Jamf Nation Community

Considering I send probably 50 units in a week for HD failure that is
not really an option. Plus I barely have time to admin the 30 servers,
do all the casper packages plus admin the casper servers, create
users/groups and manage the LDAP, update the images, let alone do any
sort of hardware repair. They hired me to pretty much do everything
here and I pretty much do everything from end user support all the way
up do directory administration, casper stuff, you name it I probably
most likely do it. We have an AUP in place, however I am not
educational administration so I can't do any sort of discipline nor do I
want to. The principals actually work well with us, and it always comes
down to me having them force kids to come bring in their spare. I want
to avoid getting people involved to force kids to come trade their spare
in. Plus the admins already deal with tons of AUP infractions every
day, like students using their laptops to do unacceptable things, which
I won't go into because you know what I am talking about.

Also as a standard to the troubleshooting process and to ensure they
have the most up to date software a machine with issues gets wiped and
reimaged anyway, and home sync should only sync their documents folder
and there are clean up scripts that delete any music and movies on their
home directory plus their disk quota is 200 megabytes.

We also have our own custom built inventory system that ties into Casper
our software developers made. It ties in student information from the
SILK program they use for the student database as well as serial number
and asset tag of the machine that I dumped out of the Casper database. There is also a built in ticket system for repair history and work
orders and an assign system for assigning machines to the repair center
for repair or for a student to be assigned a spare. If I didn't have to
deal with end user support on top of everything else I do, could
possibly reassign, however that is not a timely option at this point in
time. Each machine is labeled with stickers of the student name and the
learning community they belong to. So, I would have to use some sort of
goo be gone to clean off the labels, relabel it, reivnetory it, un
assign the current user to their machine, and then repeat 40 to 60 times
per a week as that is my average of machines that go out for repair.

I think in our set up, a every 30 day policy assigned to spare machines
that cleans them out is probably the best bet. Students also have
access to an online web based product called "school loop" which allows
them to store their school work on their locker on line, and it
apparently has unlimited space. However, there is a file size limit of
like 5 megabytes. So, with home folder sync and school loop they have
the means to back up their data.

Sorry for the long novel like explanation but given out current
structure the time bomb effect would be best practice.

I was thinking of just changing all passwords on the machine to
something ridiculous or using dscl or jamf binary to just delete them. Our admin accounts live in /private/var for a reason, mainly being so
that I can kill all users in /Users and never worry about deleting our
local admin account or root.

Thanks again for any input and for reading this sort of a rant of an
email.

It looks like you have thought about this, but in our 1-1 program, we just have them barcoded. The only unique thing on the laptop is the students account and we 'check out' the laptop to the student in our Library circulation system. So, when we give them a spare, that becomes their new computer and when the fixed laptop comes back from AppleCare, it gets thrown in the spare pile to be imaged whenever we get to it and image a bunch. This should help avoid the issue of needing to collect laptops back as I can see from both sides the inconvenience of that.

-John