 |
| Getting ready for the session |
Why I chose this session:
Since I am brand-new to JAMF, CasperSuite, etc, I am hoping to learn what I can about the software in order to help the schools in my area that are running the software or who are looking to implement it.
What I learned:
What do I want to do?
To Whom?
General
- Display Name (the "pretty" name, what users see in self-service)
- Enabled
- Category (Apps, OS, Printers, plug-ins, etc) - relevant to end-user
Triggers
- Startup (Firewall settings)
- Login (Make sure on YOUR network, then mount share, etc. validation BEFORE the attempt)
- Logout
- Network state change (wifi vs wired)
- Enrollment complete (1st-run script)
- Recurring Check-in
- Custom (useful for prerequisites)
Execution Freq
- Once per computer
- Once per user
- Once per day, week, month (ex: software updates)
- Ongoing (can make avail offline)
Server-side/client-side limitations
- particular days/times (ex: updates during work hours)
- Network connection (ex: only if on ethernet, etc)
Packages
- Install, cache, install from cache
- Select distribution point (location, cloud storage, etc)
Software Updates
- Self-service, auto-install, etc
Scripting
- first three variables taken by JAMF
-- $1 = mount point target drive
-- $2 = computer name
-- $3 = username, usually. Make sure user is logged in
Printers and Docks
- Add/remove printer configs, remove/add items from dock (without delete)
Local Accounts
- Create one
- Allow as admin
- check for filevault
- reset, delete, disable for filevault
- Ex: standardized testing environment (change pw every 24 hrs, delete acct after 14 days, etc)
Management Account
- Be different account than helpdesk uses.
- Password can be randomize it and is unknown
Restart Options
- Startup disk, installer, etc
- Issues with restarting (logged in user, running apps may be issue, etc)
Maintenace
- Update inventory
- Reset name
- Install cached items
- "Mac Voodoo" (fix permissions, flush cache, etc)
Files and Processes
- Find a file or folder, option to delete if found
- Option to kill process if running
- Run command
To Whom
- Scope
- Self-service
Scope
- Set up buildings, departments, etc
- Smart and static groups
- Targets (Can use ALL, if needed)
- Can set up exclusions (depts, groups, buildings, etc)
Self-Service
- Make standard users feel like they have power. They have control over which apps they can install, etc.
- grab icons from clipboard after copying to SS
User Interaction
- Start message (warn the user)
- Defer for 1hr, 2hr, etc
Open for Q&A
- "iBeacon was on slide?" "Yes, but for exclusions and limitations."
- "Do you recommend using update server?" "Depends on the environment. Ex: govt had to vet every update, so they used SUS. Can also use caching service (with various parameters)."
- Discussion about firmware updates. Watch for firmware updates as they will wipe out other updates, continual reboot
- limitation for custom triggers? not that they are aware. Cascading triggers are actually nested, so be careful about order and subtriggers.
- Do not lump a bunch of installs because update releases are not in sync. Keep each install/update as its own policy. Exception: dependencies, printer drivers.
- Issue discussions regarding non-installs/misinstalls. Common solution is to have two policies: one for drivers and one for printers with a check for driver before installing printer.
 |
| This photo captures just how RED this room is! Whoa! |
No comments:
Post a Comment