Jamf Nation Community

arpierson · ‎10-14-2016

I'm attempting to make a policy available to only faculty members at a few of our schools. I've got the policy set up to run once per computer with no trigger, available in Self Service, and targeting to all computers and all users.

Set up like this, the policy is scoped to all 3800 computers in our environment. However, the moment that I limit the policy to one of the faculty LDAP groups, the policy is then scoped to zero computers.

Any thoughts on what's causing this?

donmontalvo · ‎10-15-2016

Are users logging in to Self Service?

--
https://donmontalvo.com

arpierson · ‎10-17-2016

They are, via Active Directory.

millersc · ‎10-17-2016

Because your scoping to an AD User Group, not an AD Computer Group (which btw, JAMF doesn't do in version 9 but did in 8). As users login, you should start seeing the policy have completes show up. Something I hope they fix in version 10.

arpierson · ‎10-17-2016

I'm actually not, I'm afraid. There's no trigger set; it's just supposed to sit there for users to run in Self Service as they want. My AD account is in one of the groups that the policy is limited to, but I don't see the policy in SS when I log in.

millersc · ‎10-17-2016

Change your target from All Users to Specific Users. This is how mine are set with AD User Groups also in SS. Make sure your logged out of SS and log back in. You might also have to do a jamf recon on your mac to see the changes.

arpierson · ‎10-17-2016

I thought the way to scope to AD groups was to use Limitations. Is it not? I don't see AD groups anywhere else in the Scope options.

Sorry, I'm taking the CCT training in a couple of months, but flying by the seat of my pants until then. :)

millersc · ‎10-17-2016

You will use Limitations, but if you have it scoped to All Users, it trumps any AD group in Limitation. It's all good. We all keep on learning!

Jamf Nation Community

Adding LDAP group limitation takes computers in scope to 0.