Every week at the same time, we run an API call to get the serial number for every macOS device in our environment. The call is run under a local console operator account with permissions to see all devices in our environment (however, it is not a Master Operator).
We have a Windows/macOS analysis (30-day period) that runs to gather the serial number:
if mac of operating system and exists property "iokit registry" then (string "IOPlatformSerialNumber" of dictionary of service plane of iokit registry) else if exists property "hardware" then (if exists hardware then (serial of hardware|"N/A") else "N/A") else if exists property "smbios" then (if exists smbios then (values "serial_number" of structures "system_information" of smbios as string|"N/A") else "N/A") else "N/A"
Our API call filters this analysis by operating system:
(values of results (bes properties whose (id of it = (2299734257,566369,1)),bes computers whose (operating system of it as lowercase contains "mac")))
However, we are finding that some devices will appear one week, disappear the next, and then appear again.
These devices:
- Have a First Report Time of at least 6+ months
- Have a longstanding value returned by our analysis
- Have our local console operator listed in the device’s User Management Rights tab
Over four weeks, we have device that go FFTF, TTFT, FTFF, FTFT, TFTF, where F means it didn’t show up in the export, and T means it did.
So far, it doesn’t just appear to be the same devices. It could be any device that just doesn’t show up one week, and then appears again fine. Devices are in different sites, have different CPUs, etc. — I haven’t been able to find a common denominator.
Running the API call manually, there doesn’t appear to be any inconsistencies between calls run minutes apart.
Is there anything I can do to make these results more reliable? I will be submitting this as a support ticket as well.