OS X Yosemite

First off, thanks @golbiga for pointing out the Apple KB and method. And thanks to whomever at Apple that got this in place. Apparently someone there is looking out for us poor Mac admins!

That said, I noticed one thing to mention in testing. The Apple method seems to only work with the actual OS X Yosemite Beta, not against the 10.10.Developer Preview from earlier in the year. This makes sense I guess, but thought I'd mention it, just in case any user gets their hands on a Dev Preview installer. It would not work to stop them from installing that.
So, probably a good idea to take a double shotgun approach and keep the Casper Suite Restricted Software item in place for everything (or at least the Dev Preview) and also have this Config profile or MCX setting in place for the Public Beta version.
The process is still called "Install Assistant" so as long as that's in place, Casper will/should still catch it and shut it down before the Config Profile even needs to stop anything.

Has anyone yet tested the old method above to see if the name/process changed? I'm not going to push out the Profile, and I'm wondering if the previous process still works?

It hasn't changed. The executable is still "InstallAssistant" as I mentioned. Tested and confirmed that our existing Restricted Software still blocks the Public Yosemite Beta installer.

@mm2270][/url: Apologies. I read the thing too fast to grasp your last sentence. D'oh!

Re: the Apple KB posted, the DL link for the sample profile is broken...is this the same as posted above? If so, was it pulled?

confirmed that restricting "Install OS X Yosemite Beta.app" works....
currently using that restriction and the MCX to block users

Let's assume I can't push config profiles to our users right now, will just blocking the process "Install OS X Yosemite Beta.app" work, without doing anything else?

@kstrick: But using that method I believe will not cover the install of the user changes the name. I can't confirm, but I'd test that if you use only the app name...

@boettchs True, a name change might be a workaround but I'm hoping between restricting the process name and with the mcx blocking the installation once the installer is launched that it should weed out most of the troublemakers.

If i block "InstallAssistant" as mentioned above, can it block other potentially 'legit' installers other than OS X installers, or is that really just part of the current OS X installers...

I suggest using "InstallAssistant" as the process to look for and block, not the app bundle name. This is discussed earlier up the thread on why so I won't repeat it again in this post.

Edit: @kstrick - I haven't seen "InstallAssistant" used anywhere else, but I can't say 100% that it couldn't block other legit installers. Personally I'd rather use that and if someone reports that another installation is getting blocked as well, we can adjust it later.

I can confirm that the profile works. Upon launching the installer, when you go to choose which disk you want to install Yosemite on, a pop-up will show up saying, "The prerelease version of OS X Yosemite cannot be installed on this Mac due to the Software Update Policy in effect."

Allen

Apparently, that is not supposed to be "out there" (Profile). Apple is asking me where I got the link and I simply stated the twitter-sphere... Just a heads up. But glad it works, in concept.

Isn't it the link in Apple's document? http://support.apple.com/kb/HT6311

Thats where I assumed it came from.

The link was broken in the KB article, but someone dug it up. I removed the link from this thread, but the one on my github page was created by following the directions in http://support.apple.com/kb/HT6311.

Allen

All, FWIW, I let Apple know about the KB and it's now online and fixed - the Profile is downloadable and OK to share. Just wanted to make sure we keep on the good side of things, and they say it's fine now and I did in fact just download the Profile. Carry on.

Anyone noticing inconsistent FV2 reporting in Yosemite? Some machines show encrypted, others show unencrypted, others show status "Decrypting" or "Encrypting" when they're fully encrypted. My machine, fully encrypted, shows as No Partitions Encrypted in both JSS 8.73 and 9.32.

Having a strange issue where the Mac is reporting 'MDM Capability' as 'No'. Not sure if that's just a weird issue that only this one that i'm testing Yosemite is having.

Edit: Just wiped it and loaded an unbooted 10.10 image(via AutoDMG) and reenrolled into JAMF. The JSS MDM Profile loads fine and shows as Verified in Profile Settings on the Mac, but i still get a MDM Capability: No in JAMF. I also can't select this machine when scoping out a config profile(as expected i guess).

JSS 9.31

@denmoff][/url

Pretty sure it only shows as MDM Capable: No, is because it is beta and therefore unsupported in a production environment.

My machine which I am running Yosemite on reports MDM Capable: No, also.
Once Yosemite is officially released and JAMF release the version of the JSS to support it, it should be fine.

@Shadow_Within is right - it's because it's in beta and not a production OS that Casper knows about. Easily worked around by making a smart group scoped to 10.10 Macs, and applying MCX/Profiles to that group.

Thanks @Shadow_Within][/url That makes sense, i guess. Thanks for the workaround @acdesigntech][/url. I'll give it a shot.

Edit: The workaround doesn't seem to be working. The profile seems to be scoped to the 10.10 Mac, but it has not yet received it.

I would say that until JAMF releases a 9.x version of Casper that supports Yosemite, you're likely to see all kinds of odd issues when testing it in the JSS. I wouldn't be too concerned about any of those just yet. JAMF always waits until the official release from Apple before they unveil their own updated product.

here's to hoping they release an 8.x patch that support 10.10 as well. yeah, i'm still on 8.73...

I would not count on that. I know they did it for Mavericks because 9.x had just been released and they knew a lot of customers were still on the 8 series, but I wouldn't hold my breath for any 8.x patch to support 10.10. Development is focused on the 9 series I'm being told.
We're also still on 8.73 here, but we're planning our move to Casper Suite 9 for late summer because, well, the handwriting is on the wall there. Anyway, 9.x has matured a bit and doesn't have nearly the amount of issues it had when it was first released. Time to make the move methinks.

<rant>

TAM just emailed me about that actually. JAMF is not planning a code patch for 8.x. Extremely disappointing since 9 hasn't even been out a year yet. This AFTER we just finished talking about how to move my MCXs to Config profiles easily (where are the actual plists I have are located on the JSS, so I can grab them and run them through MCXtoProfile), how I'm not able to grab them in the JSS on v8.x, and MCXs won't move over in the upgrade from 8.73 to 9.x (in testing this has always held partially true).

I can't plan any move to 9.x until we figure out our server sitch (stuck on 10.6.8 servers ATM and windows VMs are sort of out of the picture because of other dependencies). *VERY frustrating*.

</rant>

Sorry to hijack, folks.

@acdesigntech: you're disappointed, which is fine, but at the same time you are running on 10.6.8 servers? Not sure that your infrastructure being so far behind matches the need to run Yosemite Macs. You can't expect them to keep adding new OS support to an old version of the JSS software - IMHO.
Seems like getting your server sitch settled first is a good idea...

Casper 9 is the future and yeah, you should be planning your migration strategy. I'm guessing cloud-hosted JSS isn't an option for you either? Been replacing a lot of non 3,1 Xserve's with Mac mini servers...