Jamf Nation Community

stevehillnz · ‎04-08-2013

I have a lab of iMacs that have user level configuration profiles containing restrictions. The profiles are scoped to a Smart Group and work flawlessly.

Now I am trying to deploy a computer level profile the same way, but the client machines will not pick it up, and the management history shows no pending commands. When I try to add the machines individually to the scope, they do not appear in the computers list.

They all have the latest OS (10.8.3) and have recently checked in with the JSS which is version 8.64.

jszaszvari · ‎04-08-2013

Maybe a similar issue?

I'v had issues with something similar

https://jamfnation.jamfsoftware.com/discussion.html?id=6609

tkimpton · ‎04-09-2013

See mcxtoprofile by Tim Sutton. I only managed restrictions by using Tims tool to take my mcx plists for restrictions, converting them to config profiles.

https://github.com/timsutton/mcxToProfile

This is the only thing that has worked! I dont believe its a JAMF issue but more like Apple releasing Config Profiles too early without doing PROPER UAT!

Tim & Greg Thanks for this tool and all the effort that goes with it :)

Without it i really dont know what we would do!

stevehillnz · ‎04-09-2013

Thanks jszaszvari. I had read that, but this is different. The client machines are not even receiving the new profiles, even though they have picked up previous ones. I cannot even see them to add them to the scope.

mcxtoprofile looks very useful, but unless I can scope these machines I can't do anything.

tkimpton · ‎04-09-2013

You may need to open ports. Time to be nice with the Network guys ;)

https://jamfnation.jamfsoftware.com/article.html?id=34

stevehillnz · ‎04-09-2013

If it it is a port issue, how was I able to deploy user-level profiles?

tkimpton · ‎04-10-2013

i would contact your support rep at JAMF

david_yenzer · ‎04-24-2013

I have experienced this same issue - we currently have MCX settings to block System Preferences items like Sharing - and were directed to attempt to port these over to Config Profiles. So far I have only had success on the 'user' level - the computer level doesn't work at all. I might be able to make it work by adding the user groups in, but there is also only the ability to enable access to the default items in SysPrefs - how do I allow a user to be able to access a third-party "Other" item in System Preferences? Something like Flash Player, Java, or Xerox PrintBack.

bajones · ‎04-25-2013

@david.yenzer https://jamfnation.jamfsoftware.com/article.html?id=204 The changes don't stick when upgrading the JSS, but it's as simple as saving the modified file and replacing the one created during the upgrade and restarting Tomcat. Hopefully this will still be relevant with 9.0 or better yet, there will be a less hacky way to accomplish this!

david_yenzer · ‎04-25-2013

I've got a handle on the MCX settings (Management > Managed Preferences) and was trying to move that restriction over to Management > Configuration Profiles. However, the Config Profiles area doesn't seem to have a place to customize - they have a 'restrictions' area, but on the payload page there are only check boxes to allow the pre-listed items. When a user installs Java, Flash Player, Xerox PrintBack or whatever else - those also show up in System Preferences and we would want the user to be able to use them. (Basically all we want to block is Sharing.)

Until this becomes possible in Config Profiles we will continue to use the MCX.

bajones · ‎04-29-2013

The formatting on my last post could have been better, but the link I posted contains instructions to do exactly what you need. I followed these instructions to add the Wacom preference pane to the pre-listed items in the restrictions payload of our config profiles.

Jamf Nation Community

Configuration Profiles - inconsistent