Posted on 01-09-2019 12:05 PM
We currently have 95 devices in our JAMF environment but we have about 500 devices already out in the wild with a mix of AD bound and local account Macbooks. I want to ask the community to see what I can do to add these existing devices as quickly as possible. We are currently using Recon but it picks up 1-2 Macbooks a day.
Posted on 01-09-2019 12:11 PM
If you have remote management turned on and use Apple Remote Desktop, you can push the quickadd to those devices. Recon will only work on devices that ssh is enabled and you have an account that is enabled for ssh.
Posted on 01-09-2019 12:27 PM
we had to add 6,000 unmanaged devices into jamf. created several methods. The main one was to create a company program with branding and prizes etc to get users to self enroll. Clearly not everyone will so as @ddcdennisb said ARD comes in handy provided you have SSH enabled with standard credentials, even if it's a few combinations to try, as you can scan subnets and deploy a quickadd. to aid that we created a policy that set the ARD info fields on the mac so you could see at a glance which ones had been enrolled. Then failing that floorwalk and pester people. But if you can really get people to want to do it because you're delivering some value to them.
Posted on 01-09-2019 12:40 PM
Our quick fix was basically what @ddcdennisb did. I already had management accounts on all of our computers. I placed the quickadd on our distribution server, From ARD, I did a curl command to all the computers and placed the quickadd on the computers in a specific directory. Once the quickadd was on all of the computers, I then ran another command with ARD and installed the quickadd package useing the -pkg flag. Once completed everything was managed.
Posted on 01-09-2019 06:27 PM
I think we need a better definition of what "out in the wild" is. :-D All the suggestions here are good. If most of the devices are not on your local network, you're going to need to encourage them to self-enroll. If they are on your local network, then ARD with a quick add package is your best friend.
I had great success using Recon, but that was only because all the systems I managed had SSH enabled and I had a management account on them. Also had root access to those systems where someone thought they were being "smart" and removed our management account or SSH but didn't realize we had a launch daemon that re-enabled SSH daily in our image at the time. I think we ended up adding 90% of our deployed systems into JAMF Pro using Recon using a continuous scan on all our subnets.
Posted on 01-09-2019 06:46 PM
This thread makes me cringe. #reissueFileVault2key
Posted on 01-09-2019 07:10 PM
When we were in the same situation as your organization, we used ARD to deploy the QuickAdd package to all of our machines.