09-25-2023 02:52 AM - edited 09-25-2023 02:52 AM
Hey folks,
Last time I posted 2 scripts in PowerShell & Python on this very topic to complement our newly released Dynamic Groups feature (1 of my personal favorites!).
Many people ask for more with the question - what if we want to move around the devices to the location based device groups on a day to day basis?
The use case is mostly to cater to the orgnisation which has the country / location specific security policies to apply, especially when the employees are traveling.
Yes, I wrote the script for this, read on!
Use the Dynamic Device Group to bind to the baseline security policies and split the location-based policies into the respective location groups only.
Like you see here: all the Windows devices will be staying in this group which applied 3 security + 1 patching policies.
So, when an employee is based (or traveled to) Singapore, a different patch policy and more restrictions to control panel will be applied.
You can setup more location based policies like this then let the script take care of moving the devices around automatically, thus your organisation is compliant with ease in the country your business is operating in when the employees are traveling often.
(You can also follow the most up-to-date script here.)
# -----------------------------------------------------------------------------
# Script: Add-geoSystemGroupMember.ps1
# Version: 1.0.1
# Author: Shawn Song
# Reference:
# - https://community.jumpcloud.com/t5/community-scripts/powershell-add-the-systems-to-a-system-group-depends-on-where/m-p/1733#M172
#
# Notes: Run this script regularly if you wanted to keep moving the device around the geo based groups, not more than twice a day!
# Requirements:
# - The latest JumpCloud PowerShell Module. https://jumpcloud.com/support/install-the-jumpcloud-powershell-module
# - PowerShell 7 and above versions.
# -----------------------------------------------------------------------------
# Connect to JC online
Connect-JCOnline -JumpCloudApiKey "Your-JC-manager-api-key" #JumpCloud manager admin role is sufficient.
# a function to query the geo info from an IP supplied
function Get-IPGeolocation {
Param
(
[string]$IPAddress
)
$request = Invoke-RestMethod -Method Get -Uri "http://ip-api.com/json/$IPAddress"
[PSCustomObject]@{
IP = $request.query
City = $request.city
Country = $request.country
Isp = $request.isp
}
}
# Getting the systems are online with an public IP (excluding the mobile devices).
$jcsystemInfo = Get-JCSystem | where {($_.active -eq $true) -and ($null -ne $_.remoteIP)}
$jcsysgroups = Get-JCGroup -Type System
# Adding the systems to these geo related groups
if ($null -ne $jcsystemInfo){
foreach ($system in $jcsystemInfo){
# Moving the system off from the previous system groups - dynamic groups will not be affected
$jcsysgroups | Get-JCSystemGroupMember | where {$_.systemid -eq $system.id} | Remove-JCSystemGroupMember -SystemID $system.id
# Now after cleaning up, adding to the new groups based on the device current location
$geolocation = Get-IPGeolocation -IPAddress $system.remoteIP
$targetGroup = $geolocation.Country.Replace(' ','') + "_" + $system.osFamily
# Adding the system to the target group
$testGroup = Get-JCGroup -Type System -Name $targetGroup -ErrorAction SilentlyContinue
$testMember = Get-JCSystemGroupMember -GroupName $targetGroup -ErrorAction SilentlyContinue | where system -eq $system.displayName
if ($null -eq $testGroup){
$newGroup = New-JCSystemGroup -GroupName $targetGroup
Add-JCSystemGroupMember -GroupID $newGroup.id -SystemID $system._id
Write-Output "$($system.displayname) has been added to $($newgroup.name) system group! `n "
}
elseif ($null -ne $testGroup -and $null -eq $testMember) {
Add-JCSystemGroupMember -GroupID $testGroup.id -SystemID $system._id
Write-Output "$($system.displayname) has been added to $($testGroup.name) system group! `n "
}
else {
Write-Output "$($system.displayname) already exists in $($testGroup.name) system group! `n "
}
}
}
else {
Write-Output "Phew! No system needs to be moved, take a day off!"
}
That's it, hope you find it useful.
Have a great starting of the week to end the Q3!
New to the site? Take a look at these additional resources:
Ready to join us? You can register here.