Posted on 01-04-2019 12:09 AM
Just need some input how the following can be handled, as I need 2 scenarios in my "security and privacy" payload
Default in "general" tab you have to choose how gatekeeper must handle software downloads, only from appstore etc.
Then under "filevault" tab I setup it as institutional key.
However, what if I under filevault will need to exclude apple desktops. I can of course create a smart group and exclude desktops, but then they also will be removed from the gatekeeper settings that should be default for all clients
Hope it make sense how I describe it. If I just in the the "general" tab could disable it and don´t make a choise, I then could create 2 payloads with different setup, but as it is the "general" tab must be used
Posted on 01-04-2019 02:35 AM
Do them as two separate profiles. (your scenario is exactly how we do it, apart from I would recommend using individual keys and let Jamf manage the escrow, rather than using the old institutional key method)
As GateKeeper settings are under the General tab within Security & Privacy and the FileVault setting has its own tab within Security & Privacy there will be no issues.
Your GateKeeper profile is scoped to All Computers and the Filevault profile will be scoped to All Computers as well, but use a Smart Group to exclude the Desktops.
Things only seem to go squirrelly when you have two separate profiles applying settings within the same tab in a single preference pane.
Posted on 01-07-2019 06:53 AM
@jameson ProfileCreator is really helpful in cases like this b/c you can craft the specific settings you want.