Security and Privacy Payload

jameson
Contributor II

Just need some input how the following can be handled, as I need 2 scenarios in my "security and privacy" payload

Default in "general" tab you have to choose how gatekeeper must handle software downloads, only from appstore etc.

Then under "filevault" tab I setup it as institutional key.

However, what if I under filevault will need to exclude apple desktops. I can of course create a smart group and exclude desktops, but then they also will be removed from the gatekeeper settings that should be default for all clients

Hope it make sense how I describe it. If I just in the the "general" tab could disable it and don´t make a choise, I then could create 2 payloads with different setup, but as it is the "general" tab must be used

2 REPLIES 2

garybidwell
Contributor III

Do them as two separate profiles. (your scenario is exactly how we do it, apart from I would recommend using individual keys and let Jamf manage the escrow, rather than using the old institutional key method)

As GateKeeper settings are under the General tab within Security & Privacy and the FileVault setting has its own tab within Security & Privacy there will be no issues.
Your GateKeeper profile is scoped to All Computers and the Filevault profile will be scoped to All Computers as well, but use a Smart Group to exclude the Desktops.

Things only seem to go squirrelly when you have two separate profiles applying settings within the same tab in a single preference pane.

sshort
Valued Contributor

@jameson ProfileCreator is really helpful in cases like this b/c you can craft the specific settings you want.