MDM Configuration Profile variable Reference – Revision 2017-11-06
Hi All,
So this blog may look familiar, that’ll be because it is! I’ve updated my previous version to include new options from Apple (a few changes) and Jamf (actually no changes), and taking the opportunity to add in FileWave and LANrev too (a ton of options!). For ease of reference, I’ve detailed all below (current as of Server app 5.4, Casper v10.0, FileWave v12.0 and LANrev v7.3.2) in the same blog.
Apple Profile Manager: User Variables
(Source: Payload variables)
| Variable | Substitution |
| %full_name% | The user’s full name, for example, Melisa Dunbar |
| %first_name% | The user’s first name, for example, Melisa |
| %last_name% | The user’s last name, for example, Dunbar |
| %email% | The user’s email address |
| %job_title% | The user’s job title |
| %mobile_phone% | The user’s mobile telephone number |
| %short_name% | The user’s short name, for example, mdunbar |
| %guid% | The user’s guid, for example, 501 |
Apple Profile Manager: Device Variables
(Source: Payload variables)
| Variable | Substitution |
| %DeviceName% %device_name% | The name of the device |
| %OSVersion% | The common version number of the device’s OS, such as “10.7” |
| %SerialNumber% | The device’s serial number |
| %ProductName% | The device’s product name, such as “MacBook” |
| %UDID% | The device’s Unique Device Identifier (UDID) |
| %BluetoothMAC% | The MAC address of the device’s Bluetooth interface |
| %WIFIMAC% | The MAC address of the device’s WiFi interface |
| %IMEI% (iOS devices only) | The device’s International Mobile Equipment Identity (IMEI), if present |
| %MEID% (iOS devices only) | The device’s Mobile Equipment Identifier (MEID), if present |
| %EthernetMAC% (Mac only) | The MAC address of the device’s Ethernet interface, if present |
| %DeviceID% (Apple TV only) | The device ID of the Apple TV |
Apple Profile Manager: Network Variables
(Source: Network Settings)
| Variable | Substitution |
| %AD_ComputerID% | Active Directory computer ID |
| %AD_Domain% | Active Directory domain |
| %AD_DomainForestName% | Active Directory forest name |
| %AD_DomainGuid% | Active Directory GUID |
| %AD_DomainNameDns% | Active Directory DNS Name |
| %AD_KerberosID% | Active Directory Kerberos ID |
| %ComputerName% | The computer’s name, as set in System Preferences > Sharing |
| %HardwareUUID% | The computer’s unique identifier |
| %HostName% | The computer’s DNS name, such as mac1.example.com |
| %LocalHostName% | The computer’s local network name, such as Mac1.local |
| %MACAddress% | The computer’s Ethernet (en0) MAC address |
| %SerialNumber% | The computer’s serial number |
Casper / Jamf Pro: iOS Variables
(Source: iOS Configuration Profiles)
| Variable | Substitution |
| $DEVICENAME | Mobile Device Name |
| $ASSET_TAG | Asset Tag |
| $SITENAME | Site Name |
| $SITEID | Site ID |
| $SERIALNUMBER | Serial Number |
| $UDID | UDID |
| $USERNAME | Username |
| $FULLNAME or $REALNAME | Full Name |
| Email Address | |
| $PHONE | Phone Number |
| $ROOM | Room |
| $POSITION | Position |
| $DEPARTMENTNAME | Department Name |
| $DEPARTMENTID | Department ID |
| $BUILDINGNAME | Building Name |
| $BUILDINGID | Building ID |
| $MACADDRESS | MAC Address |
| $JSSID | JSS ID |
| $PROFILEJSSID | JSS ID of the Configuration Profile |
Casper / Jamf Pro: macOS Variables
(Source: macOS Configuration Profiles)
| Variable | Substitution |
| $COMPUTERNAME or $DEVICENAME | Mobile Device Name |
| $SITENAME | Site Name |
| $SITEID | Site ID |
| $SERIALNUMBER | Serial Number |
| $UDID | UDID |
| $USERNAME | Username associated with the computer in the JSS (computer-level profiles only) Username of the user logging in to the computer (user-level profiles only) |
| $FULLNAME or $REALNAME | Full Name |
| Email Address | |
| $PHONE | Phone Number |
| $ROOM | Room |
| $POSITION | Position |
| $DEPARTMENTNAME | Department Name |
| $DEPARTMENTID | Department ID |
| $BUILDINGNAME | Building Name |
| $BUILDINGID | Building ID |
| $MACADDRESS | MAC Address |
| $JSSID | JSS ID |
| $PROFILEJSSID | JSS ID of the Configuration Profile |
| $EXTENSIONATTRIBUTE_<#> | Value for any LDAP Attribute |
FileWave: LDAP Parameters
(Source: Page 163)
| Variable | Substitution |
| %full_name% | The user’s full name, pulled from their LDAP record |
| %first_name% | The user’s first name, pulled from their LDAP record |
| %last_name% | The user’s last name, pulled from their LDAP record |
| %email% | The user’s email address, pulled from their LDAP record |
| %job_title% | The user’s job title, pulled from their LDAP record |
| %mobile_phone% | The user’s mobile telephone number, pulled from their LDAP record |
| %short_name% | The user’s short name, pulled from their LDAP record |
