Please educate me...

Valued Contributor II

Hi, first time caller, long time listener....

Doing some renovation/redoing/revamping of our very cluttered Configuration Profiles. 5 or so years ago when I started creating profiles we had 2 groups (marketing and developers) Now we are much more diverse and as such I need to fix a bunch of ugliness. Can someone clarify what I'm thinking about the "Limit by LDAP" function of profiles. Please correct me if I'm wrong, but I see this as I scope it to "All Computers" so that it can be seen everywhere, but I "Limit" to LDAP group and it applies the policy only to that group when it recognizes it? If Bob the graphics designer logs in he gets policy control set A but if Tom the developer signs in on the same computer he gets policy control set B? Is that how it's supposed to work?


Valued Contributor

For user-level profiles, that is correct. We restrict a few settings for most users, but there are AD groups that we use for exceptions; those profiles are scoped to a large smart computer group containing all of our workstations, but then excluded from the relevant exception LDAP group. Limitations are similar; just a whitelist to whom the JSS applies the profile, rather than a blacklist.