Help

This account does not have privileges in the JSS to Use Casper Imaging

scottyo
New Contributor

Posted on ‎12-05-2014 07:07 AM

My non-administrative JSS users started getting the above error after upgrading the JSS to 9.62 (from 9.5)

My boot disks are running OS 10.9.3 with Casper Imaging 9.3. According to the release notes, 9.62 should be compatible with Casper Imaging 8.6 and later.

For several of my JSS users (all LDAP), I had only "Use Casper Imaging" checked in the Casper Imaging section. To "fix" this error, I also had to enable privileges for BOTH "Customize a Configuration" and "Store Autorun Data". I don't really want to do this for everyone, and I don't really want to rebuild all of my boot media. Anyone else seeing this?

0 Kudos
Reply
13 REPLIES 13

isradame
Contributor

Posted on ‎12-05-2014 07:19 AM

Hi scottyo, yes I had to do the same, but for non-admins to use Casper Remote. There is a defect case open with JAMF, they will probably have a fix by the next minor release. This also happens with local accounts, not only LDAP.

0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎12-08-2014 08:04 AM

We are getting the error on our Help Desk accounts when they launch Casper Remote:

external image link

We are running some tests (new account, cloned account, etc.) and will post back with any news.

--
https://donmontalvo.com
0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎12-08-2014 08:16 AM

Interesting...

https://jamfnation.jamfsoftware.com/discussion.html?id=12737

--
https://donmontalvo.com
0 Kudos
Reply

cbrewer
Valued Contributor II

Posted on ‎12-08-2014 09:59 AM

Give your user(s) the ability to create Users under JSS Objects. Not sure why this is needed for Casper Imaging, but it's what got it working for me.

0 Kudos
Reply

jhalvorson
Valued Contributor

Posted on ‎12-08-2014 10:09 AM

After upgrading from 9.6 to 9.62, our imaging folks can use Casper Imaging and do not require that "Store Autorun Data" be enabled.

For Casper Imaging, both Use Casper Imaging and Customize a Configuration are enabled.
For JSS Objects, I have enabled all of the options in the Read column.
And the following additional settings under JSS Objects:
Computer Enrollment Invitations = Create and Read
Computers = Create, Read, and Update
Mobile Devices = Create and Read
Policies = Create and Read.

These might be more than what is needed for the person that does imaging. It's been working since going to 9.x. I haven't re-verified that I can safely reduce/remove some additional permissions.

0 Kudos
Reply

MarcosMunoz
New Contributor III

Posted on ‎12-09-2014 10:16 AM

cbrewer's change fixed it for me!

0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎12-09-2014 10:41 AM

JAMF provided us a fix, which is to enable the 3 Casper Imaging access checkboxes for the effected account.

D-008176 opened to track the issue, started with 9.62.

HTH,
Don

--
https://donmontalvo.com
0 Kudos
Reply

jennifer
Contributor

Posted on ‎12-18-2014 09:05 AM

@donmontalvo did the fix in the Imaging access checkboxes restore access for Casper Remote? Or just for imaging?

0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎12-18-2014 11:01 AM

@jennifer_unger JAMF provided the workaround to fix the Casper Remote issue. Enabling all 3 boxes for Casper Imaging fixes the problem so our Help Desk techs can use Casper Remote again. Not ideal, but we're up and running again...JAMF has an open defect on the issue, and given the workaround increases access, I'm pretty sure it is flagged as priority.

--
https://donmontalvo.com
0 Kudos
Reply

spalmer
Contributor III

Posted on ‎12-22-2014 10:24 AM

@cbrewer and @mmunoz2 what other settings did you have checked before adding the create Users under JSS Objects. Before 9.62 I just had create Computer Enrollment Invitations under JSS Objects and "User Casper Imaging" under the Casper Imaging section. After adding create Users under JSS Objects as you mentioned it still does not work on our setup.

0 Kudos
Reply

cbrewer
Valued Contributor II

Posted on ‎12-22-2014 10:38 AM

@spalmer Start with this:

read on all JSS objects
write on JSS objects computers, mobile devices and users
Use Casper Imaging under Casper Imaging

That should get it working. From there you may be able to uncheck read on some of the JSS Objects.

0 Kudos
Reply

spalmer
Contributor III

Posted on ‎12-22-2014 01:25 PM

@cbrewer][/url, thanks. That got me started and in the right direction. After some trial and error I was able to successfully image with just the following few permissions:

JSS Objects
     Create
          Computer Enrollment Invitations
          Computers
          Mobile Devices
Casper Imaging
     Use Casper Imaging

I can kind of understand Computers being there, but it definitely doesn't make sense that imaging requires the right to create Mobile Devices. I will submit a trouble ticket about this as well to hopefully bump up the priority of the Defect that was already created.

0 Kudos
Reply

dfarnworth
New Contributor III

Posted on ‎01-05-2015 02:15 AM

@spalmer We found that, as @donmontalvo suggested, we needed to enable all 3 of the Casper Imaging options, so this started working for us with the config below:- 

JSS Objects
     Create
          Computer Enrollment Invitations
          Computers
          Mobile Devices
Casper Imaging
     Use Casper Imaging
     Customize a Configuration
     Store Autorun Data
0 Kudos
Reply