| %guid% | The user’s guid, pulled from their LDAP record |
FileWave: Device Parameters
(Source: Page 163)
| Variable | Substitution |
| %OSVersion% | OS Version of device, as recorded in the inventory |
| %SerialNumber% | Serial Number, as recorded in the inventory |
| %ProductName% | Full name of the product, as recorded in the inventory |
| %BuildVersion% | OS Build version, as recorded in the inventory |
| %WI-FIMAC% | Wi-Fi Adapter’s MAC address, as recorded in the inventory |
| %ICCID% | The device’s ICCID number, as recorded in the inventory |
| %IMEI% | The device’s IMEI number, as recorded in the inventory |
LANrev: Device Variables
(Source: Pages 397 and 398)
| Variable | Substitution |
| ${MDU_AccountDisabled} | Device User Account Disabled |
| ${MDU_AccountLocked} | Device User Account Locked |
| ${MDU_AccountLockoutTime} | Device User Account Lockout Time |
| ${MDU_AccountPasswordExpirationDate} | Device User Account Password Expiration Date |
| ${MDU_AccountPasswordExpired} | Device User Account Password Expired |
| ${MDU_BusinessCategory} | Device User Business Category |
| ${MDU_City} | Device User City |
| ${MDU_Company} | Device User Company |
| ${MDU_Country} | Device User Country |
| ${MDU_Department} | Device User Department |
| ${MDU_DepartmentNumber} | Device User Department Number |
| ${MDU_DisplayName} | Device User Display Name |
| ${MDU_EMail} | Device User E-Mail |
| ${MDU_EmployeeID} | Device User Employee ID |
| ${MDU_EmployeeNumber} | Device User Employee Number |
| ${MDU_EnrollmentDomain} | Device User Enrollment Domain |
| ${MDU_EnrollmentUsername} | Device User Enrollment Username |
| ${MDU_ExtensionAttribute1} through ${MDU_ExtensionAttribute15} | Device User Extension Attribute 1 through 15 information items. |
| ${MDU_FirstName} | Device User First Name |
| ${MDU_JobTitle} | Device User Job Title |
| ${MDU_LastName} | Device User Last Name |
| ${MDU_LogOnName} | Device User Log-on Name |
| ${MDU_ManagedBy} | Device User Managed By |
| ${MDU_MemberOf} | Device User Is Member Of |
| ${MDU_MobilePhone} | Device User Mobile Phone Number |
| ${MDU_Office} | Device User Office |
| ${MDU_OrganizationalUnit} | Device User Organizational Unit |
| ${MDU_OrganizationalUnitPath} | Device User Organizational Unit Path |
| ${MDU_PhoneNumber} | Device User Phone Number |
| ${MDU_State} | Device User State |
| ${MDU_Street} | Device User Street |
| ${MDU_ZIPCode} | Device User ZIP Code |
| ${DD_ComputerName} | Computer Name |
| ${DD_ComputerModel} | Computer Model |
| ${DD_ComputerManufacturer} | Computer Manufacturer |
| ${DD_CurrentLoginUserName} | Current User Name |
| ${DD_OSPlatform} | OS Platform |
| ${DD_IPAddress} | Agent Active IP |
| ${DD_PrimaryMACAddress} | Primary MAC Address |
| ${DD_LastHeartbeat} | Last Heartbeat |
| ${DD_OSVersion} | OS Version |
| ${DD_OSBuildNumber} | OS Build Number |
| ${DD_OSServicePack} | OS Service Pack |
| ${DD_SerialNumber} | Computer Serial Number |
| ${DD_UDID} | Computer Device Identifier (UDID) |
| ${DD_CurrentUser} | Current User Name |
| ${DD_MissingPatchesCount} | Missing Patch Stat Count |
| ${DD_VPPInviteURL} | Device User VPP Invite URL |
| ${DD_ADComputerName} | AD Computer Name |
| ${DD_ADComputerOU} | AD Computer Organizational Unit |
| ${DD_ADComputerOUPath} | AD Computer Organizational Unit Path |
| ${DD_ADComputerIsMemberOf} | AD Computer Is Member Of |
| ${DD_ADUserOU} | AD User Organizational Unit |
| ${DD_ADUserOUPath} | AD Computer Organizational Unit Path |
| ${DD_ADUserIsMemberOf} | AD User Is Member Of |
| ${DD_ClientInfo1} through ${DD_ClientInfo10} | Client Information 1 … 10 information items |
Use Case
So, what use cases for this wall of information? Well in some education labs, I’ve used the `%ComputerName%` or `$COMPUTERNAME` variable in a Login Window banner profile to show the device name on the login screen always.
Summary
As always, if you have any questions, queries or comments, let us know below (or @daz_wallace on Mac Admins Slack) and I’ll try to respond to and delve into as many as I can.
Oh and if you have links to similar points from other MDM venders, please do send them over and I’ll add them.
The usual Disclaimer:
While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.
2 Replies to "MDM Configuration Profile variable Reference – Revision 2017-11-06"
Just wondering about the last screenshot of this as it doesn’t appear to work for us. Adding any variable in login windows just prints the variable name. So for your example, all we get is literally “Device: $Computername” rather than the actual name of the computer. Is this still meant to work? I’ve tried computername, devicename, hostname etc but each one doesn’t work.