Smart group with computers on local network

Hmm. I like the idea of this process @Rosko has put together. My only issue with it is I don't see a way that it can be used to update a computer's Network Segment, which we use to determine which distribution point a Mac should be pointed to for policies. As we have a Limited Access JSS in a cluster, external clients can run policies, but the one consistent problem I face is that unless I'm constantly on top of getting new network IP ranges input into Jamf Pro as they are set up in the organization, some Mac clients believe they are on the outside (if their IP doesn't fall into a known range) and policies fail since the DMZ distribution points can't be hit when inside the network, only when outside.
I would love to use something like what he's outlined to help there, but unless I can also point Macs to the correct DP with it, I don't know that it would help much.

Still, interesting concept. I will play with this and see if I can use it.

@burdett Sorry about that, I will get the notes updated on GitHub!

@mm2270 Unfortunately since the "default distribution point" is handled by the WebApp at check-in when executing a policy there is no way to override the default DP (except at the package level which would apply to everyone). I like the idea, but unfortunately I don't have a great way to implement this.

Yes, thanks for the response @Rosko I suspected that was the case. I wish there was a way to use something like what you've put together to override that, even maybe with an API call, but I don't see a way to do that. As I mentioned, keeping on top of the near constantly changing IP range landscape in a large org is a full time job. I often don't "discover" there are new subnets until I start seeing some Macs fail policies because they are trying to hit our DMZ distribution points while inside the network. As an aside, if anyone has ideas on how to automate keeping IP ranges in sync in the JSS, I'm open to suggestions.

I've still put up your EA and the script (both with some modifications) and am testing it on a few systems now. The only issue I see, occasionally, is that the network state trigger doesn't always kick in and run the policy as it should, which means a Mac may not get an updated EA value if that happens. But that has nothing to do with your process, just an issue with Network State Change in policies I think. Other than that, it works well so far.