How to organise the admins and access within an international company

New Contributor II

How is everyone organising their casper admininstrators for their organisations?

Do you guys have "command and control" just in your company headquartered city or do you have your casper administrators creating policies and configurations in every city where you have Macs deployed? Would people advise having a fully capable and trained casper administrator in every city or just have one or two in the HQ?

In Casper it is possible to split the estate out into sites, buildings and departments from the JSS - has anyone done that? Good idea?

Just wondering how people are doing things....


Valued Contributor II

We have one main admin, and then two other trained admins to step in.

We don't run sites, but run everything globally. With everyone having access to casper. As for big changes, typically one of the three admins will do them, then get another to take a brief look and sign off.

All our scripts go through git hub, tested on a dev server before moving to prod.

New Contributor II

The current setup for the university I'm at is to have multiple sites to support the different campuses (in four different states). Our regionals have a smaller Apple footprint so they all fall under one site each but our main campus has three sites dedicated to it (IT Security, Academic, Staff) due to a larger Apple deployment. Out of the 20 accounts and users of JAMF Casper Suite, only 6 have Full JSS Admin rights while the rest are segmented to their own sites (rights on sites depends on managers desires). The only policies that are pushed globally are passcode/FileVault 2 requirements dictated by our IT Security group and emergency security patches which are also dictated by our IT Security group.

For staffing, it depends on your orgs layout. We have our admins at our main campus and techs at the regionals. The regionals really only troubleshoot issues and when in doubt they reimage it (mostly lab setups) and our admins at our main campus will build out/test new images, packages, software before rolling it out.

For organizing everything by site, building, department you can pre make the groups and then move everything where you want it. It's super helpful for inventory and when someone ask how many assets are in this building? Although, something to remember is all buildings and departments you enter will show up in every site. We try to mitigate this by using region codes so no one mixes up buildings (academia likes to name buildings the same thing on multiple campuses).

Hope this helps!