Posted on 10-13-2017 02:53 AM
So, since upgrading to 101, we have random problems. Support call coming up, but wanted to gauge the problem:
A simple OSX policy (run a script) is not triggering on some devices, even though it is scoped (All users, with a limitation).
I decided I would try to remove the limitation and re add it.
- I select remove. Gone.
- I select SAVE.
- The limitations are still showing.
No matter how many times, it's still there.
Anyone experiencing similar?
Posted on 10-13-2017 06:37 AM
Any attempts at removing the scope limitation made on a different browser?
Posted on 10-23-2017 09:07 AM
@cpdecker sorry, was on vacation.
No difference. Recreated policy to workaround, but I'm concerned there's bigger issues which I'm investigating.
Posted on 01-24-2018 08:21 PM
Same issue, I'm running 10.0.0 and it will not allow me to remove the scope limitations. The only work around I can find, as well, is to clone the profile and make the changes to the clone, then delete the original profile and rename the clone.
Posted on 01-31-2018 03:02 AM
It looks like there are a few random issues with the interface:
- this issue
- prestage imaging scope (networks) can't be selected. Modifying an existing clears/breaks scope. PI created for this.
- Can't select packages etc in Configurations @ Settings > Computer Management > Configurations
These all seem interface related IMO.
Posted on 03-06-2018 09:01 AM
Just posting to say that on 10.2.0 I'm having the same issue!
Posted on 03-06-2018 09:21 AM
Hey all,
Are these limitations limited to an LDAP Group AND has that LDAP Group ID mapping been edited after the initial limitation was applied?
If you're in that specific scenario, this is an issue we're aware of and it's filed under PI-004486.
Please be aware that PI-004486 is very specific to the scenario I've outlined above and if this is not the case for your environment, you would not be running into PI-004486 and there may be something else going on.
If you believe you are running into PI-004486, please contact Support to get a case open and attached to it.
If you are not in the scenario of PI-004486, please contact Support anyway if you have not so they can dig into it deeper and find out what's going on.
Thanks!
Were Wulff
Jamf Customer Experience
Posted on 10-12-2018 01:44 AM
I just wanted to share my experience:
We are using Jamf Pro 10.4.1 and we also experience the issue that it is not possible to remove LDAP User Group Limitations in Policies.
One feasible workaround is to deactivate the policy, remove the limitations, save, and then to reenable it. This workaround worked for us and is also "ok" for the time being. We are curious if this issue has been fixed in a later release?
Posted on 10-12-2018 05:46 AM
I have seen smart groups and policies that refused to 'accept' the changes, that is after a Save they reverted to the previous setting. The solution proposed by support was to clone the item, do the change, and delete the original item. Rename new item to old item. You might have to check other items that used the old item.
Posted on 10-12-2018 06:01 AM
I am having this issue and unfortunately @AndreasRumpl your work around is not working for me. I am on 10.7.1-t1536934276. This has been happening for a while but now it is inhibiting work. Think the only way I can get around this is to use the API to clear them out, but that is a painful process due to the way you have to specify everything in the scope in your API call. and not just remove one item.
Posted on 04-17-2020 10:38 AM
@canopimp So, we found a workaround for this.
If you remove all LDAP groups from limitation and add another (any) and save it, it will make the change. You can then go back into the policy and change it to a different LDAP group or remove it altogether.
It looks like somehow those LDAP limitations get intrinsically tied together but it requires more than just deleting both to break that connection to the policy.