Jamf Pro Computer Extension Attribute – FileVault Decryption Status
Jamf Pro is really good at identifying and reporting on most things within OS X (macOS) and iOS. Unfortunately, Jamf Pro still doesn’t know everything. Lucky for us, we can teach this dog a new trick or two via Extension Attributes.
My recent challenge was to come up with a method to report against systems that are in a current state of decryption.
You might be thinking to yourself, “Jamf already knows how to report against this.” – You’re not wrong! But…
Jamf only let’s us know if a drive is decrypting. Unlike the encryption process, Jamf does not report the percentage complete of the decryption process.
So I wrote an Extension Attribute to meet this need.
Without further ado, I give you: FileVault_Decryption_Status.sh
#!/bin/bash # FileVault_Decryption_Status.sh # v1.0 # Written by Caine Hörr # Written on 2018-01-30 # http://www.cainehorr.com/jamf-pro-computer-extension-attribute-filevault-decryption-status decryptionStatus=`fdesetup status | grep "Decryption" | awk '{print $7}'` if [ "$decryptionStatus" = "" ]; then echo "Not Decrypting" else echo "$decryptionStatus%" fi
Here is a screen shot of my Computer Extension Attribute that pertains to FileVault_Decryption_Status.sh
Once you have added the Extension Attribute, each of your macOS endpoints will begin reporting back FileVault Decryption metrics during your regular Jamf agent check-in interval.
You can create a Smart Group and/or an Advanced Computer Search that query against this Extension Attribute.
Using a Smart Group allows you to create a Dashboard item for at a glance metrics.
You can also modify your personal Inventory Display so you can see all decrypting systems and metrics at a glance.
Leave a Reply