Posted on 06-21-2016 11:59 AM
I have some setting that I want to apply to all our users except for a certain group. This is for any computer that they login to. I am using user level configuration profiles and want to make sure this is correct, a little confusing to me on how to set the scope. (Settings are things like find and other restrictions)
I created the profiles as User Level and set the scope to All Computers. I know that All/Specific Users has been out for a while but I am unsure if that needs to be set here. I also have a static user group that I set as an exemption, the users that I do not want to set these settings for. Is this correct? I am thinking I have something wrong or I am thinking about it incorrectly.
Posted on 06-21-2016 12:28 PM
Are your users bound? https://jamfnation.jamfsoftware.com/discussion.html?id=4855
Posted on 06-21-2016 12:29 PM
Are your users bound? my link text
Posted on 06-21-2016 02:32 PM
The computers are bound to AD but the list is a status list of JSS users but those user names match the AD account user names. If that makes sense. Should this be an AD group I use for exemption?
Also, in the scope do I need to do anything with the All/Specific Users area?
Posted on 06-22-2016 05:19 AM
@strider.knh Typically what we'll do is set the scope to "All Computers" and then set the Limitations or Exclusions (whichever makes more sense given our end goal) with the applicable AD security groups for the users we want to distribute the Self Service policy or user-level Config Profile to. All our machines are bound to AD.
Doing it this way ensures that regardless of the computer those individuals may be using that they get the policies or profiles they need.
Haven't had any issues with this method.