In the last article (http://tmhoule.blogspot.com/2015/10/empower-your-users-with-simple-xcode.html) we created a simple application which writes a flag to the computer specifying if we could run updates on the computer or not. Your checkbox could be for other things. And once we get this app working, you can add other information that may be relevant in your environment - perhaps what software a computer is licensed for? or the name of the person responsible for the computer?
Now that the data is saved on the computer, we need to see it in our JSS so we can work with it. To do that, we create an Extension Attribute. The JSS has lots of built in items it looks for when running Inventory, such as Operating System version and RAM. To look for things that are not there, JAMF allows us to write scripts to collect that information.
Click Settings -> Computer Mangagement -> Extension Attributes. From there, click the + to create a new one. Extension Attributes are run every time the computer does an inventory (recon).
To continue our last project, lets create an EA that shows the status of the AllowUpdates setting we were playing with last time.
Give the EA a name - perhaps AllowUpdates so it is consistent and a description that makes sense to you. We are collecting a boolean, but lets set the Data Type to 'String'. The Inventory Display controls what tab the EA shows up in when looking at a computer record. The Input Type should be Script. This is the fun part.
Enter the following script.
#!/bin/sh
setting=`defaults read /Library/Preferences/com.toddCo.manage.plist AllowUpdates`
if [ $setting == 1 ]; then
answer="True"
elif [ $setting == 0 ]; then
answer="False"
else
answer="No data"
fi
echo "<result>$answer</result>"
Then click Save. The setting line runs the defaults command to get the AllowUpdates value it is currently set to and saves it in a variable called 'setting'. The different if lines turn that 1 or 0 into something more understandable when we look at it in our JSS.
Now if you go to a computer and Update Inventory (type jamf recon in Terminal). When you look at that computer in the JSS, you should see AllowUpdates and either True or False. If you get No Data, then you haven't run the program on that computer yet.
Smart Groups:
Now it's time to build a group of computer in the JSS that allow us to update their computers. In your JSS, click Smart Computer Groups on the left and click the + to create a new group. Give it a name that fits such as 'Software Updates OK' and click Criteria. Under Criteria, click + sign. At the bottom of the list click Choose next to All Criteria and look for your EA. In the example, we named it AllowUUpdates. Click Choose next to it. Leave the Operator set to 'is' and in the Value enter "True".
Then click Save. Now you have a group of computers that have run your program and checked that box allowing you to update them.
So create a policy set to run Software Updates and set the scope to your new group. Go ahead and update them - you've got their permission!
Hopefully, now you see the value of saving data with a local application, then reading it into your JSS. You can flag computers that are kiosks so they be rebooted at convenient times- or servers so they can be rebooted only when the right people have been notified. You may want to put in the name of a person responsible for a shared computer, should it need some attention.
Now if you go to a computer and Update Inventory (type jamf recon in Terminal). When you look at that computer in the JSS, you should see AllowUpdates and either True or False. If you get No Data, then you haven't run the program on that computer yet.
Smart Groups:
Now it's time to build a group of computer in the JSS that allow us to update their computers. In your JSS, click Smart Computer Groups on the left and click the + to create a new group. Give it a name that fits such as 'Software Updates OK' and click Criteria. Under Criteria, click + sign. At the bottom of the list click Choose next to All Criteria and look for your EA. In the example, we named it AllowUUpdates. Click Choose next to it. Leave the Operator set to 'is' and in the Value enter "True".
Then click Save. Now you have a group of computers that have run your program and checked that box allowing you to update them.
So create a policy set to run Software Updates and set the scope to your new group. Go ahead and update them - you've got their permission!
Hopefully, now you see the value of saving data with a local application, then reading it into your JSS. You can flag computers that are kiosks so they be rebooted at convenient times- or servers so they can be rebooted only when the right people have been notified. You may want to put in the name of a person responsible for a shared computer, should it need some attention.
No comments:
Post a Comment