Help

Disable all policies

ctangora
Contributor III

Posted on ‎01-22-2013 07:15 AM

Anybody know of a way to disable all the policies on a server at one time?

0 Kudos
9 REPLIES 9

jarednichols
Honored Contributor

Posted on ‎01-22-2013 07:39 AM 

sudo shutdown -h now

:)

Seriously though... if you're looking to "big bang" access to your server consider blocking 8443 at the firewall except to particular machines that should get admin access.

0 Kudos

ctangora
Contributor III

Posted on ‎01-22-2013 07:44 AM

Not looking to block access, just disable all policies. Then going back and activating a single policy (for migrating to a new box).

I wanted to be sure that anybody who has not done the update could do so through self-service, but ONLY allow them to do the update through self-service.

0 Kudos

mm2270
Legendary Contributor III

Posted on ‎01-22-2013 08:07 AM

Were you really looking to disable all policies or just the ones that would run automatically, such as at the every X minutes check-in? Or perhaps only the Self Service ones?

0 Kudos

jarednichols
Honored Contributor

Posted on ‎01-22-2013 08:34 AM

What's your migration plan look like? This may be moot depending on how you're doing it...

0 Kudos

wmateo
Contributor

Posted on ‎01-22-2013 09:53 AM

I would remove the scope.

0 Kudos

blackholemac
Valued Contributor III

Posted on ‎01-22-2013 10:32 AM

I'll start by agreeing with @jarednichols. I typically don't need policies removed or mcx/profiles disabled to do migrations personally, but if you are using profiles, there is a login window profile that will "Allow computer administrators to disable management". You could try turning that on. If you have mcx heavily set it may well stay even if you descope it. My advice if you need to get at files to copy though or settings is to use terminal and do some scp or cp of your files to an alternate volume or your backup server.

0 Kudos

ctangora
Contributor III

Posted on ‎01-22-2013 10:47 AM

As this server should be considered approaching the EOL for it's JSS, I went into the DB and just modified the state of all the policies except the migration policy to disabled.

Now if anyone tries to do self service they will only see the migration option. This was as a back-up to the already in place migration policy. Just covering all bases.

0 Kudos

jarednichols
Honored Contributor

Posted on ‎01-22-2013 10:49 AM

clever

0 Kudos

localhorst
Contributor

Posted on ‎01-22-2013 11:35 AM

We have several boolean switches as custom Extension Attributes assigned to all hosts. To give an example: one of these switches is to control all policies that install, update or remove software. As we have the rule that a policy has to be scoped always against a SmartGroup we can have the status of the boolean switch and thereby control software management, mcx and many other features by simply changing an extension attribute in a hosts record.

I wondered for years why JAMF does not have a few boolean fields like enable/disable all policies that install/remove packages, disable MCX, disable Policies, etc as advanced settings for managed hosts in the inventory.

0 Kudos