Posted on 02-13-2015 01:22 PM
Hi JAMF Nation! We're thinking about buying the Casper Suite. I've done my fair share of reading up on it, and I've got a couple of questions.
1: Can we create a root user account during imaging and how? (or should be set that up in our basic image?)
2: Can we run scripts as root users through the JSS?
3: Are deploying packages as easy as: installing on a test machine, capturing with Composer then deploying through Casper Admin?
4: How's Casper's support?
5: Can we force software updates on our machines? Example: 10.10.5 comes out, can we force our machines to install it and run in the middle of the night?
6: Are "fat" images are pretty much looked down upon?
7: Which is better? Apple Remote Desktop or Casper Remote?
8: How do you guys solve "Network is Unavailable" after waking a Mac from sleep? My Google-Fu failed me.
9: Thanks JAMF nation!
edit: One last question about Netbooting and Casper Imaging. Will our helpdesk staff people able to populate information into it? Example: Asset number, room and name? Once again, thank you very much.
Posted on 02-13-2015 01:40 PM
Welcome!! I've used Casper in one form or another since 2006 so I may be a bit biased when I say it's the best Apple management platform available. As to your questions:
Yes. You can indicate via your image configuration if you want to create a management account, whether to hide it from the Users, etc. If adding existing devices to the JSS, you can set that account to be created via the Quick Add package. There are also 3rd party tools to allow the creation of a package that just creates a user account (https://github.com/MagerValp/CreateUserPkg)
By default scripts run as root through the JSS.
Pretty much, although Casper Admin is the utility to manage your packages, not deploy. Most packages I deploy go through as policies via the JSS or via Self Service. I also use Casper Remote for occasional on-demand distribution.
Excellent. JAMF support is one of the best reasons to go with the Casper Suite. Very responsive, helpful and just good folks. These guys and gals care as much about your Macs as you do and always take a genuine interest in helping you solve problems or offer suggestions. In additional to JAMF support, JAMF Nation is awesome. I go here first for solutions and only to JAMF if it seem to be a bug or something like that.
Yep, you can do that via a policy in the JSS.
I don't build images that way as one change to one app requires rebuilding the whole image. Much easier to use a modular approach with your base OS in one package, apps in their own packages, etc. I don't image as much anymore but deploy the apps I need on top of the factory OS.
ARD has some great features that aren't really duplicated in Casper Remote. They compliment each other IMHO. ARD still gets more use from me as far as simple remote control. Casper Remote has some more flexibility as far as installing disk images, binding to directories, reboot options, etc. Casper Remote uses VNC for remote control.
For us, sometimes rebinding helps if it's an ongoing issue. Usually they will pick up in short order. Really depends a lot on the OS that is having issues, network setup, etc.
Hope this helps. Welcome to the Nation!!
Posted on 02-13-2015 01:43 PM
You can create admin accounts during imaging, script items to enable or disable root andor update the root password assuming the Casper management account is configured on the machine.
Scripts are run as root
It is that easy... or sometimes even easier than that. If you have a vendor PKG or get a PKG from a utility such as AutoPKGAutoPKGr. Then you would just drop the pkg into CasperAdmin replicate your severs and should be ready to deploy.
JAMF Support is GREAT!! This is JAMFNation so the folks on here may be a bit biased though. :)
Not directly thru Casper - You can integrate an Apple Software Update Sever or Resposado (Linux version of an ASUS Server) server, but if you have those in place you can force mac clients to install the update(s) based on your deployment schedule and process.
Just my .02 but if you are using a modular fat image which allows you to flex with Apple then I certainly would say that it is not looked down upon.
It's hard to say which is better because they both have their place. Casper Remote does use the native VNC client on the other hand Casper Remote gives you tons of options then ARD. Also you can make the argument why spend the money on ARD if you are going to buy Casper unless you already purchased ARD.
I don't see that very often and would need a bit more detail on the issue
Posted on 02-13-2015 01:46 PM
Thanks @johnnasset][/url][/url and @ShaunM9483][/url for the run-down! One last question about Netbooting and Casper Imaging. Will our helpdesk staff people able to populate information into it? Example: Asset number, room and name? Once again, thank you very much.
edit: oh and for #8; Here's a thread on JAMF: https://jamfnation.jamfsoftware.com/discussion.html?id=11857
Posted on 02-13-2015 01:48 PM
5. Not directly thru Casper - You can integrate an Apple Software Update Sever or Resposado (Linux version of an ASUS Server) server, but if you have those in place you can force mac clients to install the update(s) based on your deployment schedule and process.
