Skip to main content

We didn't have any issues with OS X 10.8.4 and Casper v. 8.x but now our Config Profiles are not acting as expected.



While using Casper Suite 8.x when scoping out Config Profiles, notably the login access level, the groups that could be assigned access was determined by group GUID (as guided by the JSS to provide the groups GUID). Casper 9.11, it seems as it that doesn't make the distinction of GUID or group name. I've tested both and I can't get either to work for allowing certain groups admin access to workstation.



From the Login Window Payload (access tab):



Login Window
WindowOptionsAccessScript
Allow
The users and groups that can login at this computer
User
5EFED968-9B4E-48A0-87AD-83A875682774
D812524D-C03D-4A6A-9F95-B05E08E40A2A


The payload has successfully pushed down to test workstations, but it doesn't appear to be applying any setting. We're also scoping admin access to disable restrictions on login, and that seems to be not working with the new configuration, either. Do I want our group name (G_VAS_MAC_Admins) or their GUID (in this case's D812524D-C03D-4A6A-9F95-B05E08E40A2A). The admin guide doesn't discuss this change in how Casper is building it's profiles for deployment. Casper 8.x had a "groups" section and a "users" section and this is all just one "users" section.



Any guidance would be appreciated.

I know that this is an old thread, but I have the same problem (using the latest JSS).

What ended up being the solution for me was to do an LDAP test for my group mappingsexternal image link
and the value that was returned to the JSS was much different (and couldn't be found within Directory Utility) but ended up granting access.

Terms & ConditionsCookie settings