[Casper] Computer group from AD

Ryan Harter rharter at uwsp.edu
Fri Jan 9 12:22:53 PST 2009 

This sounds like a good workaround.  I have emailed JAMF about this  
too, but haven't heard anything.  I'm sure they're all off at MacWorld:)

I was hoping for a solution that I could make a computer group with so  
that I could only run it on the computers that need it and not on  
every computer just for the 20% that actually need the client.

There is also talk of "leasing" CS3 licenses to departments on campus,  
in which case I would like to have self service only advertise the  
install on the computers that are in the CS3Licensed AD group.  I may  
do this by having us add the users to a group as well and scope it  
that way temporarily, but the ultimate goal is to have it available  
for department machines, not users.

I was thinking of some sort of logic like:

1. run a policy that will check dscl for the group memberships of the  
computer.
2. install a dummy package.
3. base a smart group on the receipt of the dummy package.
4. scope the policies to the smart group

That way, I can not only run the policy just for the group, but also  
keep a record of who's in it.  It's not a very elegant solution, but  
it may have to do.

Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu

On Jan 9, 2009, at 1:35 PM, Miles Leacy wrote:

> "Bound to a directory" and "Member of a group" are different concepts.
>
> I would also like the ability to recognize computer accounts and  
> computer groups.
>
> You could work around the current situation with a script using  
> logic like so:
>
> 1. Query LDAP (AD) for the groups "my computer" ($2, assuming your  
> machine names are the same as your AD names) belongs to.
> 2. grep the output for the group you want to key on.
> 3. call a custom trigger
>
> The ability for Casper to recognize computer accounts & groups would  
> be better than this, but this can give you the same net effect as  
> scoping a policy to an AD group.  This also assumes you have the  
> ability to perform LDAP lookups in AD.  If your JSS is taking  
> advantage of LDAP, then you could use the same account to perform  
> the lookup in the script.
>
> ----------
> Miles A. Leacy IV
>
>  Certified System Administrator 10.4
>  Certified Technical Coordinator 10.5
>  Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
> 2009/1/9 Nichols, Jared <jared.nichols at ll.mit.edu>
> Wouldn't you just create a smart computer group that goes off of the  
> Active Directory Status attribute?  You could either make it "Active  
> Directory Status" is <<name of AD>> (if you have more than one and  
> you want to specify which) or you could make "Active Directory  
> Status" is not "Not Bound"  It's a double negative, but that would  
> return any machine bound to an AD, no matter what the AD is called.
>
> See Attachment.
>
> Maybe I don't understand completely your question?
>
> j
>
>
> On 1/9/09 12:57 , "Ernst, Craig S." <ERNSTCS at uwec.edu> wrote:
>
> Don't believe the JSS works with computer accounts in AD.
>
> Craig E
>
>
> On 1/9/09 11:56 AM, "Ryan Harter" <rharter at uwsp.edu> wrote:
>
> Hey Guys-
>
> Has anyone created a smart group that would take members based on if  
> the computer is a member of an AD group.
>
> Essentially what I'm trying to do is scope a policy to a group of  
> computers in AD, like you can with the User scope, but it doesn't  
> seem to work with computers.
>
> When user's register for our disaster recovery system, their  
> computer is added to a group in AD, and I would like to install the  
> backup client on their machine based on whether or not they are in  
> this group.  Any ideas?
>
>
> Ryan Harter
> UW - Stevens Point
> Workstation Developer
> 715.346.2716
> Ryan.Harter at uwsp.edu <mailto:Ryan.Harter at uwsp.edu>
>
>
>
>
>
> -- 
> Jared Nichols
> ISD Infrastructure and Operations – Desktop Engineering
> MIT Lincoln Laboratory
> 244 Wood St.
> Lexington, MA 02420-9108
> (781) 981-5500
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090109/51183c90/attachment.html

More information about the Casper mailing list