Jamf Nation Community

We used to wait a year before removing a machine from our Casper server, but that was before we implemented the use of CasperCheck:

https://github.com/rtrouton/CasperCheck

Since CasperCheck will re-enroll machines as needed, I'm now removing machines from our Casper server if they have CasperCheck installed and haven't been seen by our Casper server in 90+ days.

If a machine doesn't have CasperCheck installed (I have an Extension Attribute that checks for it), I'm still waiting the 365 days. We started implementing CasperCheck in production in May 2014, so that's a small number of machines and it's shrinking pretty quickly.

Same here. We don't delete any computers from our JSS, at least not yet. A time may come when we need do that since the number of dead systems in it seems to be growing with each month. But to answer your questions on this. No, a Mac will not re-add itself back into your JSS if its been deleted and it then checks in again. Even though the JAMF framework may still be on the Mac, it won't have a record to update its inventory to when it tries to check in, and it can't create a new one on its own.
It would be nice to see JAMF include a self healing framework function into their product that also did this, but it currently does not do this. So in short, it would need to be added in manually.

A somewhat better option may be to unmanage any Macs not checking in. Un-managing them has at least one advantage in that they will no longer show up in any Smart Groups. Only managed devices can be in a Smart Group. I think they also can't be added into the scope of any policies in that state. They'll still show up in Advanced Searches, but you can even make them not appear there with the right criteria options.

We have a few sites where we are not kept in the loop on decommissioned devices. The bulk are erased and disposed of through a recycling company but there are always some that break and just get thrown out, given to staff leaving the organisation etc and the IT staff aren't told about it!

In each case, once we are satisfied the devices are gone, we do a CSV export of the inventory record and take a manual backup of the MySQL db and store them both in a secure place. Then we delete the records from Casper.

The CSV is good for quick reference and the db backup is handy to restore to a test environment if you want to dig a bit deeper.

No automated actions, just an internal IT process.

Thanks everyone for your responses, I will take a look at Caspercheck and overall how our assets are own/managed in that area. My org is just starting with Casper and we are looking for ways to keep the Inventory current, in case any machines are wiped and re-imaged or simply decommissioned.

What I preach to most of my clients is in line with @mm2270. If the machine is still owned, but hasn't appeared in awhile, we'll unmanage it. That way it still shows up in asset information but is not scoped to Smart Groups/policies.

As soon as the machine is sold/recycled/put into parts/scavenge, then it is finally deleted from inventory, after the disposition is relayed to any internal IT asset management/tracking systems.

Do unmanaged machines not count against your license count at true up?

I go with 120 days with no check-in or inventory update, then systems get removed. It's roughly in line with when the system will get removed from Active Directory as well.

These systems are going to be outdated and unpatched, and I don't want them in our reports. I keep at least one backup from every week for the last ~5 years, so I can always restore an old DB to a dev JSS if I want to get old data, like a FV key. That happens very rarely and the vast majority of purged systems never come back online.