OS X Config Profile Weirdness...

easyedc
Valued Contributor II

We didn't have any issues with OS X 10.8.4 and Casper v. 8.x but now our Config Profiles are not acting as expected.

While using Casper Suite 8.x when scoping out Config Profiles, notably the login access level, the groups that could be assigned access was determined by group GUID (as guided by the JSS to provide the groups GUID). Casper 9.11, it seems as it that doesn't make the distinction of GUID or group name. I've tested both and I can't get either to work for allowing certain groups admin access to workstation.

From the Login Window Payload (access tab):

Login Window WindowOptionsAccessScript Allow The users and groups that can login at this computer User 5EFED968-9B4E-48A0-87AD-83A875682774 D812524D-C03D-4A6A-9F95-B05E08E40A2A

The payload has successfully pushed down to test workstations, but it doesn't appear to be applying any setting. We're also scoping admin access to disable restrictions on login, and that seems to be not working with the new configuration, either. Do I want our group name (G_VAS_MAC_Admins) or their GUID (in this case's D812524D-C03D-4A6A-9F95-B05E08E40A2A). The admin guide doesn't discuss this change in how Casper is building it's profiles for deployment. Casper 8.x had a "groups" section and a "users" section and this is all just one "users" section.

Any guidance would be appreciated.

1 ACCEPTED SOLUTION

easyedc
Valued Contributor II

What ended up being the solution for me was to do an LDAP test for my group mappingsexternal image link and the value that was returned to the JSS was much different (and couldn't be found within Directory Utility) but ended up granting access.

View solution in original post

2 REPLIES 2

lunddal
Contributor

I know that this is an old thread, but I have the same problem (using the latest JSS).

easyedc
Valued Contributor II

What ended up being the solution for me was to do an LDAP test for my group mappingsexternal image link and the value that was returned to the JSS was much different (and couldn't be found within Directory Utility) but ended up granting access.