cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Automate Group Membership of Silicon and Intel based MacOS Devices

jworkman
JumpCloud Employee
JumpCloud Employee

This automation can be used to determine the groups of systems whose processor type is intel or silicon. It's designed to be run more than once. When you add new systems to JumpCloud this script would need to be run to group those systems based on their processor type.

Why might this be useful:

  • Some policies (Kext based policies) will not work on silicon based systems by default.
  • Software packages may be designed to work for one type of processor
  • You want to two different device groups for systems that are intel/ silicon based

The Script:

# Get the systems from one onboarding group
$allsystems = Get-JCSystem -returnProperties arch -os "Mac OS X"
# system groups
$silicon = "MacOS-silicon"
$intel = "MacOS-intel"
# IF the group names do not exist, create them...
if (-Not (Get-JCGroup -Type System -Name $silicon))
{
    New-JcSdkSystemGroup -name $silicon
}
if (-Not (Get-JCGroup -Type System -Name $intel))
{
    New-JcSdkSystemGroup -name $intel
}
$groupIDSilicon = Get-JCGroup -Type System -Name $silicon | select-object id
$groupIDUIntel = Get-JCGroup -Type System -Name $intel | select-object id
$SiliconSystems = Get-JCSystemGroupMember -GroupName $silicon | select-object SystemID
$IntelSystems = Get-JCSystemGroupMember -GroupName $intel | select-object SystemID

# For each system...
foreach ($system in $allSystems)
{
    if ($system.arch -eq 'arm64')
    {
        if ($system._id -notin $SiliconSystems.SystemID)
        {
            write-host "System: $($system._id) has Silicon Processor. Adding to $silicon Group"
            Set-JcSdkSystemGroupMember -GroupId:$groupIDSilicon.id -Op:add -Id:$system._id
        }
        else
        {
            write-host "System: $($system._id) Already in $silicon Group"
        }
    }
    else
    {
        if ( $system._id -notin $IntelSystems.SystemID)
        {
            write-host "System: $($system._id) has Intel Processor. Adding to $intel Group"
            Set-JcSdkSystemGroupMember -GroupId:$groupIDUIntel.id -Op:add -Id:$system._id
        }
        else
        {
            write-host "System: $($system._id) Already in $intel Group"
        }
    }
}

After running the script for the first time, two new groups should be created in your organization "MacOS-Silicon" & "MacOS-Intel" those groups should contain systems whose processor type matches either silicon or intel. Subsequent runs of this script will update membership for newly added systems.

1 REPLY 1

jworkman
JumpCloud Employee
JumpCloud Employee

For each system found, the script will iterate through and determine which device group the system should be a member of.

BScott_3-1669834232996.png

BScott_2-1669834146587.png