Skip to main content
Question

Disable all policies

  • January 22, 2013
  • 9 replies
  • 19 views
C
Forum|alt.badge.img+10

Anybody know of a way to disable all the policies on a server at one time?

    9 replies

    J
    Forum|alt.badge.img+24
    • jarednichols
    • Valued Contributor
    • January 22, 2013
    sudo shutdown -h now

    :)

    Seriously though... if you're looking to "big bang" access to your server consider blocking 8443 at the firewall except to particular machines that should get admin access.

    C
    Forum|alt.badge.img+10
    • ctangora
    • Author
    • Contributor
    • January 22, 2013

    Not looking to block access, just disable all policies. Then going back and activating a single policy (for migrating to a new box).

    I wanted to be sure that anybody who has not done the update could do so through self-service, but ONLY allow them to do the update through self-service.

    mm2270
    Forum|alt.badge.img+24
    • mm2270
    • Legendary Contributor
    • January 22, 2013

    Were you really looking to disable all policies or just the ones that would run automatically, such as at the every X minutes check-in? Or perhaps only the Self Service ones?

    J
    Forum|alt.badge.img+24
    • jarednichols
    • Valued Contributor
    • January 22, 2013

    What's your migration plan look like? This may be moot depending on how you're doing it...

    W
    Forum|alt.badge.img+12
    • wmateo
    • Contributor
    • January 22, 2013

    I would remove the scope.

    B
    Forum|alt.badge.img+26
    • blackholemac
    • Valued Contributor
    • January 22, 2013

    I'll start by agreeing with @jarednichols. I typically don't need policies removed or mcx/profiles disabled to do migrations personally, but if you are using profiles, there is a login window profile that will "Allow computer administrators to disable management". You could try turning that on. If you have mcx heavily set it may well stay even if you descope it. My advice if you need to get at files to copy though or settings is to use terminal and do some scp or cp of your files to an alternate volume or your backup server.

    C
    Forum|alt.badge.img+10
    • ctangora
    • Author
    • Contributor
    • January 22, 2013

    As this server should be considered approaching the EOL for it's JSS, I went into the DB and just modified the state of all the policies except the migration policy to disabled.

    Now if anyone tries to do self service they will only see the migration option. This was as a back-up to the already in place migration policy. Just covering all bases.

    J
    Forum|alt.badge.img+24
    • jarednichols
    • Valued Contributor
    • January 22, 2013

    clever

    L
    Forum|alt.badge.img+10
    • localhorst
    • Contributor
    • January 22, 2013

    We have several boolean switches as custom Extension Attributes assigned to all hosts. To give an example: one of these switches is to control all policies that install, update or remove software. As we have the rule that a policy has to be scoped always against a SmartGroup we can have the status of the boolean switch and thereby control software management, mcx and many other features by simply changing an extension attribute in a hosts record.

    I wondered for years why JAMF does not have a few boolean fields like enable/disable all policies that install/remove packages, disable MCX, disable Policies, etc as advanced settings for managed hosts in the inventory.

    Terms & ConditionsCookie settingsAccessibility statement