Jamf Nation Community

jimd · ‎01-29-2021

Just wondering what everybody is doing when they have an app to be installed via Self Service that needs a PPPC Configuration Profile.

Push the PPPC Profile out to everybody?
Scope the PPPC Profile so that it gets pushed when the app is installed?
Have the user approve the required access themselves?
Something else?

We're still on Mojave, but want whatever we do to work in Catalina and Big Sur without any pain.

Most of our apps that need a PPPC profile up until now are things that get installed for everybody during provisioning, so we just push those profiles to everybody.

nelsoni · ‎01-29-2021

We use Munki for our software installs and Jamf for policies, I created an API script that runs in Munki as a pre-install script which grabs the computers serial number and then adds it to a static group that is scoped to the corresponding PPPC payload. We set it to pause for 5 seconds so the profile can come down before the software installs. Essentially making Munki control Jamf.

GeorgeCasper · ‎03-18-2021

I've been thinking about that too, and the best solution I've come up with to install necessary PPPC/System/Kernel Extension Config Profiles is to scope those to some Smartgroup that is based on the presence of an application, and make sure the Maintenance Option "Update Inventory" is included as part of the Self Service policy. That means those Config Profiles are going to lag a bit behind the actual application install, but hopefully not by more than a minute or two. Relying on users to approve those things themselves is... nonviable. :)

sgiesbrecht · ‎03-18-2021

We push out the Configuration Profiles / PPPC out globally before we deploy the package.

TomDay · ‎03-18-2021

+1 for @sgiesbrecht's process.

Jamf Nation Community

Self Service Installations that need a PPPC