- Jamf Nation Community
- Products
- Jamf Pro
- Restrict all policies from a computer
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-27-2016 02:48 PM
Hello everyone,
We have a couple computers that are enrolled in JAMF, but we want to make sure they never get any packages or certificates pushed to them. We like the reporting that JSS gives us, especially with the inventory / IP for remote services; but we don't want to risk pushing out a policy to the computer.
Is this possible? I know for each policy we can exclude it. Not only is this a lot of work to do, but we also run the risk of an accidental deployment if someone isn't paying attention.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-29-2016 03:39 PM
@Ricky Have you thought about using sites to do this.
You can create two sites. A "Main" site and a "No Policy" site (or whatever you want to call them!). If you add these computers to the "No Policy" site, then it's a matter of adding all policies to the "Main" site.
As long as all policies are in the "Main" site, policies won't deploy to the "No Policy" site machines.
It's a bit of work to edit all current policies, but it will do the job. It Also saves excluding machines from every policy!
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-27-2016 04:00 PM
@Ricky this might be accomplished by unmanaging them in the JSS.. Although I think that breaks recon.
Another thing you can do is add them to a Static Group, & then add that group as an exclusion for each policy & profile.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-27-2016 05:55 PM
I know for each policy we can exclude it. Not only is this a lot of work to do, but we also run the risk of an accidental deployment if someone isn't paying attention.
Yep, this actually jogs my memory about a feature request I've been meaning to submit- we need the simple ability to create templates. Templates for policies, smart groups, advanced searches. I can't tell you how many sets of screenshots and lists I have to remember to setup for certain situations.
But yeah, create a exemption static group and always add that.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-29-2016 03:39 PM
@Ricky Have you thought about using sites to do this.
You can create two sites. A "Main" site and a "No Policy" site (or whatever you want to call them!). If you add these computers to the "No Policy" site, then it's a matter of adding all policies to the "Main" site.
As long as all policies are in the "Main" site, policies won't deploy to the "No Policy" site machines.
It's a bit of work to edit all current policies, but it will do the job. It Also saves excluding machines from every policy!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-29-2016 05:51 PM
We actually do the reverse that @stevevalle does in that no policies are applied to computers unless they belong to a group, we are using AD security groups for this.
