Your Mac infrastructure?

perryd
Contributor

Hi All,

Hoping you can all chip in with some helpful information and enlighten me a bit.

Our current infrastructure for Macs is rocky at best. I took it all on last year and got Jamf put in to sort out a growing number of issues.

Quick points about the current set up:
All macs bound to AD
NoMad running to manage Keychain password and expiries
SMB Share drives
No VPN
Wi-Fi hidden so DEP enrolment not an option yet
Proxies seem to affect configs and polices randomly
Mix of Sierra - High Sierra
Office365

The biggest issue we have are share drives disconnecting all the time. These drives come and go a lot and I currently have policies and self service items to remap them at login and whenever they randomly disappear from finder the user can re-add them. How do you all manage share drives?

A big one i have read about is no longer binding to AD. How you all manage the users on the Macs? Do you still bind? Do you have local accounts and NoMad to authenticate? How does this affect SMB shares if the user is local?

Our Office365 has conditional access in place which requires InTune Company portal to manage the devices for access. I have linked all this to Jamf but still have SSL issues. Does anyone have this working? How do you do it?

How do you connect your macs to your domain/business networks for DEP builds and enrolments? Ours is hidden so we would always need to put this in to start builds for new users and randomly some policies run some don't and the same for config profiles? How do you DEP?

A lot of questions I know but I feel like theres a million ways to do things but I want to know the best ways or the most utilised ways everyone does things.

Look forward to your help and insight. Thanks!

1 REPLY 1

mark_mahabir
Valued Contributor

We still bind to AD, mainly because our 802.1x wi-fi network requires device-based authentication. But we will be looking into the Jamf AD-CS connector shortly.

I'd definitely recommend looking at NoMAD for your network shares. We currently use an adaptation of Macmule's script which has worked pretty well thus far. Testing of NoMAD's mapping capability has been going really well in our shop, and seems to be reliable.

As for DEP/VPP, we plan to migrate to Apple School Manager in Q1 2019.