Smart Computer Group with "MDM Capability" Criteria

hzimmerman
New Contributor III

I am going to be pushing out some certs to enrolled OS X machines and have tested Configuration Profiles. Everything works well, but I am working with a mix of 10.6-10.9 machines. Most of the 10.7-10.9 machines are showing as "MDM Capability: Yes", but I do not want to go through all of them.

I could create an extension attribute that figures out of the JSS has installed its MDM profile. I would then use that as a search criteria in a Smart Group.

Is there a way to create a Smart Computer Group using MDM Capability as a criteria without having to resort to Extension Attributes? If there is not, is there a compelling reason?

5 REPLIES 5

calum_carey
Contributor

In Casper 9, there is a criteria is for Verify MDM Enrollment this might work for you?

allternatively you could package the mobileconfig profile and install it via a postflight script using the profiles command.
That way you dont have to use the APNs/MDM. I've found this approach to be more reliable for my installations

FritzsCorner
Contributor III

I also was looking at accomplishing this without an extension attribute, but was not able to find a solution. I ended up using the following script to set the extended attribute and create a smart group based off of that.

#!/bin/sh
# ============================
# ============================

# Logging Variables
LOGDIR="/var/log/jss"


# Create the directory if if does not exist
mkdir -p "$LOGDIR"
THISFILE=`basename $0`
LOGFILE="$LOGDIR/$THISFILE.log"
SCRIPTDIR=`dirname $0`
TimeStamp=`date "+%Y-%m-%d_%H-%M"`

BUILDINFO="$LOGDIR""/BuildInfo.log"

# Clean slate:
if [ -f "$LOGFILE" ]; then rm "$LOGFILE"; fi

# ============================
# ============================

# Declare Variables
# JSS Values
apiUsername="jssuser"
apiPassword="jsspassword"
jssServer="https://yourjssserver.com"

# ============================
# ============================
# Main Script
computerName=`/usr/libexec/PlistBuddy -c 'Print System:System:ComputerName' /Library/Preferences/SystemConfiguration/preferences.plist`
echo "[$(date)] Computer Name: ""$computerName" >>"$LOGFILE"
computerID=`curl -v -k -u ${apiUsername}:${apiPassword} ${jssServer}/JSSResource/computers/match/${computerName} | awk -F"<id>" '{ print $2 }' | awk -F"</id>" '{ print $1 }'`
echo "[$(date)] Computer ID: ""$computerID" >>"$LOGFILE"
mdmCapable=`curl -v -k -u ${apiUsername}:${apiPassword} ${jssServer}/JSSResource/computers/id/${computerID}/subset/General | awk -F"<mdm_capable>" '{ print $2 }' | awk -F"</mdm_capable>" '{ print $1}'`
echo "[$(date)] MDM Capable: ""$mdmCapable" >>"$LOGFILE"

if [ "$mdmCapable" = "false" ]; then
    echo "<result>No</result>"
else
    echo "<result>Yes</result>"
fi

emily
Valued Contributor III
Valued Contributor III

There is an Extension Attribute that verifies MDM enrollment on JAMFNation:
https://jamfnation.jamfsoftware.com/viewProductFile.html?id=1&fid=401

millersc
Valued Contributor

Has anyone seen this EA working correctly? I'm getting mixed results from the built in EA.

cwaldrip
Valued Contributor

Doesn't work for me. :-