- Jamf Nation Community
- Products
- Jamf Pro
- Mac settings vs Windows GPO comparison sheet
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-23-2014 06:28 AM
Hey all,
I need some suggestions. My managers have asked me to compose a list of the settings we set on the Macs compared to the Windows GPO we have set. I'm struggling to figure out the best way to write this up. I can't really find a way in the JSS to export of list of all the settings in an easy to read format. I know I can create some sort of list in the JSS Summary but that doesn't really give me the detail they want. I need a list of all the settings that are being set in each configuration profile and any policies with settings applied.
Has anyone else had to do something like this? Any ideas?
Jamie
Solved! Go to Solution.
2 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-23-2014 07:48 AM
System Information.app lists out MCX (called "Managed Client") settings in a nice Name and Value column format. It also lists Config profiles. The MCX settings are easier to read through that method, but either may work, and MCX may not be an option for you if you aren't using those.
You can export the Managed Client section or Profiles section out to a text file from Terminal that you can read through later. For example:
system_profiler SPManagedClientDataType > ~/Desktop/MCX.txtOr export to an xml file
system_profiler -xml SPManagedClientDataType > ~/Desktop/MCX.xmlSame would work for exporting Profiles.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-23-2014 03:37 PM
In our environment at least I can't see MCX providing nearly enough information to match what is in AD GPO.
It would be a combination of the following for us.
Policies
Managed Preferences
Configuration Profiles
First run scripts on the images
Last run scripts from Deploy Studio
...and probably a bunch of other stuff I have missed.
Then of course there is the fact that probably 3/4 of the Windows GPO's are either irrelevant or don't have an equivalent process on OSX platform, this would be the first port of call for me, to eliminate the ones that simply aren't relevant to the OSX platform.
I don't envy you my friend.
4 REPLIES 4
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-23-2014 07:34 AM
What if you instead used example machines, say from each relevant group, and then from their inventory records went to the management tab and copied out everything from 'Policies with this computer in the Scope?'
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-23-2014 07:48 AM
System Information.app lists out MCX (called "Managed Client") settings in a nice Name and Value column format. It also lists Config profiles. The MCX settings are easier to read through that method, but either may work, and MCX may not be an option for you if you aren't using those.
You can export the Managed Client section or Profiles section out to a text file from Terminal that you can read through later. For example:
system_profiler SPManagedClientDataType > ~/Desktop/MCX.txtOr export to an xml file
system_profiler -xml SPManagedClientDataType > ~/Desktop/MCX.xmlSame would work for exporting Profiles.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-23-2014 03:37 PM
In our environment at least I can't see MCX providing nearly enough information to match what is in AD GPO.
It would be a combination of the following for us.
Policies
Managed Preferences
Configuration Profiles
First run scripts on the images
Last run scripts from Deploy Studio
...and probably a bunch of other stuff I have missed.
Then of course there is the fact that probably 3/4 of the Windows GPO's are either irrelevant or don't have an equivalent process on OSX platform, this would be the first port of call for me, to eliminate the ones that simply aren't relevant to the OSX platform.
I don't envy you my friend.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-24-2014 07:50 AM
Thanks everyone! I totally forgot about System Information.app for some reason. That's the key. Thanks so much!
