2023-2-26 03:20:48 Author: derflounder.wordpress.com(查看原文) 阅读量:28 收藏
Home > Jamf Pro, Mac administration, Management Profiles > Providing Jamf Pro computer inventory information via macOS configuration profile
Providing Jamf Pro computer inventory information via macOS configuration profile
Jamf Pro can store and make available a lot of information about a particular computer and who is using it as part of the computer’s inventory record, but it can be challenging to access that information from the computer itself.
It is possible to use an API call to access this information, using either the Jamf Pro API or Jamf Pro’s Classic API, but that means providing a way to authenticate to the API. This may pose some security issues as you will need to both:
- Provide a way for the computer to access those authentication credentials
- Protect the authentication credentials from potentially malicious third parties
Fortunately, there is an alternative way to provide at least some inventory information without needing to make an API call. Jamf Pro provides a number of variables which can be used in macOS configuration profiles and it’s possible to leverage those variables to build a profile whose task is providing information from the computer’s inventory record in Jamf Pro in a way which can be accessed from the managed computer. For more details, please see below the jump.
The variables which are available to macOS configuration profiles as of Jamf Pro 10.44.0 are listed in the table shown below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Variable | Inventory Information | |
|---|---|---|
| $MANAGEMENTID | Device management ID assigned by Jamf Pro | |
| $COMPUTERNAME | Computer Name | |
| $SITENAME | Site Name | |
| $SITEID | Site ID | |
| $UDID | Computer UDID | |
| $SERIALNUMBER | Computer Serial Number | |
| $USERNAME | Username associated with the computer in Jamf Pro (computer-level profiles only) Username of the user logging in to the computer (user-level profiles only) |
|
| $FULLNAME or $REALNAME | Full Name | |
| Email Address | ||
| $PHONE | Phone Number | |
| $POSITION | Position | |
| $DEPARTMENTNAME | Department Name | |
| $DEPARTMENTID | Department ID | |
| $BUILDINGNAME | Building Name | |
| $BUILDINGID | Building ID | |
| $ROOM | Room | |
| $MACADDRESS | MAC Address | |
| $JSSID | Jamf Pro ID | |
| $PROFILEJSSID | Jamf Pro ID of the Configuration Profile | |
| $EXTENSIONATTRIBUTE_# | Extension Attribute ID Number Note: The ID number is found in the extension attribute URL. In the example URL below,"id=2" indicates the extension attribute ID number: https://JAMF_PRO_URL.jamfcloud.com/computerExtensionAttributes.html?id=2&o=r |
I’ve used them to build a profile which will pull the information associated with the variables below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $JSSID | |
| $COMPUTERNAME | |
| $MACADDRESS | |
| $SERIALNUMBER | |
| $UDID | |
| $REALNAME | |
| $BUILDINGID | |
| $BUILDINGNAME | |
| $DEPARTMENTNAME | |
| $DEPARTMENTID | |
| $POSITION | |
| $ROOM | |
| $PHONE | |
| $USERNAME | |
| $SITENAME | |
| $SITEID |
When deployed, the profile will pull the relevant information from the computer record in Jamf Pro and store it as part of the profile.
This information in turn can be read from a plist file which should appear in the /Library/Managed Preferences directory on the managed Macs which the profile is being deployed to. In this case, the profile is managing the com.company.information domain, which means that a file named com.company.information.plist should appear in /Library/Preferences.
This information can then be read out of the /Library/Preferences/com.company.information.plist file by either the defaults command or an alternate tool which can parse a plist file for information.
The example profile I’ve written is available below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1"> | |
| <dict> | |
| <key>PayloadUUID</key> | |
| <string>6D198024-4389-441A-86F2-B2A3FAEA24BE</string> | |
| <key>PayloadType</key> | |
| <string>Configuration</string> | |
| <key>PayloadOrganization</key> | |
| <string>Company Name</string> | |
| <key>PayloadIdentifier</key> | |
| <string>6D198024-4389-441A-86F2-B2A3FAEA24BE</string> | |
| <key>PayloadDisplayName</key> | |
| <string>Computer Information</string> | |
| <key>PayloadDescription</key> | |
| <string/> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| <key>PayloadEnabled</key> | |
| <true/> | |
| <key>PayloadRemovalDisallowed</key> | |
| <true/> | |
| <key>PayloadScope</key> | |
| <string>System</string> | |
| <key>PayloadContent</key> | |
| <array> | |
| <dict> | |
| <key>PayloadDisplayName</key> | |
| <string>Custom Settings</string> | |
| <key>PayloadIdentifier</key> | |
| <string>85586FBC-6B08-4451-B6CD-AA09BE2CC0A3</string> | |
| <key>PayloadOrganization</key> | |
| <string>JAMF Software</string> | |
| <key>PayloadType</key> | |
| <string>com.apple.ManagedClient.preferences</string> | |
| <key>PayloadUUID</key> | |
| <string>85586FBC-6B08-4451-B6CD-AA09BE2CC0A3</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| <key>PayloadContent</key> | |
| <dict> | |
| <key>com.company.information</key> | |
| <dict> | |
| <key>Forced</key> | |
| <array> | |
| <dict> | |
| <key>mcx_preference_settings</key> | |
| <dict> | |
| <key>Computer Jamf Pro ID Number</key> | |
| <string>$JSSID</string> | |
| <key>Computer Name</key> | |
| <string>$COMPUTERNAME</string> | |
| <key>Computer Network Connection MAC Address</key> | |
| <string>$MACADDRESS</string> | |
| <key>Computer Serial Number</key> | |
| <string>$SERIALNUMBER</string> | |
| <key>Computer UDID</key> | |
| <string>$UDID</string> | |
| <key>Computer User's Email Address</key> | |
| <string>$EMAIL</string> | |
| <key>Computer User's Name</key> | |
| <string>$REALNAME</string> | |
| <key>Computer User's Office Building ID</key> | |
| <string>$BUILDINGID</string> | |
| <key>Computer User's Office Building Name</key> | |
| <string>$BUILDINGNAME</string> | |
| <key>Computer User's Office Department</key> | |
| <string>$DEPARTMENTNAME</string> | |
| <key>Computer User's Office Department ID</key> | |
| <string>$DEPARTMENTID</string> | |
| <key>Computer User's Office Position</key> | |
| <string>$POSITION</string> | |
| <key>Computer User's Office Room Location</key> | |
| <string>$ROOM</string> | |
| <key>Computer User's Phone Number</key> | |
| <string>$PHONE</string> | |
| <key>Computer User's username</key> | |
| <string>$USERNAME</string> | |
| <key>Site</key> | |
| <string>$SITENAME</string> | |
| <key>Site ID</key> | |
| <string>$SITEID</string> | |
| </dict> | |
| </dict> | |
| </array> | |
| </dict> | |
| </dict> | |
| </dict> | |
| </array> | |
| </dict> | |
| </plist> |
如有侵权请联系:admin#unsafe.sh