Posted on 06-30-2022 05:12 AM
So i just took over the mac environment at a new company. the last guy left before I started and there was virtually no turnover. Im going through all of the policies and configurations, but I'm seeing some of the policies as scripts, but with no scripts attached or assigned.....
Am I missing something, or was there some mischief?
Posted on 06-30-2022 06:08 AM
There are several reasons this could be that aren't malicious, so it is hard to say one way or the other. Depending on how the log flushing schedule is set, you may be able to see changes made to the policies by checking the policy history in the bottom right corner of each policy's page.
Posted on 06-30-2022 06:26 AM
Also, I believe there is still a display bug in the policy list that won't show the contents of policies with script objects correctly. If you click into the actual policy, you can see the list of active objects.
Posted on 06-30-2022 01:14 PM
He could have been going through purging old scripts, which would remove them from the policies. I typically do things the other way around, delete policies first but to each their own. Depending on how old the environment is there could be a lot of technical debt that you are stumbling in to. May just need a good cleaning.
Posted on 07-01-2022 12:29 AM
Same as some others have said maybe old scripts were cleaned up and policy clean up was not done. Run into this exact same issue with an inherited environment.
If you are wanting a nice, quick easy way to get a feel for orphaned objects the prune tool is really handy thing. Been a massive help for cleaning up our environment. We use it more to highlight things that need checking rather than deletion tool as it will flag things at times that are intact just unscoped.
BIG-RAT/Prune: Remove unused items from your Jamf server (github.com)
Posted on 07-02-2022 04:44 AM
Hi danlaw,
I agree with what the others already said about the reasons why a policy's scripts might not be showing up. More broadly about inheriting a JSS, this is the answer I gave to another new replacement admin a few months ago that I hope might be of some use to you:
Did you happen to watch this from the JAMF Nation User Conference (JAMF) 2020:
This JPS is a mess: practical advice when inheriting a Jamf infrastructure
The suggestion is to wait at least two weeks and up to a month or more to make any big changes. And the first step is to start with documentation.
Another JNUC session I'd recommend is the best practices one from 2021:
Cheers