Profiles, Payloads and, Scope

LarryH
New Contributor III

I was wondering how other people are doing these things. I am currently setting up a single profile payload for each section that I want to manage. So examples would be, I have one profile for Network, one for VPN, one for Login Items, one for Login Window, one for Security, etc. I then have a static group that is named after that profile payload <example - Profile: Network> then I manually check the box for all the clients that I want to have that profile. I do this for each of my profiles. I then scope that profile to that static group. I could have up to nine profiles on a client. I thought this would be the easiest way to manage both the profiles and the clients who are getting those profiles, and if someone could justify to me why they should not have a profile I could easily remove that profile and not disrupt any of the other profile payloads.

I’m finding that periodically my clients will drop profiles, sometimes just a few and sometimes all of them. I’ll look in JSS and it shows under management history that the profiles are all still on the client machines. I do a JAMF enroll or JAMF recon and it makes no difference the profiles that are missing do not reappear until I delete the machine from JSS and re-enroll it. I wouldn’t think I have to many profiles, could this be my issue? How are others doing profiles? Should I maybe just create one profile name it “Standard Config“ and go through all the sections of the profile and add all the payloads to that one “Standard Config” profile, and have only one profile on the clients.

3 REPLIES 3

bentoms
Release Candidate Programs Tester

Hi Larry,

Mine is setup the same.

They are named "<SCOPE> - <PAYLOAD>", so "Computer - AD Certificate."

If there is a ready built profile, i've used that.. if not then i've tried MCX.. then scripts.. :)

Are the clients with the disappearing profiles on 10.8?

mscottblake
Valued Contributor

I also have different profiles for each payload. I have them scoped to smart groups, but not necessarily one to one.

I have also seen profiles drop off the machines and am currently dealing with a very frustrating issue that is dropping the wireless network authentication profiles from my laptops. I can't find any rhyme, reason, or pattern as to why some of the profiles are being removed from the machines. If anyone can explain why or if there is a better way of doing it, then I would be greatly appreciative.

If it helps, I've noticed that the problem is much less prevalent on my iMacs that connect through ethernet.

blutz
New Contributor

I too have run into disappearing profiles. Specifically my profile which binds clients to Active Directory.

It's very frustrating. It seems to occur most often during a reboot of the client's iMac. I can't find a common thread that ties each of these clients together, however it does seem to happen more to some than others.

Interestingly enough, when I look in the JSS profile management history for the clients, there is usually an entry saying "Remove Configuration Profile Active Directory" meaning that something is actually pushing the command to remove it...?