- Jamf Nation Community
- Products
- Jamf Pro
- Script check to see if configuration profile is in...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-11-2018 02:59 PM
Hello,
I want to check to see if a configuration profile has come down and been installed before I proceed with a script in self service. I know I can list the configuration profiles using the "profiles" command but I'm not sure how to check if a profile has come down and proceed if it has and wait x amount of time if it hasn't.
Any help would be appreciated.
Thank you!
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-12-2018 12:45 AM
This is what we do via $4 in Jamf Pro to check for the profile.
#!/bin/sh profiles=`profiles -C -v | awk -F: '/attribute: name/{print $NF}' | grep "$4" if [ "$profiles" == " $4" ]; then echo "Profile exists" else echo "Profile does not exists" fi exit 0
If you need this to pause, well then I would create a loop to check this.
Reply
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-12-2018 12:45 AM
This is what we do via $4 in Jamf Pro to check for the profile.
#!/bin/sh profiles=`profiles -C -v | awk -F: '/attribute: name/{print $NF}' | grep "$4" if [ "$profiles" == " $4" ]; then echo "Profile exists" else echo "Profile does not exists" fi exit 0
If you need this to pause, well then I would create a loop to check this.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-12-2018 01:55 AM
You could use "Smart Groups" to determine if the machine has the configuration profile installed
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-12-2018 04:11 PM
Oh thanks! I was trying something similar but trying to check if the value returned as successful or not. FYI, you might want to edit the line to include the closing back tick =)
@Quan.nong Smart groups take time to populate and cause overhead. For our purposes, this is a script that gets run very soon after enrollment so we needed a check in the policy itself.
Thanks!
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-12-2018 05:10 PM
To expand further, I'm looping the check a few times so it's not indefinite but I want it to quit if it hits the the number of times I set. How would I do this. Right now I have:
profiles=profiles -C -v | awk -F: '/attribute: name/{print $NF}' | grep "$4"
n=0
while [ "$profiles" != "$4" ] && [[ $n -lt 3 ]]; do
echo "Profile does not exist" && sleep 3; n=$((n+1))
done
echo "Profile exists"
exit 0
What I want to do is if the counter hits 3 (in this example) to exit out rather than continuing on.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-10-2018 01:39 PM
@Bko I think I'm going to copy and modify your script a bit. You can accomplish what you want with a different exit code. The block above will always exit 0 if you add another if statement in your loop you can set a condition of failure.
I need to test this but some of my software isn't installing correctly due to the kernel extension profile installing after the installation policy executes.
#!/bin/sh
profiles=`profiles -C -v | awk -F: '/attribute: name/{print $NF}' | grep "$4"`
timelimit=600
time=0
while [ "$profiles" != "$4" ] && [[ $time -lt $timelimit ]]; do
echo "Profile does not exist, waiting one minute..." && sleep 60; time=$((time+60))
if [ $time == $timelimit ]; then
echo "The profile was not installed within the time limit"
exit 1
fi
done
echo "Profile exists"
jamf policy -event some-dep-policy
exit 0
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2020 11:21 PM
I want to check if configuration profile of ATP defender has installed on devices which I scope. As I have scope around 40+ Mac devices but in that some of the devices showing inactive or no sensor data status in ATP defender portal.
Pls can someone help me here?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-16-2020 04:15 AM
I am a bit puzzled about the need to check this with scripts. If the profile comes from the MDM, the MDM knows about it. For the policies where I need a profile before I can install a PKG via Self-Service (usually apps that require a kernel extension), I use the following logic to make sure the profile is installed before going further :
- Policy in Self-Service creates a file that acts as a flag and runs a recon to inform MDM about existence
- Policy is Self-Service that informs user that his request is being handled (to avoid user confusion)
- Config Profile that installs the needed profile to devices that have this flag
- Policy that installs package to the nodes that have the profile installed
I never manually check for the profile.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-22-2022 04:24 PM
If you need to pause in the middle of an uninstall script until certain profiles are gone (like say... while removing a security agent with multiple system extensions - which led me here, lol), it can be useful.
Reply
