Script check to see if configuration profile is installed

You could use "Smart Groups" to determine if the machine has the configuration profile installed

Oh thanks! I was trying something similar but trying to check if the value returned as successful or not. FYI, you might want to edit the line to include the closing back tick =)

@Quan.nong Smart groups take time to populate and cause overhead. For our purposes, this is a script that gets run very soon after enrollment so we needed a check in the policy itself.

Thanks!

To expand further, I'm looping the check a few times so it's not indefinite but I want it to quit if it hits the the number of times I set. How would I do this. Right now I have:

profiles=profiles -C -v | awk -F: '/attribute: name/{print $NF}' | grep "$4" n=0 while [ "$profiles" != "$4" ] && [[ $n -lt 3 ]]; do echo "Profile does not exist" && sleep 3; n=$((n+1)) done echo "Profile exists" exit 0

What I want to do is if the counter hits 3 (in this example) to exit out rather than continuing on.

@Bko I think I'm going to copy and modify your script a bit. You can accomplish what you want with a different exit code. The block above will always exit 0 if you add another if statement in your loop you can set a condition of failure.

I need to test this but some of my software isn't installing correctly due to the kernel extension profile installing after the installation policy executes.

#!/bin/sh
profiles=`profiles -C -v | awk -F: '/attribute: name/{print $NF}' | grep "$4"`
timelimit=600
time=0
while [ "$profiles" != "$4" ] && [[ $time -lt $timelimit ]]; do
    echo "Profile does not exist, waiting one minute..." && sleep 60; time=$((time+60))
    if [ $time == $timelimit ]; then
        echo "The profile was not installed within the time limit"
        exit 1
    fi
done
    echo "Profile exists"
    jamf policy -event some-dep-policy
exit 0

I want to check if configuration profile of ATP defender has installed on devices which I scope. As I have scope around 40+ Mac devices but in that some of the devices showing inactive or no sensor data status in ATP defender portal.
Pls can someone help me here?

I am a bit puzzled about the need to check this with scripts. If the profile comes from the MDM, the MDM knows about it. For the policies where I need a profile before I can install a PKG via Self-Service (usually apps that require a kernel extension), I use the following logic to make sure the profile is installed before going further :

• Policy in Self-Service creates a file that acts as a flag and runs a recon to inform MDM about existence
• Policy is Self-Service that informs user that his request is being handled (to avoid user confusion)
• Config Profile that installs the needed profile to devices that have this flag
• Policy that installs package to the nodes that have the profile installed

I never manually check for the profile.

If you need to pause in the middle of an uninstall script until certain profiles are gone (like say... while removing a security agent with multiple system extensions - which led me here, lol), it can be useful.