- Jamf Nation Community
- Products
- Jamf Pro
- Smart Computer Group that is based on configuratio...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-12-2021 09:27 AM
I am in the process of installing Sophos using a policy. Sophos has several PPPCs, and Kernels that need to be put in place. These are being pushed by a configuration profile.
I do not want the install of sophos to happen before the configuration policy is on the system, yet I do not see any option when creating a smart computer group to determine if the configuration policy has been applied. How do I verify the policy is in place before the install?
Thanks in advance for your help!
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-12-2021 09:57 AM
Profile Identifier is in the built in Smart group criteria, all you need is that ID number of the profile and you can create a a smart group based on it... : ) and you can get that ID in the computer record under Profiles... no coding needed
Reply
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2021 09:31 AM - edited 10-12-2021 09:32 AM
You could build an EA that looks for the presence of your PPPC profile. The following command will list profiles:
/usr/bin/profiles -P
You can then grep for the profile in question and conditionally set the result to INSTALLED or NOT INSTALLED as appropriate.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-12-2021 09:57 AM
Profile Identifier is in the built in Smart group criteria, all you need is that ID number of the profile and you can create a a smart group based on it... : ) and you can get that ID in the computer record under Profiles... no coding needed
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-12-2021 10:14 AM
That's a better solution. 🙂
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-12-2021 11:34 AM
@gachowski Profile Name is also an available Smart Group Criteria, and might be more maintainable/recognizable than Profile Identifier
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-12-2021 12:45 PM
Thank you all very much for your replies!
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-13-2021 09:33 AM
Another way you can implement this is by using a two step policy method that caches the installer on the machine, then subsequently does the install.
The basic steps are:
1. Create a smart group based on the Sophos installer package being cached on the system. Create another smart group based on the Sophos application being on the system.
2. Set the scope of the Sophos related config profile(s) to BOTH of the new smart groups.
3. Create an on-going policy that caches the Sophos package on the system and scope it all machines (or a small subset for testing) and exclude the new cached smart group. Make sure the policy runs a recon (via file & processes per this DerFlounder blog post )
4. Create an on-going policy that installs the Sophos package on the system and scope it to the cached smart group and excludes the installed smart group. Make sure the policy runs a recon (via file & processes)
The first policy will cache the installer to the machines and should ensure the configuration profiles get installed as well. During the next check-in cycle the machine will perform the installation with the config profiles in place. If the user unintentionally or purposely removes the Sophos application the two policies together will direct the machine to reinstall it depending on how often your machines typically run a recon.
--
Howard Griffith--Endpoint Systems Engineer--Eastern Washington University
Howard Griffith--Endpoint Systems Engineer--Eastern Washington University
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-17-2023 01:15 AM
Hi Guys
someone an idea how to find on MacOS Ventura the profile identifier for an config profile? Its no more visible under the profiles in system preferences.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-05-2023 12:29 PM
It is visible in Jamf admin console. Do a search and select a machine. Choose Inventory and then select Profiles. All assigned Configuration Profiles names and identifiers are listed.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-15-2024 06:08 AM
Testing installing this app https://github.com/root3nl/SupportApp and something isn't quite right that I can't figure out.
1. I have a Policy with this package where the Scope is my test computer.
2. I have a Configuration Profile using Application & Custom Settings > External Applications using this json file.
The Scope is a Smart Computer Group.
3. The Smart Computer Group uses Criteria where the Profile Identifier "is" the Value of "149694A2-D63C-4195-94C6-26B778EFA58D" which is the Identifier of the application.
The app is installed on my test computer but it is not picking up any of the settings from the json file.
Any input would be appreciated.
