Selfheal or CasperCheck in large environments

Contributor III

I am looking to implement a Jamf binary self repair process like SelfHeal or Caspercheck. My school district has approx. 40K devices in the JSS 25K of which are computers. My concern is the impact on network traffic and JSS client connections with the way the self repair process works. I am currently testing on a small scale SelfHeal with the checkin day and time randomized on install. Is anyone using either of these processes in a large environment? Has there been a negative impact to network traffic or client connections since implementation?


Contributor III

Just be careful using this if you have "At Enrollment" Policies as it will cause them to trigger again if they aren't set to "Once per Device".

Valued Contributor II

yea I'm going to have to disable caspercheck when we transfer over to DEP provisioning from imaging because we'll reply on the enrollment trigger. wish the binary had some sort of self heal functionality somehow. I'm sure there's feature requests on this, but I'm not having much luck finding them.

There's this old one that is marked not planned

Valued Contributor

I drop a dummy package at initial DEP that tells the machine it's been DEP'ed, then have a smart group for machines with that package installed. That way further down the line when Caspercheck triggers it won't run all of the first enrollment policies because I exclude that group from those policies. that way it doesn't treat re-enrolls as fresh machines.

Valued Contributor II

It's old and I'm not sure that it still can try

sudo jamf enroll -prompt -noPolicy