Limited Help Desk Access

Contributor II

I was looking into ways to get our help desk limited access to JAMF for some read-only or low impact actions - like finding a FileVault 2 Recovery Key or unlocking a locked local user account.

What do you allow your 1st level techs access to in JAMF and how is it working out?


Not applicable

If they are helpdesk I am assuming they only need rights to conduct remote support right?
I will suggest you go to system settings - JamF Pro Users and Groups set their privilege to "JamF Remote" only you need them to have any other access within your org.

Best of Luck!

Contributor II

We have not been able to get JAMF Remote to connect to the Macs in most cases.

If we can get that fixed, this would be a great idea. Thank you!

Not applicable

Can you maybe provide some more info about the ARD issue you all are experiencing in your environment?
Are your End-Points all in the same subnet/network or WFH?

Contributor II

We are not using ARD, but the JAMF Remote to try to remote into Macs. They try to make a connection but fail. It has been over a month since I last tried, but I was trying to connect to a test Mac on the next desk - both on wifi. I think it either got stuck on trying to open the SSH connection, or could not see the machine at all.

I like ARD a lot. Maybe we should get it.

Not applicable

Hello @VintageMacGuy,

Do you all have Remote Management and Remote Login turned on on those Macs in your environment?
If not, check your settings in System Pref - Sharing and ensure those settings are set with the correct parameters which will allow access for all internal ARD connectivity functionalities.

Honored Contributor II

We actually have quite a few issues with JAMF Remote also. Your DNS settings have to be correct for JAMF Remote to work. We use AnyConnect as a VPN client and our team that owns that does not have any function set to change the Macs default DNS server when on the VPN. So any device on our VPN cannot be accessed with JAMF Remote as JAMF Remote is reading the DNS tables and seeing the 192.168.x.x IP that the Mac is reporting, but not the corp 10.x.x.x IP the Mac is using as the DNS settings are not right. Obviously since the 192.186 IP address is not on our network the communication never makes it to the Mac.

Contributor III

Curious to see what other teams do for access levels etc. as were working on this ourselves right now.