Is there anyway, for policies, to scope an exclusion list? IE: I'd like to have FV2 encryption deployed to all machines EXCEPT a select group/smart group.
Thanks
Solved
Policy Scope Exclusion?
+7Best answer by mm2270
@Joel, that would only really work if the OP was looking to exclude Macs with FV2 already active. If he is looking to exclude, say, all VIP or C Level exec Macs, that would be more complicated with the current suite. For that, something like an Extension Attribute would help that could identify those Macs. For example, dropping a hidden file onto said Macs that could be read back to the JSS in a script based EA.
Another possibility is to use the method I outline in this FR thread, to create an EA that would pull in JSS Computer Group Memberships, then apply any Macs for exclusion into a Static Group. Finally, create a Smart Group that would use something like JSS Comp Groups | Is Not Like | "Your Static Group Name" and any other criteria you might want in it, such as FileVault 2 status or whatever.
https://jamfnation.jamfsoftware.com/featureRequest.html?id=25
+19No, but it is planed in version 9...
https://jamfnation.jamfsoftware.com/featureRequest.html?id=138
+23You can use a Smart Group to gather this information. Just use FileVault 2 Status under Storage information. This should be able to help you identify which computers are encrypted with FileVault 2.
+24@Joel, that would only really work if the OP was looking to exclude Macs with FV2 already active. If he is looking to exclude, say, all VIP or C Level exec Macs, that would be more complicated with the current suite. For that, something like an Extension Attribute would help that could identify those Macs. For example, dropping a hidden file onto said Macs that could be read back to the JSS in a script based EA.
Another possibility is to use the method I outline in this FR thread, to create an EA that would pull in JSS Computer Group Memberships, then apply any Macs for exclusion into a Static Group. Finally, create a Smart Group that would use something like JSS Comp Groups | Is Not Like | "Your Static Group Name" and any other criteria you might want in it, such as FileVault 2 status or whatever.
https://jamfnation.jamfsoftware.com/featureRequest.html?id=25
+7@mm2270 That is a correct assumption.
It seems the answer is "No, it isn't possible at this time". Suck.
+38Assuming you have some way to identify the machines, like data in the Location tab of the machines, you could use a Smart Group to do the exclusion.
For example, we are an advertising agency, so I use the department to indicate if a machine is a creative, account service, project manager, etc. I then use the Room to indicate which client team the machine is on. If I wanted to enable FileValut on all of the machines on the JAMF team except for the creative machines, I can create a Smart Group that has the following:
Department is not creative Room is JAMF
Is that what you're looking to do?
+7@stevewood Oh, that's excellent. We don't use room currently, so I can just tag those machines that I want to manually exclude as something like "NoFV". Perfect!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.