FleetDM automatically set labels and groups with Mosyle MDM

*Please note- FleetDM has a paid option called ‘Teams’ which does a vaguely similar thing. This is not an attempt to get around a paywall, we’re still evaluating FleetDM and so far it’s been pretty awesome. If you actually want the ‘Teams’ functionality, get out your credit card!

 

FleetDM is pretty amazing but it doesn’t handle ‘groups’ out of the box without extra work, so here’s an attempt to do this the lazy man’s way- Warning, this is Mac only as most of our management is devoted to Macs…

Summary-

Add a computer into a clients Mosyle portal (ABM, Manual, BYOD etc.)
Give the computer a bunch of tags that will identify it
Mosyle can automatically add a computer into groups via the tags
Mosyle can also install a .plist file on the client computer with all the tags included
And of course FleetDM is automatically installed at enrolment time
In FleetDM portal, we set up some queries to match the tags in the .plist file

Huzzah! We can group or shard the computers any way we want!

This is massively useful, read on…

In Detail-

Give the computer tags that will identify it

One of the easiest systems to use for tagging is this- use 3 letters each for Company, Location, Computer type and ‘unique identifier’.
So if the client is KFC and the computer is a laptop, the computer name would be something like

KFC-SYD-LAP-001

We never re-use the number so if a client retires a computer, that number is retired forever.
We go a little bit further than this when setting the .plist, there’s a few more things we can set- maybe the naming convention will catch up later

COMPANYGROUP – KFC is owned by YUM Brands, so their CompanyGroup would be ‘YUM’)
COMPANY – this would be the subsidiary, in this case KFC
BUSINESSUNIT – in this case would be Human Resources, Restaurant Staff, Management, Graphic design, Marketing etc.
LOCATION – self explanatory
CUSTOM1 – spare in case a client wants their own identifier of if we choose to expand our own

Mosyle adds a computer into groups via the tags

Mosyle has a ‘Device Groups’ selector that can look at these tags and add computers to groups based on them. So in the example above, the computer would be added to 4 groups (Fleet has some built in queries for computer type I think? So we don’t add that)

 

COMPANYGROUP – YUM
COMPANY – KFC
BUSINESSUNIT – Restaurant Staff
LOCATION – Sydney

Mosyle installs .plist file on client computer tags included

Here’s where the magic happens. In Mosyle, add a script (‘custom command’) to download and install the .plist file with the variables you want to store. Here’s the script

#!/bin/bash
cd "/Library/Application Support/prefs_location"
curl https://raw.githubusercontent.com/adamphetamine/fleetdm/main/clientprefs.sh -o clientprefs.sh
chmod +x clientprefs.sh
sudo sh ./clientprefs.sh "YUM" "KFC" "Restaurant Staff" "Sydney" "unset"

rm -rf clientprefs.sh


This will go to Github, download the script that creates the .plist, run it with the correct variables and then delete the .plist creation script. You need one of these for each ‘group’ but this could be fixed with better logic- and a bit more time. Note the second last line of the script- that’s where it installs the .plist and passes the variables. Made a mistake? These can be modified and updated later using plistbuddy, which is built into all Macs

In FleetDM portal set up queries to match tags in the .plist file

Then the last piece is setting up the queries for the labels. To find ‘all the computers in YUM Brands’, go to Hosts page, then select ‘Add Label’

select * from plist where path = '/Library/Application Support/prefs_location/com.company.clientprefs.plist'and key = 'CompanyGroup' and value = 'YUM';

 

Or if we want only computers marked as ‘Restaurant Staff’ we would add this query to our labels section-

select * from plist where path = '/Library/Application Support/prefs_location/com.company.clientprefs.plist'and key = 'BusinessUnit' and value = 'Restaurant Staff';

 

So, are you hungry yet?

Recent posts