Skip to main content

In my organization, we have a bit of an issue.

For a certain subset of our users we must "harden" their machines. We also want to remove the ability from the users to be able to easily decrypt their machines, so we restrict the security and privacy app.

However, now when the developers want to install new applications, they cannot reach the security portions that prompts a user to install from an unknown developer. We would prefer for them to be able to do this.

As a side note... the hardend procedure is controlled via a configuration policy which is distributed via a group. We could remove the computer from the group, do the changes, and re-add the computer. But this process seems to take 30minutes to and hour (Even after manually running sudo jamf policy && sudo jamf recon).

Is there a quicker way for a machine to pick up configuration policy changes?

@wstewart3 If you're using Jamf Pro to directly deploy a Configuration Profile then it should be applied within a couple of minutes of becoming in scope (if not sooner).The normal mechanism for deploying Configuration Profiles uses APNS, no jamf policy or recon is needed.

Does your hardening include removing admin rights for these users? If so, there's nothing to do. Standard users cannot decrypt their Macs.

If you're not removing admin rights then your hardening efforts are practically useless. An admin can do anything. A clever admin can figure out a way around you.

Terms & ConditionsCookie settingsAccessibility statement