Posted on 05-27-2015 06:30 AM
We are currently in the process of purchasing Casper Suite for our company. While we have a very accurate inventory of PCs due to SCCM, we are very much in the dark about how many Macs we have worldwide spread among all of our offices.
Does anyone know of a tool or process we can use to identify Macs in our environment so that we can get an initial licence count together for JAMF for the install? So many of our sites have no IT staff and have gained 'machines' over the years so we are looking to bring all of this under control using Casper once we have arranged the initial install.
Many thanks for any advice.
Jason
Posted on 05-27-2015 06:43 AM
How were those Macs managed previously? Do they have Remote Login (ssh) enabled? Remote Management enabled? If they do then Casper Recon can pick them up over ssh I believe to get them enrolled.
Posted on 05-27-2015 07:01 AM
That is part of the problem they weren't. Departments would buy them put them on the network straight out of the box. With no support from IT they have been a growing issue that nobody has wanted to resolve until now.
Posted on 05-27-2015 07:04 AM
If you know the network segments the machines would potentially be on you can run a scan on Apple Remote Desktop.
Posted on 05-27-2015 07:16 AM
First and foremost you'll absolutely need upper and lower level management to embrace the fact that the Wild West days are over and all computer users must enroll in device management, period.
I'm willing to bet you can do your install with a rough estimate of numbers of Macs, and JAMF will work with you to true up the actual number of devices managed after some agreed upon time. This will then happen again, annual true up, every year as you gain/loose devices.
It sounds like you will have to configure Casper's User Initiated Enrollment feature and/or distribute what we call a QuickAdd package for the users to install themselves (chances are you have no idea what the admin passwords are). This will install the Casper binary/agent, set a management account on the device, and create a computer record in the Casper database.
From there, you get management to broadcast the message, all Mac users must enroll with Casper. Once that starts happening you'll be able to deploy standard admin accounts across the board and everything else will follow.
Posted on 05-27-2015 01:11 PM
you'd need some commonly enabled service to scan for, like SSH or ARD. Failing that all Macs do announce it's presence on the local subnet through the _workstation._tcp service over mDNS. Of course you'd have to scan every subnet, and that you your network doesn't block the broadcasts domain.
Posted on 05-27-2015 06:14 PM
You can also try Nmap with your network/security department's permission.
As you begin to rollout Casper, you can get people to enroll with the carrot and stick approach. Shift services (install this software, please) and access (I need staff Wi-Fi, or staff printer) so they are delivered with Casper and Self Service. People can keep their unmanaged Macs but not have access to everything. It's a common diplomatic tool organizations use instead of "Install Casper because I said so".
Posted on 05-29-2015 07:19 AM
When i've had to do this, I've done a manual site by site audit & added devices to the JSS.
During that a little "hearts & minds" work with the existing users too, which can go a long way.. but this is really time/resource/locations dependent.
Posted on 05-29-2015 12:22 PM
Yea. I have to agree with pretty much everything here. There's a technical side to things that's pretty easily sorted out IF AND ONLY IF middle management is onboard. They will need to get the users to run the self initiated enrollment before you can really start getting data since there's no other inventory or management systems in place. This will also help to differentiate between personal and company devices. I also tend to like what @adamcodega talks about, i.e. using new service rollouts that MUST be installed via Self-Service. It's always easier to sell the 'benefit' of the new management system.
Sounds like a fun project!
Posted on 05-29-2015 01:16 PM
Yeah, carrot and stick approach just like @adamcodega mentioned is going to be your best bet here I think. You will want to move as much of the "cool" stuff over to Casper and Self Service as possible. Things like:
• Installing new software titles (both licensed and unlicensed)
• Keeping their Mac up to date with the latest approved updates
• Self Service plug-ins to give them quick access to commonly used or new internal websites
• Adding that new printer the company just got in to their Mac with just a click of a button
Those are just a few examples. If you search around here on JAMFNation you should find a number of threads where people show how their Self Service is set up for ideas. There's lots you can do with it.
The idea is to make it enticing to enroll their Mac so they do it willingly and not begrudgingly. You may still always have some that just want to do their own thing and manage their Macs on their own, but if you do it right, those folks will be the black sheep in the organization and not the norm. The users who do enroll will get access to any new stuff you implement into Self Service, etc.
Just my 2¢
Posted on 05-29-2015 01:25 PM
+1 for printers!