knows about it. For the policies where I need a profile before I can install a PKG via Self-Service (usually apps that require a kernel extension), I use the following logic to make sure the profile is installed before going further :

  • Policy in Self-Service creates a file that acts as a flag and runs a recon to inform MDM about existence
  • Policy is Self-Service that informs user that his request is being handled (to avoid user confusion)
  • Config Profile that installs the needed profile to devices that have this flag
  • Policy that installs package to the nodes that have the profile installed

I never manually check for the profile.


markopolo
Forum|alt.badge.img+8
  • Contributor
  • 57 replies
  • February 23, 2022
mschroder wrote:

I am a bit puzzled about the need to check this with scripts. If the profile comes from the MDM, the MDM knows about it. For the policies where I need a profile before I can install a PKG via Self-Service (usually apps that require a kernel extension), I use the following logic to make sure the profile is installed before going further :

  • Policy in Self-Service creates a file that acts as a flag and runs a recon to inform MDM about existence
  • Policy is Self-Service that informs user that his request is being handled (to avoid user confusion)
  • Config Profile that installs the needed profile to devices that have this flag
  • Policy that installs package to the nodes that have the profile installed

I never manually check for the profile.


If you need to pause in the middle of an uninstall script until certain profiles are gone (like say... while removing a security agent with multiple system extensions - which led me here, lol), it can be useful.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings