Help

AD logins and hiding softwares

checkmate1984
New Contributor

Posted on ‎07-22-2024 06:31 AM

Hi all

We have 256GB Hard drives in our Mac

90gb or so is usually taken up by the Logic pro sound files - sometimes slightly more.

Then as users log in usiing AD accounts as our mac's are binded by AD - it leaves profile on the system and after month or 2 the mac device gets full. Only way round this is to manually delete the user profile folders in \Users

I dont wish to do this every half term - can we automate this or stop it creating profile on login?

Another thing that was mentioned by teacher is below? I am not sure how to overdcome this - can you advice?

 

The only apps we need to use are:
- Logic Pro
- Google chrome / Safari
 
We used to have a very limited number of apps in the finder but this is no longer the case - students can access Apple music, Photobooth and a whole host of programmes that we never need to use. It would be helpful to completely remove these from the Macs.

Thanks in advance

0 Kudos
Reply
4 REPLIES 4

jamf-42
Valued Contributor II

Posted on ‎07-22-2024 06:47 AM

You can't remove some 'native' apps, they are baked into the OS, GarageBand, Numbers and Pages can be removed (or was that not re-installed after a wipe.. I forget) 

You can stop apps being installed and only deploy what is needed (Chrome) 

If you want to remove all the data each time the user logs out, you can add a script and a logout hook to bin the user directory and account.  

Sure other can chip in, been I while since I supported labs. 

0 Kudos
Reply

AJPinto
Esteemed Contributor

Posted on ‎07-22-2024 07:09 AM

  • You need a "reset" button that runs every so often.
    • Scripting is possible, but risky as automating data deletion can go very poorly.
      • Make sure to exclude your local admin account, and other necessary accounts from the scripting workflow.
    • Deep Freeze to restore the Mac to a previous state every night undoing any changes.
    • MAID to reset the Mac every so often.
    • Maid and Deep Freeze will likely cause problems with the domain join, which is really bad practice for macOS as of the last decade anyway.

 

At this point in time, I would use Automated Device Enrollment paired with the Erase All Contents and Settings command every month/quoter. Just wipe on a Friday the devices and let ADE and your Policies reconfigure the devices for users.

As @jamf-42 said the preinstalled apps are only on new devices, they are not reloaded if you wipe the OS and reinstall. However, there are many preinstalled Apps that you cannot remove.

0 Kudos
Reply

checkmate1984
New Contributor

Posted on ‎07-23-2024 03:21 AM

Hi

Issue with reset is we do the below tasks manually

 

1) Download the loop and instrumental files for Logic pro - manually logging in and download - unless this can be automated?

2) install a follow me printer - maybe done via jamf but not tried

3) Jamf bind doesn't seem to work we have to manually bind to ADF every time we do reset

 

0 Kudos
Reply

dlondon
Valued Contributor

‎07-23-2024 10:49 PM - edited ‎07-23-2024 10:53 PM

You can restrict use of software.  It's right there under Computers in the Jamf Console (Restricted Software).

There are other ways of doing this - Configuration Profile > Restrictions > Applications

Regarding the user homes filling up the disk.  You can create a report for a search which shows you how much disk free space is available on each machine and get it to report at a regular interval e.g. weekly via email.

The other thing you can do is write a script to either brutally just iterate through /Users and remove any user home that the script has defined e.g. for me it would be folders starting with 2, 1 or 0.  This way it leaves the Shared folder.  The nicer way would be to remove the actual account and the home.

Make sure you scope this only to the student machines so you don't delete or block a teacher machine

0 Kudos
Reply