Jamf Nation Community

Report Inappropriate Content · ‎04-03-2008

I would like email notification for smart groups based on date e.g. Last
contact time more than X days. Currently computers based on dates cannot
send email notifications.

John Brenner
Merrill Corporation
IOG IT
651-632-4072

dustydorey · ‎04-03-2008

Not sure if anyone else has requested this before. Or if I'm just
missing something. But it would be great if there was a way to set up
an admin to have access only to a certain group of machines. i.e. we
have many different schools in our district and I would like it if our
building level admins had only access to the machines on their subnet or
if we could create a smart group that they were only allowed to
administer or something like that.

Dustin Dorey

Technology Support Cluster Specialist

ISD 196 Apple Valley, Rosemount, Eagan

14445 Diamond Path West

Rosemount, MN 55068

(952) 423-7971

dustin.dorey at district196.org

Report Inappropriate Content · ‎04-03-2008

I second Dusty's request. Scope based rights for building techs to their
network segment(s).

AND, lets have custom searches be able to save "by user" or "for all"
Each school wants their own custom searches, but doesn't need to share them
with the rest of the district.

Nathaniel Lindley

++++++++++
Learning Systems Specialist
Educational Technology
Saint Paul Public Schools
Saint Paul, Minnesota
nathaniel.lindley at spps.org
phone: 651-603-4929

ernstcs · ‎04-03-2008

Hello,

I know this may not be an option for people, but we basically depend on Active Directory permissions to handle this. A group in AD is created and then only that group is applied to that particular group of machines with a script under AD administrators.

I imagine a similar thing can be done with Open Directory groups, but I don't use OD here at the moment.

I attached a sample of what we use.

NOTE: I have a sleep in here because this normally runs At Reboot. I could configure this in the Configuration in the JSS, and I do, but an issue that started with 10.4.11 and dsconfigad is that when the JAMF start up script does the binding that includes an admin group, the admin group portion fails. This script waits 60 seconds later when it tries again. This seems to work fine then.

Craig Ernst
Systems Management & Configuration
----------------------------------
University of Wisconsin-Eau Claire
Learning & Technology Services
105 Garfield Ave
Eau Claire, WI 54701
Phone: (715) 836-3639
Fax: (715) 836-6001
----------------------------------
ernstcs at uwec.edu

tlarkin · ‎04-07-2008

Well,

We have building specific passwords for their subnets and you can change
the local admin account's password by a policy that is only assigned to
that network segment. It may not be done exactly how you are imagining
it but it is currently possible with Casper.

The jamf binary has built in commands to change passwords. This won't
really help at a directory level, but it will in fact help on the local
level. You can then set different passwords to the local admin account
for the local administration on those subnets (organized by smart
groups) then create a policy as either a log in hook or a start up item
that it will change the local admins account password along with the
firmware password.

I have not extensively tested this out yet, but my trials so far have in
fact worked. Here is a simple example script attached. Once I get a
base generic image and go to full package deployment (hopefully
accomplish this over the summer when students are gone) I will then have
one generic password for one generic image, and then building level
policies that will set building level passwords which can be run as post
image actions or as log in hooks at the buildings them self.

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell: 913-449-7589
office: 913-627-0351

Jamf Nation Community

Request for feature