Posted on 05-08-2017 10:52 AM
I am a managed service provider, and one of my customers works a lot with Apple. When their users visit Apple's offices, they often want to be able to install networked printers on their Macs. Instead of just installing the printers, the people at Apple give them a quickadd package for one of Apple's Jamf Pro servers. When they run the quickadd package, it enrolls the user's Mac into Apple's Jamf Pro server, and then their Mac stops checking in with ours. This has happened several times despite my asking them to stop doing this. I was hoping I could create a Restricted Software rule, but there is no specific process that I can restrict. Does anyone know how I can stop these users from running quickadd packages that I did not give them?
Posted on 05-08-2017 12:30 PM
As QuickAdd is an installer, you'd have to prevent the users from running any installer. Instead, consider deploying @rtrouton 's CasperCheck. If the Mac can't checking with your JAMF server, it'll auto re-enroll in yours. It is likely easier to fix this issue, then to prevent it.
Posted on 05-08-2017 12:35 PM
Thanks for the advice. I follow his blog, but I must have missed that post. The most annoying part of this is that I have talked to the people at Apple about this, and asked them not to have my users install their quickadd package, and I have talked to the users too. They just keep doing it.