Posted on 06-16-2022 02:27 PM
Hi All,
1st Post been trying to get up to speed with our Jamf infrastructure. I have done allot of Googling and searching for information these past few months to get 0 touch working and things look great, now we are trying to get our AD bound mobile accounts demobilized and unbound with the impending Microsoft Vulnerability patch coming that is going to stop communication from our Bound Macs to our Domain controllers.
I am automating as much as i can so that i dont have to baby sit this process. i have smart groups for this and they all seem to be in working order. The one function that is not happening how i would like is the actual Jamf Connect Demobilize funcition.
I have the Configuration Profile set with the Demobilize function (only setting). But the demobilize only happens on log off and log back on , NOT on reboot. I cant find any information on this specific criteria. It does say in the article "This involves having users log in to complete the demobilization process."
But sometimes our users dont follow instructions correctly and forcing a reboot function in my mind will automate this.
Is this how its intended? Is there a way to script and notify of a forced logout.
TIA
06-16-2022 03:31 PM - edited 06-16-2022 03:31 PM
THIS should give you guidelines on how to demobilize accounts for Jamf Connect... I think following the guideline hyperlinked is the intended process..
The demobilization based on the guideline is a login process, instead of rebooting..
Posted on 06-16-2022 03:49 PM
Yes, i am following that guide but it really doesnt specify, how that mechanism works.
I dont see a setting on the configuration profile to demobilize "on log in" , rebooting requires you to log in, right?
I am only applying this CP to demobilize , then via a smart group from the ext attribute, "no mobile account" it kicks off the Jamf Connect install. That can be set to run at logon since its a policy. and then it applies our Full Jamf Connect Configuration Profile and Jamf connect license.
I obviously can specify in a message to the end users to Make sure you log out and log back in, not Reboot. But again, I really want to automate this process and a force reboot to demobilize via the CP not a custom script would be great.
Thank you for your reply.
Posted on 06-16-2022 04:13 PM
I'm not sure I understand the issue here... Following the guideline literally defines the mechanism of how the demobilization works.. Once you configure the setting on Jamf Connect, it states the demobilization happens in the background after the user logs in... You can track progress via EA(Extension Attribute)
06-16-2022 07:17 PM - edited 06-16-2022 07:19 PM
The scenario is, when its applied, we are rebooting, which is what , to me , is the preferred method and its not demobilizing (sorry if i was not more clear on the issue). And after reboot is technically logging in but it doesnt demobilize after any of the reboots.
Again, trying to automate this, and forcing a reboot vs. a log off to me is preferred.
Posted on 06-16-2022 04:17 PM
Particularly this part
Posted on 06-17-2022 11:48 AM
Has anyone out there actually facilitated this in their organization and possibly automated it? Or did you have your end users follow a step by step process?
Posted on 06-02-2023 12:44 PM
Working through this now because we are trying to demobilize.
Posted on 06-02-2023 01:11 PM
We ended up getting through this, but I wouldn't say it was fun. The challenge for us was to do all the steps within an accepted timeframe for the end users with notifications of "the next step" and the reboots needed. We ended up creating a recon policy and scoped specific smart groups it would get to the next step within the 15 minute policy check interval, without this, the next step could end up happening the next day because that would be the next time the device would inventory. Hope that makes sense.