Skip to main content
Question

tweaking part of a script


ImAMacGuy
Forum|alt.badge.img+23

I have in my first boot script a section that looks at the machine and determines if it's a laptop or desktop. if it's a laptop, it runs a trigger to install the VPN. I was just provided another version of the VPN, but it's for a specific region. I was thinking the easiest way to determine that was to look at the machine name and then say something along the lines of if name = xyz, then install this pkg, else install that pkg.

But I'm not exactly sure how to put that into the script.

maybe it would be easier to take the VPN portion out of the FB script and put 2 separate ones in depending on which config they are put in?

anyway - this is what I'm starting from and was wanting to modify.

# Detects if this Mac is a laptop or not by checking the model ID for the word "Book" in the name.

IS_LAPTOP=`/usr/sbin/system_profiler SPHardwareDataType | grep "Model Identifier" | grep "Book"`

if [[ $shortModel == "MacBook" ]]; then
    jamf policy -trigger VPN
else    
    /bin/echo "VPN Not Installed, desktop machine"
fi

5 replies

Forum|alt.badge.img+9
  • Contributor
  • 125 replies
  • November 10, 2015

Why not create a separate policy for VPN installation?

  1. Create a smart group (i.e. "Mac Desktops") using "Model" NOT LIKE "Book".
  2. Create a smart group (i.e. "VPN Region X") using "Building" IS "example1" OR "Building" IS "example2"...
  3. Set scope of existing VPN install policy as follows:
    • Targets:
      • All computers
    • Exclusions:
      • Computer group: "Mac Desktops"
      • Computer group: "VPN Region X"
  4. Clone this policy and adjust scope as follows:
    • Targets:
      • Computer group: "VPN Region X"
    • Exclusions:
      • Computer group: "Mac Desktops"

Forum|alt.badge.img+12
  • Contributor
  • 29 replies
  • November 10, 2015

I've used a similar variable before in my script. I'm no expert by any means. Then I did an if statement similar to yours except I was looking for 3 specific models. You could probably just look for Book
I believe your VPN policy would have to be available to every device if you want to trigger it that way because if I remember correctly, calling a policy by id still has it constrained to the scope. Again, this was just a quick messy thing I wrote to fix a simple issue.

#!/bin/sh
modelID=`system_profiler SPHardwareDataType | grep 'Model Identifier'`

if [[ $modelID == *iMac* || $modelID == *MacBookPro* || $modelID == *Macmini* ]]

Forum|alt.badge.img+16
  • Valued Contributor
  • 1002 replies
  • November 10, 2015

I'm with @dwandro92 on this, why not just create a scoped policy for this? You can even still call it manually from the first run if you don't want it applying on any other triggers (although you may need to proceed it with a recon to ensure the device is moved into scope) and it will still only apply to the machines it is scoped to.


Forum|alt.badge.img+12
  • Contributor
  • 29 replies
  • November 10, 2015

Either way would work. I think the script would run before something based off smart group, but smart group would probably be easier.


Forum|alt.badge.img+12
  • Contributor
  • 529 replies
  • November 10, 2015

If you wish to script it, system_profiler is pretty slow so I'd suggest finding alternatives where possible. Eg.

#!/bin/bash

mac_model=`sysctl hw.model`

if [[ "$mac_model" =~ "Book" ]]
then
        echo "Laptop"
else
        echo "Desktop"
fi

exit 0

Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings