Jamf Nation Community

fsjjeff · ‎01-27-2020

Hey all,

I'm experiencing some perplexing scope issues on a student restriction Configuration Profile (actually there's a couple of them, but all configured the same way). I hope someone can look over my config and perhaps point out what I'm doing wrong (or confirm this is a bug)...

Options:
- Distribution method: Install automatically
- Level: User level

Scope:
Targets:
- Target Computers: Specific Computers
- Target Users: Specific Users
- Selected Deployment Targets: Smart Group that selects all computers with 10.14.x OS installed.

Limitations:
- An Active Directory user group for students.

My expectation is that this would apply to all computers that have 10.14, but then limit it to users in the student AD group. Unfortunately it seems to be applying to everyone, myself included.

Any idea what I'm doing wrong, or is this just impossible to accomplish?

larry_barrett · ‎01-28-2020

I'd ditch the limitations portion. Use exclude instead.

Make 2 smart groups
Students
Staff

Scope to students, exclude staff.

ChrisCox · ‎01-28-2020

I have used similar scoping for user-level configuration profiles to ensure students and teachers get different settings. I would start by verifying the computer group to which you are targeting and the AD group to which you are limiting have the correct membership. Also, you may want to trim it back to a simpler test configuration to see where the issue comes in. Try targeting a single test system with the same limitation or change the limitation to a different test AD group or a single AD user to see if the same behavior occurs. Verify this AD group works in other management functions in Jamf Pro like a policy or app. What kind of payload are you pushing out with this configuration profile? Are you sure it is one that is user-level compatible in the first place? Some can only be computer-level.

Jamf Nation Community

MacOS Config Profile Scoping issue