Move Client machines to a new JSS

New Contributor III

What is the best way to take out of (or remove) a dozen or less clients from my current "sandbox/dev" jss environment and add them to a production network?

I have a few systems that were imaged and now are being managed by my "practice" jss. Now I am building out a production environment and want to add the clients to the new "live" jss.

My concern is existing Managed Prefs or Configuration Profiles from the OLD sandbox conflicting with the new environment. Is there a way to remove them and then just add the client systems (via Recon) to the new JSS?

The "Sandbox" is an OS X Server on a local Lan only, recently updated to Casper 8.6. The Live environment will be all Linux.


Valued Contributor II

i believe it would be jamf removeFramework
then install the new quick add package or recon them from the production server.

Contributor II

Ah but what if they are FileVault2 encrypted ?

How is it best to handle that - if the database is not migrated..

I know one option, would be to decrypt the machine, move to the new JSS then re-encrypt it.
- but that would be rather long-winded.

I am wondering if we can just re-issue an encryption key instead.
If we are logged onto a machine then at that point the disk is unlocked, but 'already encrypted'
So I am wondering how best to re-encrypt with the new JSS.. ?

Valued Contributor II

As long as the management account is a FV user on the machine you should be able to have the new JSS re-issue a new FV key upon enrollment. So, QuickAdd with the same local management account installed on the client, client enrolls into the new JSS, and the new JSS executes a "re-issue FV key" policy on enrollment.

Contributor II

Great, that was enough help for me to figure this out..

-- Thanks