Best practise or recommendation

Quan_nong
Contributor

Hi All

I'm new to Casper and recently installed and started to enroll mac's into Casper. I just wanted to reach out to ask if anyone has recommendations to any profiles/payloads that I should consider setting up?

6 REPLIES 6

John_Wetter
Release Candidate Programs Tester

That really depends on, and I would recommend starting with, what the business requirements might be. Are their security requirements around passwords or screen savers/screen locking? Is there a requirement for a certain kind of view or end-user experience to start with? Once there is an idea of what is required, then you can turn around and start deploying profiles or payloads to support those needs.

Look
Valued Contributor III

If you have AD bound laptop users you will need a profile to deploy mobile accounts if you want them to use them offsite.
But yeah most stuff kind of works out of the box and you can just layer functionality over the top as required.
You also need to decide on whether Apple software updates are managed by Casper and work out shedules etc... for this.

gachowski
Valued Contributor II

Take a look at this : )

http://benchmarks.cisecurity.org/downloads/benchmarks/

Their list is based on Apple and NSA hardening from X.6.

It's not prefect but a good starting place.

C

davidacland
Honored Contributor II

@Quan.nong I would recommend keeping it as light as possible to start off with and carefully testing any new changes / additions once more Macs are enrolled. I'm assuming you had some plans for Casper when you were purchasing it so I would start there.

If you have access to a test Mac, or even just a virtual machine, you can use that to explore the functionality without much danger.

The other recommendations would depend on the type of organisation, whether your using shared or 1:1 devices, user patterns (travelling or office based) etc. If you share some of that info some more recommendations might apply.

Cook
New Contributor II
  • Setup a test static group
  • Assign afew test macs
  • Create some config profiles and policies ( have a good think about what your business may need)
  • Scope it out to those groups
  • See how it implements and works by checking jss logs and mac var/jamf logs
  • Mac sure the JSS server is also happy with the change check memory usage etc
  • If its sweet apply to your managed static groups

Quan_nong
Contributor

Thanks everyone for your advice

Much appreciated