tweaking part of a script

jwojda
Valued Contributor II

I have in my first boot script a section that looks at the machine and determines if it's a laptop or desktop. if it's a laptop, it runs a trigger to install the VPN. I was just provided another version of the VPN, but it's for a specific region. I was thinking the easiest way to determine that was to look at the machine name and then say something along the lines of if name = xyz, then install this pkg, else install that pkg.

But I'm not exactly sure how to put that into the script.

maybe it would be easier to take the VPN portion out of the FB script and put 2 separate ones in depending on which config they are put in?

anyway - this is what I'm starting from and was wanting to modify.

# Detects if this Mac is a laptop or not by checking the model ID for the word "Book" in the name.

IS_LAPTOP=`/usr/sbin/system_profiler SPHardwareDataType | grep "Model Identifier" | grep "Book"`

if [[ $shortModel == "MacBook" ]]; then
    jamf policy -trigger VPN
else    
    /bin/echo "VPN Not Installed, desktop machine"
fi
5 REPLIES 5

dwandro92
Contributor III

Why not create a separate policy for VPN installation?

  1. Create a smart group (i.e. "Mac Desktops") using "Model" NOT LIKE "Book".
  2. Create a smart group (i.e. "VPN Region X") using "Building" IS "example1" OR "Building" IS "example2"...
  3. Set scope of existing VPN install policy as follows:
    • Targets:
      • All computers
    • Exclusions:
      • Computer group: "Mac Desktops"
      • Computer group: "VPN Region X"
  4. Clone this policy and adjust scope as follows:
    • Targets:
      • Computer group: "VPN Region X"
    • Exclusions:
      • Computer group: "Mac Desktops"

nnewport
New Contributor III

I've used a similar variable before in my script. I'm no expert by any means. Then I did an if statement similar to yours except I was looking for 3 specific models. You could probably just look for Book
I believe your VPN policy would have to be available to every device if you want to trigger it that way because if I remember correctly, calling a policy by id still has it constrained to the scope. Again, this was just a quick messy thing I wrote to fix a simple issue.

#!/bin/sh
modelID=`system_profiler SPHardwareDataType | grep 'Model Identifier'`

if [[ $modelID == *iMac* || $modelID == *MacBookPro* || $modelID == *Macmini* ]]

Look
Valued Contributor III

I'm with @dwandro92 on this, why not just create a scoped policy for this? You can even still call it manually from the first run if you don't want it applying on any other triggers (although you may need to proceed it with a recon to ensure the device is moved into scope) and it will still only apply to the machines it is scoped to.

nnewport
New Contributor III

Either way would work. I think the script would run before something based off smart group, but smart group would probably be easier.

sean
Valued Contributor

If you wish to script it, system_profiler is pretty slow so I'd suggest finding alternatives where possible. Eg.

#!/bin/bash

mac_model=`sysctl hw.model`

if [[ "$mac_model" =~ "Book" ]]
then
        echo "Laptop"
else
        echo "Desktop"
fi

exit 0