Sure you can. Drop the installer package into Casper Admin, create a policy scoped to your target machines and save. We do use the NetSUS appliance and do most updates at once but no reason you couldn't treat them like any other package.
Posted on 02-13-2015 01:49 PM
Hi and welcome. Hope you make the jump to using Casper Suite in your environment. You're in the right place to get answers on your questions. Here's my take on your questions.
1: Can we create a root user account during imaging and how? (or should be set that up in our basic image?)
The root account already exists on any Mac (its named "System Administrator"). What you can do is enable the root account by assigning it a password (it does not have one by default), but this is usually not at all necessary, and frankly, not recommended for security reasons. Any admin account on a Mac can "escalate" its privileges to root level for operations (assuming its in the right groups on the Mac)
One exception here is when creating a Netboot image for use with Casper Imaging. Usually the root account would be enabled with a password and set the image to auto log into root. This helps later with things like Prestage imaging.
2: Can we run scripts as root users through the JSS?
By default, commands/installs, etc run from a Casper Suite "policy" or other stuff is run as a root operation. Usually people come here looking for how to run scripts, or commands as the logged in user, not the other way around, and I suspect as you use it, you may seek out those answers as well.
3: Are deploying packages as easy as: installing on a test machine, capturing with Composer then deploying through Casper Admin?
In most cases, its easier than that. Many "packages" that are in the .pkg or .mpkg format can be used as is, uploaded into your CasperShare and deployed to your Macs. Capturing installations in Composer is usually a last resort for those pesky installers that come in some odd format or won't work when deployed through a management product, as you'll find if you do searches on the topic here.
4: How's Casper's support?
Excellent! While no company is perfect, they really try their best to resolve your issues and provide the best support possible. I'm not sure where the number stands these days, but at one time, JAMF had one of the highest customer retention rates of any Mac management company around, something like 97% if I recall. I think you'll be pleased with their support overall.
5: Can we force software updates on our machines? Example: 10.10.5 comes out, can we force our machines to install it and run in the middle of the night?
Generally speaking yes, you can do this, but its too much to detail how to do that in a post here.
6: Are "fat" images are pretty much looked down upon?
Well, thin imaging or "no imaging" as I think its actually coined, tends to be more popular these days than fat images. Problem with fat images is that if one single product changes or needs to be updated, you are rebuilding your entire "fat" image, which is incredibly time consuming. They restore faster to systems during imaging time, but you lose that time later when it needs to be updated.
7: Which is better? Apple Remote Desktop or Casper Remote?
That depends on what it is you expect from a "remote" control product. Casper Remote is fine in general, although not as feature rich as ARD, despite its age. But Casper Remote can provide better auditing and logging of remote control sessions among other things, which may be important to you.
8: How do you guys solve "Network is Unavailable" after waking a Mac from sleep? My Google-Fu failed me.
Unplug the network cable and plug it back in. If that doesn't work, not sure, but you'd probably need to check your settings. I don't run into it often enough.
9: Thanks JAMF nation!
Posted on 02-13-2015 01:51 PM
You are 100% right about the update pack. I knew that was possible we don't manage updated like that but certainly some thing that could be done. I just assumed it was more along the lines of a patch management.
Posted on 02-13-2015 02:02 PM
A lot of software these days is coming from the vendors in compliant .pkg format which you do not need to install and repackage. Test as-is from the vendor first. Then resort to Composer or Packages if necessary. Repackaging removes vendor supplied logic, you want to try to retain that.
I've been managing Macs for a very long time and JAMF is far and away the best software vendor I've ever dealt with. Highly available at all levels, very responsive. And ditto to this forum. Hundreds of the best enterprise admins hang out here (even some that are not JAMF customers). And ssk around about JNUC- unbelievable. Who else providing that kind of resource to their users.
Not frowned upon (i don't think), just generally less efficient and less necessary now that we have more standard tools to deploy and manage machines. Fat images are still very relevant in certain circumstances, I'm thinking labs and highly remote users- like off the grid.
Open your wallet and jump in, it feels good in here!
Posted on 02-14-2015 01:06 AM
@Poseiden, when imaging you choose the Macs name. When using Asset tags I've often set he name to the tag.
If you have AD or something, you can get values for room & department from that: https://macmule.com/2014/05/04/submit-user-information-from-ad-into-the-jss-at-login-v2/
Oh & when creating NetBoot images, might as well use: https://macmule.com/AutoCasperNBI
Posted on 02-15-2015 06:22 AM
@bentoms][/url, Not OP, but I've got a question about that. In our Windows environment, we have the choice to add the following: name, asset, room and description. In Casper Imaging.