Posted on 03-17-2023 11:25 AM
We have been using JAMF for a few years now and have quite a few leased and purchased Macs in our system but a lot of deprecated policies, profiles, and other settings that we are wanting to rebuild mostly from scratch. We are going to be entering into a new lease later this year so rather than try to go through each item one by one we are wanting to rebuild the system for the new lease while still being able to support the existing leased and purchased Macs.
I know how to create a new PreStage Enrollment but most of our policies and profiles are set to "All Computers". I know that I can make an exception in each one by using a smart group but is there a way to immediately separate the new PreStage devices without creating a new JAMF environment to where they won't get any of the old stuff?
Solved! Go to Solution.
Posted on 03-17-2023 01:07 PM
@jamesacoker You're going to have to create an exception for everything scoped to All Computers. In case you haven't seen it before, be aware there is a Smart Group criteria "Enrollment Method: PreStage enrollment", so you can create a Smart Group specific to each of your PreStage Enrollments.
Posted on 03-17-2023 01:07 PM
@jamesacoker You're going to have to create an exception for everything scoped to All Computers. In case you haven't seen it before, be aware there is a Smart Group criteria "Enrollment Method: PreStage enrollment", so you can create a Smart Group specific to each of your PreStage Enrollments.
Posted on 03-17-2023 01:10 PM
When you say "old stuff", I assume you're referring to your existing policies and profiles? If so, even if you assign Macs to a new Prestage enrollment, once they enroll and are in the same Jamf server, any policies or profiles that are set to All Computers will get pushed down to them. You can avoid at least the profiles initially by only enabling the profiles you want them to receive in your new Prestage, but shortly after they complete enrollment, any other profiles set to All Computers are going to get pushed down.
You can create a single Smart Group to capture those Macs enrolling into that Prestage and use that as an exclusion to each one (profiles and policies), but it seems like you already know that. That's a lot of manual work, but if you have time and get started on it soon, you can have it all ready by the time you enter your new lease.
Otherwise I'm not sure if there's any better way to approach it. Maybe there's something I'm not thinking of though.
Posted on 03-17-2023 01:12 PM
Thank you both, that is what I was thinking I was going to have to do. I did create a Smart Group already with the PreStage as the only parameter so I am going to go through and exclude that group from everything. We were planning to get rid of the majority of the old after we get the new one up and running, just curious to see if there was a quicker way.
Thanks!
Posted on 03-17-2023 01:27 PM
Yup.
I just thought of one other way, though it's probably not better than what you're already considering, but you can also assign all those Macs in the new Prestage to a new Site. But this would only help you if you're already using Sites and all your existing policies and profiles are assigned to a specific Site. Any that have a Site of "None" are going to push to all Macs, as those are considered global policies or profiles.
You would then need to create any new policies and profiles and assign them to the new Site, which would also exclude them from running on your existing Macs. Just something to keep in mind. It's not the usual use of Sites, but it's an option.