Jamf Nation Community

DavidWallace · ‎12-08-2016

Sorry If this seems like somewhat of a dumb question, I'm new to this whole JAMF thing. So here is my issue We currently have the Casper suite with roughly 600 Macs on the inventory. I know we have easily 1000 Mac desktops and 1000 ipads but sense I work for higher education different departments tend to go out and buy Macs without letting anyone knowing. Is there a way for Casper to identify a Mac that connects to the network and add it to the Managed inventory? If so then how? If not then will recon resolve this issue? Again if so than how? Thank you for the help I will be attending a CCT course here shortly so maybe it will clear things up there but I want to get a head start on this situation.

chriscollins · ‎12-08-2016

@DavidWallace hey David, so there is no way to have Casper automatically add in unmanaged machines in the way you would want. The recon app can scan the network looking for machines with SSH turned on and try to use credentials that you provide to remotely log into the machine and enroll it into Casper. But that depends on SSH being turned on on the machine already, and you knowing an admin password on that machine.

The only other ways to get machines enrolled are either through a quick add package that you install on the machines remotely via something like Remote Desktop or manually at the computer (which both still require you to know admin credentials on the machine), To launch recon locally on the machine which you also have to know admin credentials, or lastly, you can have the user self enroll (assuming they are admins on their machine) by going to the self enrollment URL and downloading a quick add package.

Self enrollment is how we tend to get unknown/unmanaged machines into inventory. We identify software or configurations that everyone needs on their Macs and instead of manually installing for those people when they request it, we only make it available in Casper so if they want it they have to self enroll into Casper to get it. We make that the carrot :)

mm2270 · ‎12-08-2016

While Recon.app can do a network scan for eligible Macs to enroll, the one issue with it is that it requires SSH being turned on on the Macs, and knowing an account on those Macs that can SSH into them, to enroll them into the JSS. You can add as many possible local username/password combinations you can think of that may be on the Mac that have SSH privilges, and it will try them all as it encounters each machine. But in the end, it can only do something if 2 conditions are met.

SSH is enabled on the remote Mac(s)
One of the accounts entered into Recon.app also exists on the remote Mac and can be used to remote in (SSH) to do the enrollment

Only if these are true will it be able to work.

Another method some people use is, if Apple Remote Desktop is enabled and you have access to those Macs that way, you can build a standalone QuickAdd.pkg from Recon.app and deploy it to those Macs for installation thru ARD.

Lastly, there is the invitation route, where you can send an email to a list of recipients to go and do self enrollment, which would be a link to your JSS address like https://your.jss.server:8443/enroll

Oh, and truly lastly, there is putting Recon.app on a thumb drive and visiting each Mac, opening the app from the drive and doing a local enrollment. Obviously this last one is a lot of work and there is no automation at all, but in some cases, that is the only option.

Hope the above helps somewhat.

DavidWallace · ‎12-08-2016

Okay thanks for both of your responses. This has helped me greatly. Sadly it has also added ALOT of work to my already massive workload but at least now I know. Appreciate the responses.

bentoms · ‎12-10-2016

@DavidWallace do have ARD access to the Macs?

Jamf Nation Community

Recon Uses