Oct 21, 2014

#jnuc #Jamf - 10/21 - Session 1: Policies 101: Unleashing Power

As I have come to do with all my conference sessions, I will be posting about the sessions I attend, why I chose the particular sessions and what I learned while in there.

Getting ready for the session

Why I chose this session:
Since I am brand-new to JAMF, CasperSuite, etc, I am hoping to learn what I can about the software in order to help the schools in my area that are running the software or who are looking to implement it.

What I learned:

What do I want to do?
To Whom?

- Display Name (the "pretty" name, what users see in self-service)
- Enabled
- Category (Apps, OS, Printers, plug-ins, etc) - relevant to end-user

- Startup (Firewall settings)
- Login (Make sure on YOUR network, then mount share, etc. validation BEFORE the attempt)
- Logout
- Network state change (wifi vs wired)
- Enrollment complete (1st-run script)
- Recurring Check-in
- Custom (useful for prerequisites)

Execution Freq
- Once per computer
- Once per user
- Once per day, week, month (ex: software updates)
- Ongoing (can make avail offline)

Server-side/client-side limitations
- particular days/times (ex: updates during work hours)
- Network connection (ex: only if on ethernet, etc)

- Install, cache, install from cache
- Select distribution point (location, cloud storage, etc)

Software Updates
- Self-service, auto-install, etc

- first three variables taken by JAMF
-- $1 = mount point target drive
-- $2 = computer name
-- $3 = username, usually. Make sure user is logged in

Printers and Docks
- Add/remove printer configs, remove/add items from dock (without delete)

Local Accounts
- Create one
- Allow as admin
- check for filevault
- reset, delete, disable for filevault
- Ex: standardized testing environment (change pw every 24 hrs, delete acct after 14 days, etc)

Management Account
- Be different account than helpdesk uses.
- Password can be randomize it and is unknown

Restart Options
- Startup disk, installer, etc
- Issues with restarting (logged in user, running apps may be issue, etc)

- Update inventory
- Reset name
- Install cached items
- "Mac Voodoo" (fix permissions, flush cache, etc)

Files and Processes
- Find a file or folder, option to delete if found
- Option to kill process if running
- Run command

To Whom
- Scope
- Self-service

- Set up buildings, departments, etc
- Smart and static groups
- Targets (Can use ALL, if needed)
- Can set up exclusions (depts, groups, buildings, etc)

- Make standard users feel like they have power. They have control over which apps they can install, etc.
- grab icons from clipboard after copying to SS

User Interaction
- Start message (warn the user)
- Defer for 1hr, 2hr, etc

Open for Q&A
- "iBeacon was on slide?" "Yes, but for exclusions and limitations."
- "Do you recommend using update server?" "Depends on the environment. Ex: govt had to vet every update, so they used SUS. Can also use caching service (with various parameters)."
- Discussion about firmware updates. Watch for firmware updates as they will wipe out other updates, continual reboot
- limitation for custom triggers? not that they are aware. Cascading triggers are actually nested, so be careful about order and subtriggers.
- Do not lump a bunch of installs because update releases are not in sync. Keep each install/update as its own policy. Exception: dependencies, printer drivers.
- Issue discussions regarding non-installs/misinstalls. Common solution is to have two policies: one for drivers and one for printers with a check for driver before installing printer.

This photo captures just how RED this room is! Whoa!

No comments:

Post a Comment