Least painful method for getting Jamf binary on MacOS devices

bobo
New Contributor III

We have a small amount of unmanaged macs (around 100ish). Many of which are not bound to AD in any way. What is the easiest way to get the jamf binary loaded on them all?

I’d rather not have to manually install and run recon on every system. I’ve tried running the ip range/search tool but haven’t been able to remotely install, even on systems bound to AD using numerous credentials. DEP enrollments and MDM functions are not an option due to network security constraints.

If I’m missing any other obvious ways of doing this please let me know. Much appreciated.

3 REPLIES 3

sdagley
Esteemed Contributor II

@bobdole01 You can create a QuickAdd package with Recon that you could then install on each machine. That's still manual, but much easier than running Recon on every system.

I am confused however by your statement "DEP enrollments and MDM functions are not an option due to network security constraints". What exactly are you intending to do with Jamf if MDM functions are not an option? And while DEP enrollment may not (yet) be required for managing Macs, MDM enrollment being a requirement is fast approaching.

bobo
New Contributor III

Thanks. I’ll check that out. What I mean is we don’t currently have the ports opened up that we’d need for MDM to function. Eventually we might just not now.

You can still do a ton without MDM and APN ports opened. Policies, self service, scripts. A lot of what we’d need anyways. Thanks.

sdagley
Esteemed Contributor II

@bobdole01 Starting with macOS High Sierra 10.13.2 Apple introduced User Approved MDM. That, and APNS being available for delivery, is now required for installing some types of configuration profiles.

If your org intends to keep supporting Macs then you really need to look into getting the ports opened. Apple's Use Apple products on enterprise networks document is your guide for those. And if you use SSL inspection on traffic through your firewall you're going to need to whitelist most, if not all of the servers listed in that document as Apple is moving to use certificate pinning on almost every service.