- Jamf Nation Community
- Products
- Jamf Pro
- Tracking if a mac has its MDM profile's or not
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Tracking if a mac has its MDM profile's or not
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-15-2013 07:55 AM
Hey guys,
We are using MDM profiles on our machines and 10.8.2. We have noticed in a few occasions that some of the profiles will disappear. For example the Device Profile "Baseline" will disappear and only Network Baseline and MDM enrollment will remain. Other times after the machine is imaged it will not pull down one profile or the other and get shipped out that way. We are now checking before they leave and I also know that they should come down once they hit the network again. We are working on that, but until then it would be great if we had a way to check this. Maybe this is not even possible but if any one would know it would be you guys!
Thanks
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-15-2013 07:59 AM
There is a built in template for an extension attribute that can show you if MDM profiles exist on your macs or not.
If you require more info (as I have recently), I used this code pasted into a different attribute.
#!/bin/bash
# Script to read MDM profile address into an Extension Attribute
# This is needed to make sure that our computers are pointing to the correct URL
# Author : r.purves@arts.ac.uk
# Version: 1.0 - Inital Version
# Read the current computer profile and grep for the organisation name
CurrentJSSURL=$( profiles -C -v | grep -m1 "organization:" | cut -d " " -f 4 )
# Check to see if a MDM cert is present
if [ -z $CurrentJSSURL ];
then
echo "<result>No MDM Certificate</result>"
exit 0
fi
# Since a cert is present, report it's address. Leave the checking to a smart group.
echo "<result>$CurrentJSSURL</result>"
exit 0
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-15-2013 09:18 AM
This is an extension attribute I use to track installed configuration profiles:
#!/bin/bash
profiles=$(profiles -C -v | awk -F: '/attribute: name/{print $NF}' | sort)
echo "<result> $profiles </result>"
exit 0This will return a sorted list of all installed profile names.
I also saved an advanced search that displays them. In my environment, there are large blocks of machines that should all have the same profiles, so I can see at a glance when one is out of whack.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-15-2013 09:55 AM
Guys,
GREAT stuff!!!!
Have you noticed that the profiles hold pretty well? Or do they sometimes disappear ?
If they are not there do you then just wait and hope for them to come back down or do you manually make the machine attempt to get them again ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-15-2013 10:01 AM
If they drop them expectantly, they won't come back. Due to an Apple defect (13189964), the JSS has no idea that they were removed and will not attempt to correct the problem. It has to be done manually.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-15-2013 11:09 AM
We haven't had any disappear, but I wrote the attribute code above so we could selectively replace MDM certificates as we change our JSS address. That attribute is scoped to a smart group. The smart group is added to a policy that executes the following command:
jamf mdm -verboseThis neatly replaces/installs the MDM cert.
