- Jamf Nation Community
- Products
- Jamf Pro
- new to JAMF MDM
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
new to JAMF MDM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-24-2015 09:09 AM
Our school district purchased an Apple server and JAMF Casper MDM solution. Apple is to install the server and MDM solution in late September.
I have been asked to setup 50 MacBook Pro's for teachers now.
I am wondering if it makes sense to provision the Macbooks or if I should wait on the Apple server and Casper are in place. If I setup the Macbooks now, will I run into issues later managing the devices with the casper suite? Is this even possible?
Finally, if we do put the Macbooks in the teachers hands now, what happens to locally saved data on the devices once we attempt to manage them from the Casper Suite?
Thanks in advance for any feedback.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-24-2015 09:58 AM
You should be able to set up the machines now and enroll them into the JSS later. Would be much easier to set them up if you had everything up to speed...
Do you run any kind of directory service (Active Directory, Open Directory, OpenLDAP)? Are you planning on binding the Macs to that directory service, or just creating local accounts? Adding them to the JSS shouldn't cause any data loss, as long as you carefully scope policies to bind and/or deploy software.
Try to configure the machines as consistently as possible... can use the JSS to make them even more consistently.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-24-2015 10:09 AM
We have Active Directory now (server 2012R2).
We planned on binding the MacBook's to AD so teachers can login as themselves, but again I am open to suggestions.
I feel like I'm going to end up creating double work by fussing with the devices now, but the school is pushing to get the MacBook's into the teachers hands as quickly as possible.
I don't know if imaging/cloning makes sense, or I should just open them up, label them, add our remote software (dameware) and bind to AD and hand them out.
Is the enrollment something that can be pushed remotely, or will I need to touch every device?
Eventually the goal is to deploy printers, software and policies with the MDM. If there is something I could do now to "prep" them for enrollment please let me know,.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-24-2015 10:34 AM
If you want to be able to silently enroll all these Macs later into your JSS once that's set up, without user interaction, then I would consider setting up a hidden local admin account on all of them and turning on SSH. Or, at least enable Remote Management so you can use something like ARD later to enable SSH.
Once they are out there and your JSS is up, you can use Recon.app to scan your LAN subnets and plug in the local admin name/password you created for them. As it hits each one, it uses that information to SSH into the Mac and do the enrollment back to your JSS.
Another option is, if you enable ARD (Remote Management) on them, you can also build a multi use QuickAdd.pkg from Recon.app and just push that to each Mac from ARD. That's sometimes quicker than using Recon.app's Network Scanning feature.
The take-away from the above is, set them up so you have some kind of access back into them later. If you don't, you'll need to rely on your users enrolling their Macs to your JSS by going to the enrollment URL and installing a QuickAdd.pkg (if they are not local admins, this last item will be a showstopper), or you touching each Mac manually.
