You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Description

This section describes the various settings we use within JAMF to manage endpoints, including Mac laptops, desktops, and iOS devices.

To Enroll an Endpoint

  1. Go to https://casper1.mit.edu:8443/enroll
  2. Manual enrollments do not automatically install software (covered in kb)
  3. If computer enrolled manually, it will not be automatically encrypted. Need to unencrypt then reencrypt via JAMF
    1. Can set up advanced search
    2. In the search, we can customize to show additional columns
      1. “Last Inventory Update” -> Happens once per day, and it updates the list of applications and stuff on the computer.
      2. Extension Attributes -> Custom scripts that have been written specific to MIT
      3. To force encryption on devices… computers > Policies – configure a policy. Use “IS&T Filevalut 2” for disk encryption configuration

Manual Trigger of New Mac Setup

If you already have a Mac setup and do not wish to wipe the device, run the following command after enrollment to run the setup scripts:

sudo jamf policy -event newmac

This is mentioned in the Jamf Pro - enrolling devices without DEP KB article.

CRE Site Settings

Site name: Center for Real Estate

When you want to work with your machines, be sure to select your site from the dropdown menu near the top-right of the page.

Site categories - used when uploading files and creating policies. Be sure to assign a category or else your files may be deleted.
CRE-Apps
CRE-Maintenance
CRE-Printers
CRE-Scripts
CRE-Test

Moira Group:
  • ep-cre – Members of this Moira group have access to your site. Let us know if you'd like to add or remove users/lists in this group.
  • ep-techs - This is a low traffic mailing list that you will receive emails from regarding upgrades / changes to software and issues as they occur.

Notes

  • Automatic Device Enrollment (ADE) is the new term for Device Enrollment Plan (DEP). Both terms mean the same thing and are used interchangeably.
  • Since the later versions of Jamf/OSX, all devices enrolled in a Jamf site are automatically supervised, regardless of whether or not they are enrolled in DEP/ADE.

Uses device serial number

Enforce file vault encryption – we store keys in JAMF

Make sure to set up the option to run at some point…. Could be check-in if I want to do it when the machine checks in.

 

Mac C368 Printer Driver PPD Location:

 

If I want to manage software licenses, best way to do it is through Mac App Store Apps. Can also do it under licensed software.

DEP – Device Enrollment Program. It automatically know

“Packages” – Can take stock package, then run some scripts to do the extra configuration steps after.

How do I wipe a machine?

 

3rd party patching - http://s.sudre.free.fr/Software/Packages/about.html

https://kb.mit.edu/confluence/pages/viewpage.action?pageId=154191829

https://kb.mit.edu/confluence/display/istcontrib/Jamf+Pro+-+enrolling+devices+without+DEP

 

Increment serial number by 1 for virtual machines in the cloud.

How do I make myself admin on computers?

Console – utility for finding a lot of log stuff. Check jamf.log for seeing if there are problems.

PackageReceipts - > /Library/Receipts – the plist thing shows all history of installed applications

Static Groups: Use this for servers, VMs, staff computers, etc…

Targets: Anything in this will be included.

Exclusions: These will NOT be run.

Limitations: This can be used to limit only ME to seeing the policy

Self serve – force user is mentioned if they need to reboot or something.

Due to permissions issues, you will not be able to upload or delete packages irectly. Just let us know at euc-help@mit.edu if you need something uploaded or removed.

Help

For help with JAMF, email euc-help@mit.edu.

See Also

  • No labels

For questions about this space email creit@mit.edu.