My understanding of the communication triangle is that your JSS tells APN's to tell the target machine to check in with the JSS. When your target machine checks in, the JSS instructs the Mac what to do.

So if your Mac's can't talk to your JSS from outside the company network, they won't get the commands.

Ah, that makes sense it would work that way!

My understanding is inline with dpertsch.

I'd try & get a second clustered JSS installed in your DMZ, then if the clients haven't been wiped, you will be able to get their IP & rudimentary location info.

There is further you can then go, if needed.

Great idea bentoms. We'll see at what lengths they want us to go for these machines

@michael.ferguson, I'd also advise you watch: http://youtu.be/VKozKDhADJ0

I would echo what @bentoms said, and that is to get a second JSS stood up in the DMZ. You might want to also read through this JAMF Nation thread:

https://jamfnation.jamfsoftware.com/discussion.html?id=7328#respond

Ryan Colley has used some open source software and shell scripts to grab screen grabs and pics from the iSight camera.

Thanks all, taking these tips to management!

It's a shame you're not based in New Zealand - this is a good piece of software developed by the clever guys over at the university of Waikato, and has helped a lot of NZ Schools get their machines back...http://kaitiakisoftware.com/

Might be worth getting in contact with those guys anyway?