Jamf Nation Community

darmas · ‎05-10-2017

I'm running JSS 9.97.1482356336 and have certain software blocked - App Store, iTunes, AirDrop, through the Restricted Software settings.
We have developers that require access to the App Store, so I have been adding their LDAP account to the Exclusions list. That list is starting to grow and would like to use a LDAP Group instead. I've added the group to the Exclusion List and added the user's LDAP account to the LDAP Group through AD, not through the JSS Accounts and Groups. Did some testing and it doesn't work.
Is there any other way of using a LDAP Group instead of excluding individual accounts. The Exclusion tab only specifies LDAP / User not Group - see attached image.

strider_knh · ‎05-10-2017

That is for individual users, not user groups. At least that is how it works for us.

I have been disappointed at this as well.

darmas · ‎05-11-2017

I have also created a Smart Group which I've added to the Exclusion list of the Restricted Software, but that does not always work. I've noticed that for existing users, that will not take affect right away (could take days to apply); but for new enrollments, if I include the user to that Smart Group - once they log in, it will take affect right away. The proper way should be through a Smart Group - as per the training courses, but it's not reliable. By adding their LDAP account, that works right away - for new or existing users. I guess I will open up a case with our Jamf Support guy.

Jamf Nation Community

LDAP Group added to Exclusions List not working