Jamf Nation Community

Thanks. I looked where you said and we do NOT have an inventory policy. I can create one but where in the creation process do you tell it to be an INVENTORY policy?

Also, if I choose "run on all systems" how do I make each Mac run it? I come from Windows so I am new to this Casper/Mac tool. I know in Windows using a tool like SCCM there is an SCCM agent running one each PC (that was deployed via AD). So each PC knows where the parent server is to send inventory too. How do I know what Mac's have the Casper agent?

Thank you.

One last thing....how do you run a policy? I don't see where I can force it to run or where I can pull it from my Mac client.

When a Mac is enrolled in Casper Suite, a small executable binary called the jamf binary gets installed on it along with a number of other ancillary tools, such as some LaunchAgents/LaunchDaemons, plist files and other items that all work together to "manage" the Mac.

If you see Macs in your inventory and they show up as either "Managed" or "Enrolled" (depending on what version of the JSS you have), then it means they are under management and have the tools installed on them, generally speaking.

One of the processes that runs automatically via launchd, is a check in, typically set to every 15 minutes. Just a quick "ping" of sorts to the Casper server. its a client initiated process, so it runs on the Mac, not dependent on the server itself. In that process, the jamf binary checks for any policies that need to run. Once you have a policy in your JSS for daily inventory, if the Mac is ready to do that inventory submission, or "in scope", it will happen at that time. Does that make sense?

The inventory check usually gets created automatically when the JSS is installed. I have seen some rare cases of that not happening, but that's where is comes from

What you'll need to do is go into your JSS and create a new policy. Choose manual and change the settings to as follows:

Under the General tab, use:

Triggered By: The every X minutes trigger (X being whatever your JSS is set to)
Frequency: Once every day

Give it a name and assign it to a category (optional)

Under the Scope tab, choose:

Assign to All Computers

Under the Advanced tab, put a check in:

Update Inventory

Save it.

Now, go up to your browser menu bar and after the root of your JSS URL, type in tasks.html and hit enter. So in other words, if your JSS URL is: https://mycompanyjss.company.com:8443/, add tasks.html to the end of that.

You'll get to a new view of Scheduled Tasks. Make sure there is a task called something like "Every 15 Minutes" (could be a different number) If there isn't, you'll need to create that as well. Post back if that's the case.

Like SCCM or LANDesk or any other PC management tool, you do need an agent running on the Mac. As @mm2270 explained, that agent is the jamf binary. To get the binary onto the system, and thus your Mac(s) into inventory/management, you'll need to run Recon.app on the machines, or do a network scan for the machines.

You can find information for running Recon.app (or Recon.exe on a PC) in the Casper Admin Guide starting on page 191.

Once the machines are enrolled in the JSS, you can then utilize Policies to push software, push printers, or run scripts. Info on the policies can be found starting on page 169 in the Admin guide.

HTH

Awesome guys, thanks. One more question. where do I look on my Mac machine to find the JAMF binary files? I did a seach for JAMF and it didn't find any.

As for the Recon.app can that be run by the user? (like if we emailed them a link?) Or how do you automate the install of it?

Sorry for newbie questions but I'm under the gun to get this done and I don't know jack about Mac's :-)

You can use Recon.app on a Mac, or Recon.exe on a PC, to create a QuickAdd package. Click QuickAdd Package in the left navigation pane, enter the information and then click Create. You can then email that package file out to your users for them to run.

You can also use an enrollment URL to your JSS (page 195 in the guide) users. They will need to have a login account on the JSS, or your JSS will need to be connected via LDAP and your users would use that LDAP account to get in.

Just to avoid any confusion or problems, if you go the path of creating a QuickAdd package, a few suggestions:
Do it while logged into a local account, not an AD one. Often, Recon has problems creating the QuickAdd pkg when logged into a directory service account.

Second, I strongly suggest creating a new "management" account during the QuickAdd creation. Enter a new account name and password check the "Create this account if it doesn't exist" box as well as hidden account one. That will mean a new hidden (sub 501 UID) account will get made and Casper will use that one instead of say, a local admin account you may use for general maintenance stuff.

If you have machines enrolled from the enrollment page, use the same settings as described above for the enrollment pkg.

The Capser Suite's 8.6.x version has the new self enrollment page, so if you want end users to self enroll, this is the best way to go. You set it up under Settings -> Computer Management Framework Settings -> Enrollment.

Ok, I created and ran the Recon package on my Mac. I waited a while and I then went into the JSS web page/administrator. It says that it made "contact" with my machine today which is Progress. Before that it said last contact was Feb of 2012. But there is no inventory. I look at all of the logs and they all still say the last inventory data was collected in Feb of 2012.

I also created a new Policy. I set it to:

Active: Yes
Frequency: once every day
Trigger: every15
Scope: All computers
Plan Update Inventory

I let this run for a while and I don't see inventory for any machines.

So does this mean JSS is not configured properly or that Recon.app was never run on our Mac machines?

If you go into the Inventory tab in JSS and do a blank search, what comes up? Any Macs at all (besides yours)?

Ok, it took a while but we are now seeing Mac's show up in the inventory!! When I look at the LOGS I only see logs for "Application Usage Logs" & "Policy Logs" Is that normal? What about "Computer Usage Logs"?

Thanks for everyone's help