Posted on 01-31-2017 10:34 AM
We have a Configuration Profile that is configured to control Security & Privacy settings.
Under the Firewall tab, we have the following:
[x] Enable Firewall
( ) Block all incoming connections
(*) Control incoming connections for specific apps
[ ] Enable stealth mode
All managed systems receive this Configuration Profile however, NOT all managed systems behave as expected.
Most systems enforce the settings but some systems lock the user out of the firewall settings (as expected) but the firewall itself remains set to "Off".
In order to resolve the issue, I've had to manually exempt the user from the Configuration Profile and "Distribute to Newly Assigned Devices Only".
Then I have the user manually re-enable the firewall.
Once that is done, I then remove their exemption.
There has to be a better way...
Our OS X user base spans from 10.10.x through 10.12.x
Has anyone seen this before?
Has anyone found a way to get around this issue?
We are running JAMF Pro 9.96.
Thanks!
Caine Hörr
A reboot a day keeps the admin away!
Posted on 02-01-2017 11:07 AM
Looking at the feature-requests Enable Firewall
this "Configuration Profile payload has been added to Security and Privacy settings to control the firewall settings for macOS v10.12 and later"
for older system you can use @justinrummel script at https://github.com/justinrummel/Random-Scripts/blob/master/JAMF/enable_firewall.sh