Jamf Nation Community

Hey guys,

I'm not sure if you had found a workflow for this, but one option you have is to utilize an extension attribute that will populate whether a managed client is enrolled or not. Here's a link to what's been posted on another thread here...

https://jamfnation.jamfsoftware.com/viewProductFile.html?id=1&fid=401

If you throw into to your inventory collection preferences that value should become a selectable option for Smart Group criteria, and you can proceed from there with your workflow.

Also, there is an existing feature request that might interest you as well.

https://jamfnation.jamfsoftware.com/featureRequest.html?id=703

Hope that helps!

Drew - JAMF Software

Nope no good! Need to create a smart group based on specific profiles installed!

This should be possible because the machines inventory shows profiles but even in Casper 9 when you click on all criteria for a smart group, profiles isn't I'm the list!

Not having success with an extension attributes of profiles -L

Coming up with lots of errors that it's not trusted.

@tkimpton sorry replied to the feature request. Reply was below, better to answer it here:

Are these JSS delivered profiles or another method?

If JSS, how are you scoping your profiles now?

I guess there may be an API script that could do this or an EA.

JSS delivered profiles. I have an EA profiles -L but I get and error to say it instant trusted.

When this happens I noticed the mdm certificate is screwed on the machine. Happening a lot on version 9 :(

at the moment i am using system profiler to get this info. My profiles for external media all start with MacMedia so i use this to get the information i want

MacMediaConfigProfiles=`system_profiler SPConfigurationProfileDataType | grep MacMedia | tr -s " " | cut -d" " -f2 | cut -d":" -f1`

echo "<result>$MacMediaConfigProfiles</result>"

for example for my machine is returns MacMediaF which is full access :)

I've attached a extension attribute we use to determine which computers have which config profiles installed. It doesn't currently check for the enrollment profile. Although that should be easy enough to add. Could probably do with a lot of refactoring but it works for us.

#!/bin/bash
#########################################
####    Variable Declaration        #####
#########################################
    ## Specify JSS URL plus a jss user with get API privileges on OS X configuration
    ##  profiles
jssURL="https://your.jss.address.com:8443/JSSResource/osxconfigurationprofiles"
jssAPIUser="User with API Access"
jssAPIPass="Users Password"
    ## Choose where you would like to store your xml file while running through
    ## this script
tmpFileLocation="/tmp/"
tmpFileName="osxConfigProfiles.xml"
size=""
availableProfilesArray=();
profileNameArray=();
profileUUIDArray=();

#########################################
####    End Variable Declaration    #####
#########################################

OLDIFS=$IFS
IFS=$'
'
    ## Store all currently installed profiles into an array
profilesArray=(`profiles -C`)
IFS=$OLDIFS

installedConfigProfiles="Installed Profiles:"$'
'
missingConfigProfiles="Missing Profiles:"$'
'

    ## Grab XML File with all relevant information from JSS
curl -s -u $jssAPIUser:$jssAPIPass $jssURL -X GET -o $tmpFileLocation$tmpFileName
    ## Format the XML
xmllint --format $tmpFileLocation$tmpFileName --output $tmpFileLocation$tmpFileName
    ## Determine the size of the osx_configuration_profiles container
size=$(xmllint $tmpFileLocation$tmpFileName --xpath /os_x_configuration_profiles/size | sed -e 's/<size>//' -e 's/<[/]size>//');

    ## for each element in the container iterate over and store the name and UUID
    ## of the config profile. Also remove tags from each item.
for((i=0; i <= $size ; i++))
do
    profileNameArray[$i]=$(xmllint $tmpFileLocation$tmpFileName --xpath /os_x_configuration_profiles/os_x_configuration_profile[$i]/name | sed -e 's/<name>//' -e 's/<[/]name>//')
    profileUUIDArray[$i]=$(xmllint $tmpFileLocation$tmpFileName --xpath /os_x_configuration_profiles/os_x_configuration_profile[$i]/uuid | sed -e 's/<uuid>//' -e 's/<[/]uuid>//') 
done

    ##  Iterate over all installed profiles storing the relevant UUID info into
    ##  an array for later processing
for((i=0; i < ${#profilesArray[@]} ;i++))
    do
        availableProfilesArray[$i]=`echo ${profilesArray*} | sed -e 's/_computerlevel[[0-9]] attribute: profileIdentifier: //' -e 's/_computerlevel[[0-9][0-9]] attribute: profileIdentifier: //'`
done

    ##  For each UUID that was obtained run it against possible matches from
    ##  the JSS. If a match is found add it to the string that will be returned.
    ##  Then remove it from the array.
for((i=0; i < ${#profileUUIDArray[@]} ;i++))
do
        for((x=0; x < ${#availableProfilesArray[@]} ;x++))
        do
            if [ "${availableProfilesArray[x]}" = "${profileUUIDArray*}" ]
            then
                installedConfigProfiles+="${profileNameArray[$i]}"$'
'
                profileNameArray[$i]=""
                #echo "${profileNameArray[$i]}"
                break
            fi
        done

done
    ##  After you finish processing each UUID assign any remaining config
    ##  profiles to the missing profiles section to be returned.
for((x=0; x < ${#profileNameArray[@]} ;x++))
do
    if [ "${profileNameArray[x]}" != "" ]
            then
                missingConfigProfiles+=${profileNameArray[$x]}$'
'
    fi
done

    ##  Delete the xml file from the temp location
rm $tmpFileLocation$tmpFileName
    ##  Return the results
echo "<result>$installedConfigProfiles"$'
'"$missingConfigProfiles</result>"

I'm performing thread necromancy because 5 years later this is still an issue???
I'm having a hard time believing the management part of MDM is so lacking in JAMF. How can there be no way to have triggers on profiles like there are on policies? Where is ANY option to re-try, re-deploy, re-evaluate the relevance of a profile so it gets installed?? A failed apply should not mean you have to erase and re-install a system and purge from inventory to get a profile to apply and the red counter to go down.

@ebonweaver agreed. I would like to see the little fixes like this done rather than a brand new version where the bugs are just going to be piling up!