- Jamf Nation Community
- Products
- Jamf Pro
- Re: 9.101 Upgrade - Mobile App Restrictions
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
9.101 Upgrade - Mobile App Restrictions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-02-2018 08:07 AM
I'm looking to do my first upgrade since taking over our organization's JAMF. We're currently on 9.96 and moving to 9.101 to support our iOS 11 and High Sierra devices. I set up a test environment, used the database migrator tool, migrated most of our data successfully, then upgraded the test JSS to 9.101. One thing I've noticed is that the application restrictions did not transfer properly for most of them. Under Configuration Profiles > Restrictions > iOS and TvOS > Applications, the Allow All Apps, Allow Some Apps, and Do Not Allow Some Apps is correctly selected, but the list of apps no longer exists.
We like to restrict apps (primarily Apple's built-in apps) from devices for specific reasons. I'm hoping that when we upgrade, the app list actually transfers; otherwise, I would have to go in and manually edit ~300 configuration profiles.
Has anyone else seen this issue when they upgraded to 9.101?
Labels:
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-02-2018 10:23 AM
Can't say I have much experience with the database migrator tool, but we upgraded from 9.98 to 9.101 without seeing this issue. I also just upgraded our environment from 9.101 to 10.3 and our Configuration Profiles with "Do Not Allow Some Apps" did not change.
Our JSS environment is on-prem, and I opt to upgrade our environment manually instead of using the packaged installer. Not sure if a manual upgrade would change the outcome (if your environment is on-prem, that is).
I know there were some bugs in 9.101 with the "Restrictions" payload. The one I noticed most is on the "TvOS" restriction tab, if you want Airplay or pairing with the remote app enabled, then you would need to leave the box unchecked. When you save the profile, the boxes would then be checked, vice versa if you wanted the settings disabled. Might be another bug that you are running into with 9.101 as well.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-02-2018 10:47 AM
Did you look at any of the restriction configurations to see if the App list was populated before upgrading? It could be that the data migration tool didn't transfer properly on those.
You could also spin up a new server on 9.96, leave the database blank and create just a configuration with restricted apps and then upgrade the server to see if it does indeed remove the apps from the list.
We did this exact upgrade about 9 months ago and didn't see any issues with any of our restrictions and restricted apps. We do only have a small population where we restrict apps and it is possible that we didn't set those up until after we upgraded.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-02-2018 12:08 PM
Thanks for the responses. I'm relieved to see others haven't had this specific issue with the upgrade.
@engh It's possible that it is related to the App list not being populated; however, the only apps being hidden are the built-in apps, that I would think would be auto-populated (I could be wrong). I did find one that properly transferred the restricted app list - one that had Only Show Some Apps set to Settings. That was the first configuration profile I found that had populated properly.
@ejculpepper Our JSS is also on-prem, and the issue could have everything to do with the migrator tool failing consistently - it apparently has to pull things in a specific order (no documentation for it) for it work. Lots of trial and error.
Do either of you know how to possibly export configuration profiles as a backup reference?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-02-2018 12:29 PM
@tomgluver If you navigate to the Configuration Profile, you should be able to click on "Download" at the bottom of the page to download a copy of the profile as a .mobileconfig file. You can then upload the .mobileconfig file back to the JSS if needed.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-02-2018 12:34 PM
Thanks @ejculpepper !
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-02-2018 03:03 PM
@tomgluver
When we were on prem, I tested upgrades with building a new JSS matching were I was then restored a production back up then upgrade to the version I wanted.... this wont't get all the setting like DEP that require cert and advance set up .. it will test your back up and if all the database gets update correctly. Also I could test many many times very fast...
C
PS To really support HS you need JP 10.3
