Jamf Nation Community

yellow · ‎05-05-2015

We have an ever growing number of policies and packages that need to be installed well after the whole imaging process is completed. I've found that "enrollment complete" or "reoccurring check-in" can be rather unpredictable. Some of the software I have to install is... touchy... and can cause the OS to go into fits if installed too early in the whole imaging process. This concept also spills into a new way to image the incoming MacBooks (and likely others) with USB-C.

I've considered empty packages to indicate "newly imaged" and using smart groups, but that can be unpredictable as well.
I've considered using LaunchDaemons with timers that will eventually reach out and run a policy, but getting the timing right can be a challenge.
I've considered using a Self-Service initiated policy, but that would depend on the tech remembering to do it.
I've wondered how to leverage the use of sites or buildings in the JSS, but I'm not clear if I can move devices between sites & I cannot manage Buildings using policy or command line (can I?).
I looked into PreStage, but that doesn't seem to do what I want, people still have to run Casper Imaging locally.
I've considered a customized QuickAdd package and trying to do any of the above.

So, what are you doing, if anything, to indicate in the JSS that X is a newly imaged Mac?

stevewood · ‎05-05-2015

@yellow during Casper Imaging I re-name the machine with the prefix "NEW-" in front of the serial number. I then scope a SG to machines with computer name like "NEW-". I also drop a dummy receipt onto the machine during my first boot script and recon so that it will be picked up by the same SG. So the SG is set to "like computer name "NEW-" OR has receipt firstboot.txt".

My software policies are then scoped to this SG (Called "FirstBoot"), and I call all of these policies via the first boot script.

kstrick · ‎05-05-2015

When I image a machine, I have a script that runs that creates a 'watermark' / timestamp with the imaging date during my post imaging, and an extension attibute that grabs that date....

idea being that you could have policy's that only run once and smart group that looks for machines that are within x days old as the scope.

davidacland · ‎05-05-2015

Just to go the other way, we don't do anything to identify newly imaged Macs. If we are running Casper imaging, we include everything that is needed in the configuration.

Anything else is available in self service, so its just there if the user wants it.

I've had odd results in the past when policies need to run after imaging, before the device is ready for the user. Could just be a timing thing but I find it more reliable and consistent to include everything in the config.

Look · ‎05-05-2015

We just have a smart group for Enrollment Date less than 1 day and use it as an exclusion, so the once only policies thatwould be broken if they came down to soon come down after 24 hours.
I have also disabled all on enrollment policies as I have had instances where it was freezing up the machine indefinitely when in th post image install screen from Deploy Studio (we are not using Casper Imaging).

Rayfield · ‎05-06-2015

We just have a smart group for Enrollment Date less than 1 day and use it as an exclusion, so the once only policies thatwould be broken if they came down to soon come down after 24 hours. I have also disabled all on enrollment policies as I have had instances where it was freezing up the machine indefinitely when in th post image install screen from Deploy Studio (we are not using Casper Imaging).

That's exactly what we do as well. We have a newly enrolled smart group set up. While it doesn't necessarily help with machines that are being re-enrolled for whatever reason, it helps a lot to see what new computers are being imaged.

We then have policies that are specified to run on only machines that belong to that smart group.

We've also in the past had a specific smart group set up to have machines with a enrollment date of X/X/XXXX or later to show as separate smart groups so we can see how we've progressed throughout a mass re-image (Summer projects).

elliotjordan · ‎05-06-2015

I like to do this script as part of the imaging process:

defaults write "/Library/Application Support/PretendCo/com.pretendco.jss" DateImaged -date "$(date -u '+%Y-%m-%dT%H:%M:%SZ')"

And then an extension attribute to read it back:

echo "<result>$(defaults read "/Library/Application Support/PretendCo/com.pretendco.jss" DateImaged)</result>"

Jamf Nation Community

Curious: How do you indicate a newly imaged Mac?