Configuration Profile check

roiegat
Contributor III

So to start out with, my work is heavily secured and currently don't have APN or DEP up and running. It's in the works for the future but no available now. So currently, I created configuration profile, download it, package it, and push it to the user. I've been working on creating something better and need you help, since I'm almost there. The goal is to have something working until we can get APN and DEP running.

So our current imaging process uses user-enrollment done by techs on a special network. Everything is set up and computer is rebooted and given to user. During this process about 6 configuration profiles get put down via the packaging method.

Recently I was playing around with trying to get it working using actual pushes from the server. I've had luck using the following process:
1) Connect machine on special network
2)Enroll machine to JAMF Server
3)Disconnect from special server and put on outside network. This is done to enable the machine as a MDM capable in JAMF's eyes. Only keep it on outside network for about a minute.
4) Reconnect to special network and reboot. After rebooting the configuration profiles that I created are pushed down.

Not ideal..but it somewhat works. The thing I noticed is that if I add a configuration profile, or modify one....it doesn't get pushed right away (which makes sense due to lack of APN connection). But if I reboot the machine it gets it. Or in some odd circumstances if I leave the machine alone for about 4 hours it gets it as well.

So my question - what happens during the reboot that causes that push? Is it something that can be scripted so the reboot isn't needed? Seems like "sudo Jamf recon" and "sudo Jamf policy" aren't getting it....so is there a way to do it without rebooting?

As a Mac guy, rebooting seems like a co-out answer to things in a PC centric world...so I want to avoid it as much as possible.

2 REPLIES 2

dsavageED
Contributor III

You could try "sudo jamf manage" or "sudo jamf mdm"...

We aren't using a private network so APNS happens within minutes, but we have seen scenarios where profiles just don't install and ended up with a piece of code to basically wipe them and try again...

roiegat
Contributor III

@dsavageED So ran both and got the following:

bash-3.2$ sudo jamf mdm
Password:
Getting management framework from the JSS...
MDM already enabled or not available
bash-3.2$ sudo jamf manage
Getting management framework from the JSS...
Enforcing management framework...
Checking availability of https://jssdev.mycompany.com:8443/...
The JSS is available.
Enforcing login/logout hooks...
Installing Self Service plug-in Self Service...
Enforcing scheduled tasks...
Creating launch daemon...
Creating launch agent...
Checking availability of https://jssdev.mycompany.com:8443/...
The JSS is available.
bash-3.2$

But no new profiles come down. Rebooting seems fix it...but again...don't like that a reboot is needed. Will look at script and see it works any better.