- Jamf Nation Community
- Products
- Jamf Pro
- Recon Questions
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2015 08:31 AM
I have recently started looking at Recon and I just wanted to make sure I understood what I was looking at.
It looks like Recon is just used for remote enrollment. In order to use Recon for this the target computer needs to have SSH enabled and you need to know a local admin username and password.
Am I missing something?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2015 08:52 AM
Correct, for the remote enrollment you need SSH and to know the admin username and password connected to it.
You can also use it to enrol the Mac you are running it on, or generate a quickadd.pkg to deploy to other Macs.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2015 08:52 AM
Correct, for the remote enrollment you need SSH and to know the admin username and password connected to it.
You can also use it to enrol the Mac you are running it on, or generate a quickadd.pkg to deploy to other Macs.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2015 08:54 AM
Nope, not missing anything. That is basically how it works, although Recon can also be run from something like a thumb drive and have the Mac enrolled to the JSS locally, meaning you don't need SSH in that mode, but would need physical access to the Mac.
In the latter case, you'd be better off enabling user level enrollment on your JSS and instructing the user to download and install the QuickAdd package from there.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2015 09:09 AM
Thank you both for your answer.
I already have self enroll setup and working, and I have a QuickAdd package setup for our techs to do local enrollment. I just wanted to make sure I knew if Recon could help.
Unfortunately, managing Macs is new to us. Local admin info is unknown and SSH setup is random. Trying to find and enroll everything so I can get this under control.
So I guess I need to continue with self enroll and having techs enroll locally?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2015 09:15 AM
Probably yes. The other scenario some environments come into this with is, having something like ARD (Apple Remote Desktop) already in place. With that, you can use the Recon.app created QuickAdd.pkg to "push" to the Macs from ARD and enroll them that way.
But if you don't have some previous management already in place, or have SSH/local admin information, then using Recon's Network scanning will be difficult and probably not yield much for you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2015 09:33 AM
Unfortunately, we do not have Apple Remote Desktop setup. It looks like a tech would have to go to each Mac to install the ARD client. If that is the case they may as well just run the QuickAdd package instead.
Of course I may want to setup ARD for other things at a later date, but it does not look like an enrollment solution.
Did I miss anything?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2015 09:47 AM
No, not really. Again, unless some previous management settings were in place, or all Macs were set up with SSH on and a local admin account you know about, or even several different local accounts, its not easy to enroll them remotely. Basically you need some way to remotely connect to those Macs; SSH, ARD, some other management tool, etc. If these are all personal Macs or just random rogue systems you're attempting to wrangle in and they don't have a way to connect to them without user intervention, you'll need to either touch each Mac, or have users self enroll.
Some environments set up policies that only enrolled Macs can have access to items like protected fast Wi-Fi connections for example, or to get a profile to set up email/Exchange access, so it encourages users to get and stay enrolled - carrot and stick approach.
