Posted on 12-22-2015 05:05 AM
Hello -
Can anyone think of a way to restrict JAMF enrollment to only devices that are Ethernet connected, or prevent enrollment while WiFi connected?
Thanks,
Ben
Posted on 12-22-2015 05:08 AM
Posted on 12-22-2015 05:09 AM
In the policy under scope go to General...scroll to the bottom. Click on "Client-Side Limitations" and scroll to the bottom. Change "Network Connection" to Ethernet.
Posted on 12-22-2015 05:11 AM
You could add some sort of check to the QuickAdd.pkg postinstall script which would only run if AirPort is off, for example. There are some guides online about modifying packages if you haven't done so already, and this command will give you WiFi info (so you can check to see if it's off, or look for an SSID, etc.):
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I
Posted on 12-22-2015 05:12 AM
thanks @roiegat ...that's good for a policy, but I am talking more about user initiated enrollment... preventing the quickadd from running if wifi connected.
Posted on 12-22-2015 08:28 AM
@Bhughes As far as I know, that would get a little more complex. If you are just giving the user a quickadd package it might not be as bad though. If you using the enroll portal then it would get more complex.
If you are just giving them a quickadd package then you would have to put that into composer, convert to source, and modify the postinstall script to check for ethernet.
If you are using the enroll portal, then you have to do the same as above, but the tricky part is that you have to find where Casper stores that package on the server and replace it with the one your modified to run on ethernet only.
What I would recommend you do is have the package add their machines to your Casper, and then use a Enrollment Complete policy to kick off the rest. Because it's a policy it can be set to only run on ethernet.