Jamf Nation Community

TheMacFNG · ‎03-05-2018

Hey all--

I have administered an already deployed Casper solution, but never from the ground up and working through use cases and building to me certain criteria. So I was hoping to post to this group and potentially get some feedback from anyone looking to assist.

So here goes some things I am looking to do:

At the top level, I need to:

Deploy Patches and new software versions Control -- Which I know that Casper can do Ensure Local access for IT services -- I think that Casper can do this Ensure local admin is protected -- Not sure Ensure disk encryption -- This can be done via Casper Ensure AV -- This can be done via AV management tool, but can Casper ensure this as well? Ensure local policy -- Can be done via Casper, but what about GPO pushing? 15 min computer lock -- Through local policy through Casper? password required -- Through local policy through Casper? brick capability -- Through local policy through Casper? Ensure AD registration -- Through local policy through Casper?

Thank you in advance for any and all assistance as it is greatly appreciated.

Cheers--

TheMacFNG

Taylor_Armstron · ‎03-05-2018

Trying to sort out the list...

•Deploy Patches and new software versions Control -- Which I know that Casper can do Yep, no problem
•Ensure Local access for IT services -- I think that Casper can do this Need more info on what you mean here, but sure, probably.
•Ensure local admin is protected -- Not sure Again, need to know what you mean by this, but most likely.
•Ensure disk encryption -- This can be done via Casper Yep
•Ensure AV -- This can be done via AV management tool, but can Casper ensure this as well? Casper can certainly make sure it is installed.
•Ensure local policy -- Can be done via Casper, but what about GPO pushing? GPO is AD. If you want to use GPO's, look at Centrify or something like that, but I'd recommend run far away from GPO's and use Casper policies instead. Take a look at JAMF's approach to enforcing the CIS baseline if you need some examples.
•15 min computer lock -- Through local policy through Casper? Sure.
•password required -- Through local policy through Casper? Sure
•brick capability -- Through local policy through Casper? Sure
•Ensure AD registration -- Through local policy through Casper?
Sure

Bottom line: Casper (now known as JAMF | Pro) will basically do anything you want... so long as you know how to ask it to. Think of it as a remote enforcement tool for Mac policies/settings, and not as a magic box that sets everything up. If you know how to script it, query it, set it, etc., then you can script it, query it, set it, etc. across the board using Casper. (and for the record, when I don't know how to script it/etc., I usually just come here to the forums and find someone who has already done it).

kwsenger · ‎03-05-2018

@Taylor.Armstrong My strong suggestion is to read the Jamf Pro-administration guide start to finish. Jamf Pro Administrator's Guide.

blackholemac · ‎03-05-2018

Second @Taylor.Armstrong

Casper is a deployment and management tool. For each of these tasks you want to do, answer this simple question, “if I wanted to do this without a management product, how would I do it?” Follow that up with, “how would I do it on a single machine in an automated manner?”

Likely many of your answers will come in the form of a bash script or AppleScript called at the time you want it. Many of the answers will come in the form of an install package.

Then we get to tasks such as AD integration...it’s important to know what AD actually does on a stock Mac without schema extensions or GPO translation software or management products...the answer...let’s you log in, change a password and map a home directory if you have it in your AD record. In short very little but Jamf works to automate what Apple does do.

With full disk encryption, Jamf handles activating it, assigning users to unlock, escrows the keys and deactivating it.

In terms of mobile config profiles, it manages the task of helping you right them and getting them out assuming a properly configured server. It also handles device commands such as locking.

That leaves you dealing with AV...the good news is that if you can manage the software with scripts or a plist, Jamf can likely help you. The folks on the board here have seen a lot and are eager to help.

Taylor_Armstron · ‎03-05-2018

(Just for the record guys - I'm not the OP, just the 1st to respond! :). )

blackholemac · ‎03-05-2018

I know @Taylor.Armstrong ...I merely send a second to your suggestion as a compliment.

sharriston · ‎03-06-2018

Also if it's in the budget you can take Jamf Course 350 (Formerly CJA) with no prerequisites. It teaches you how to set up a JSS on macOS, Ubuntu, and Windows.

blackholemac · ‎03-06-2018

totally second @sharriston

That course was very helpful in getting the scaling of your clients right.

easyedc · ‎03-06-2018

Well said. Now I do sometimes wish I was fluent in Casperese.

Bottom line: Casper (now known as JAMF | Pro) will basically do anything you want... so long as you know how to ask it to.

@Taylor.Armstrong

Taylor_Armstron · ‎03-06-2018

I think that was the biggest "hurdle" for me. Casper has its roots solidly in the .edu camp, and coming from a .gov perspective, things didn't always work the way "I wanted".... but as long as I could figure out the right way to build my query/policy/ea/etc., it would spit out the result.

Jamf Nation Community

Looking at deploying Jamf Casper... Need assistance!