Scope - All Mobile Devices

tryckman
New Contributor II

I am working on cleaning up our JSS and was wondering how often people use the "All Mobile Devices" scope? The more I work with the JSS the more I feel like I should create static groups whenever possible and avoid using "All Mobile Devices" and Smart Groups altogether.

Thoughts?

1 ACCEPTED SOLUTION

blackholemac
Valued Contributor III

Not sure if I back not using Smart Groups...my JSS is based on them as much as possible. My goal is to have carefully thought out external factors such as LDAP or location information govern what populates my smart groups and not to have a human constantly having to populate them.

I like to explain to folks that smart groups = a group populated by technology, LDAP or hard data in your database that you have on your users. Static groups tend to be more of a political designation by a human. Someone has to shoehorn Jane and Adam into a group manually. For instance Jane and Adam have nothing in common other than they are associated with the same school district. Jane's a teacher. Adam's a student. You want to get a copy of a piece of software to Jane and Adam only. In that case you would almost have to make a static group initially (There are ways around using a static group for this construct, but I'm trying to illustrate the point of smart vs. static groups.)

I do agree with you on rarely if ever scoping to "All". Scoping to "All" anything is a very dangerous thing that will scope to exactly what you defined...all. Imagine you have four servers that you don't want getting some policy but you wanted to hit all of your clients so you scoped to "All". Well then, you just punished yourself, etc.

In short, I tend to do a lot of location based scoping and LDAP scoping where I can or scoping to organizational groupings, or Mac models or whatever. I can add multiple scope targets and exclude so I have flexibility and I can almost always avoid scoping to All unless there is a 100% perfect reason to.

View solution in original post

1 REPLY 1

blackholemac
Valued Contributor III

Not sure if I back not using Smart Groups...my JSS is based on them as much as possible. My goal is to have carefully thought out external factors such as LDAP or location information govern what populates my smart groups and not to have a human constantly having to populate them.

I like to explain to folks that smart groups = a group populated by technology, LDAP or hard data in your database that you have on your users. Static groups tend to be more of a political designation by a human. Someone has to shoehorn Jane and Adam into a group manually. For instance Jane and Adam have nothing in common other than they are associated with the same school district. Jane's a teacher. Adam's a student. You want to get a copy of a piece of software to Jane and Adam only. In that case you would almost have to make a static group initially (There are ways around using a static group for this construct, but I'm trying to illustrate the point of smart vs. static groups.)

I do agree with you on rarely if ever scoping to "All". Scoping to "All" anything is a very dangerous thing that will scope to exactly what you defined...all. Imagine you have four servers that you don't want getting some policy but you wanted to hit all of your clients so you scoped to "All". Well then, you just punished yourself, etc.

In short, I tend to do a lot of location based scoping and LDAP scoping where I can or scoping to organizational groupings, or Mac models or whatever. I can add multiple scope targets and exclude so I have flexibility and I can almost always avoid scoping to All unless there is a 100% perfect reason to.