Help Deploying new Mac mini lab with Adobe Creative Cloud for this newbie

KSammet
New Contributor

A lab of Mac mini computers (M1, 2020) is being deployed to use with Adobe Creative Cloud. Our environment uses AD to authenticate. We have been using JamfSchool for about a year now, but that has been with iOS devices and not OS. I am looking for help in this new area. We do not use Apple IDs or any of the iCloud features but we do use Google. Also previously we had used Filewave to deploy the Adobe Creative Cloud apps thru packages to the older iMacs that were being used. I am not one who knows much about scripting unfortunately.

This is what I would like to accomplish - set up each computer for the student to log in using AD, put the same application icons on the dock for each student, set some restrictions of apps and system preferences, and install Adobe Creative Cloud apps. But automate all of this using Jamf, if I can. 

4 REPLIES 4

BlueMac
New Contributor

Hi KSammet, just going through a similar situation myself and found Neil Martin's MacADUK video very useful. - https://github.com/neilmartin83/MacADUK-2019. With a combination of NoLo AD (with the Notify mech), NoMAD and a provisioning script you can achieve a zero-touch provisioning solution.

AJPinto
Contributor III

 

AD Binding is done with a policy and is by far the most complex thing on your list. AD Binding will allow mobile accounts to log in, but keep in mind it does not function the same as Windows. SSO is not configured with AD binding, and you do not have the same account control. If you disable an account on AD, it may still be able to log in to the Mac depending on the environment. AD Binding can happen automatically, but its best to not run it automatically. If you put AD binding in prestage it will join the domain with whatever default hostname the Mac has so you will get duplicates. Due to this we have a device configuration that is run from selfservice that installs all our software and runs the domain bind policy, its 1 click and runs a script with 25 or so policies and renames the computer before it AD binds. After a wipe and load reconfiguring one of our devices takes about 20 minutes and the tech only has to log in and click 1 button.

As far as your Restrictions and System Preferences. Those will function similar to iOS, you will use Configuration Profiles to do that. Many of the macOS settings you can manage already are built in JAMF, just select the correct Payload and check boxes. If you need to you can upload custom plists to JAMF which you cannot do for iOS, but that should get its own conversation if needed.

You can package Adobe applications simply enough, but the entire process is a bit of a pain because it's Adobe. Just log in to the Adobe Admin Portal, follow the directions to download the package you want and toss it in to JAMF. You don’t package adobe software or write any scripts for it. Adobe provides you with a zip file you upload in to JAMF admin, for Adobe products you deploy the zip file. JAMF Admin has a button specifically for “New Adobe Install”. It’s fairly simple, the only reason people consider it complicated is it’s a total departure from how you will package anything else.

For the dock, this would need to be done last. You can either write a script to customize the dock, or use JAMF's "dock utilities" in JAMF Admin. You can manage a lot of the dock preferences with a Configuration Profile. However, to add dock items that is done with a policy. You Add dock items to the policy using JAMF Admin so they will show in the as selectable in the Payload and just check the boxes for whatever you want. You can also add dock items with a script but that is getting more complex.

If you try to add something to the dock on a Mac that is not installed it will put a "?" on the dock instead that is a broken link, make sure software is installed first.


@AJPinto wrote: greatpeople

 

AD Binding is done with a policy and is by far the most complex thing on your list. AD Binding will allow mobile accounts to log in, but keep in mind it does not function the same as Windows. SSO is not configured with AD binding, and you do not have the same account control. If you disable an account on AD, it may still be able to log in to the Mac depending on the environment. AD Binding can happen automatically, but its best to not run it automatically. If you put AD binding in prestage it will join the domain with whatever default hostname the Mac has so you will get duplicates. Due to this we have a device configuration that is run from selfservice that installs all our software and runs the domain bind policy, its 1 click and runs a script with 25 or so policies and renames the computer before it AD binds. After a wipe and load reconfiguring one of our devices takes about 20 minutes and the tech only has to log in and click 1 button.

As far as your Restrictions and System Preferences. Those will function similar to iOS, you will use Configuration Profiles to do that. Many of the macOS settings you can manage already are built in JAMF, just select the correct Payload and check boxes. If you need to you can upload custom plists to JAMF which you cannot do for iOS, but that should get its own conversation if needed.

You can package Adobe applications simply enough, but the entire process is a bit of a pain because it's Adobe. Just log in to the Adobe Admin Portal, follow the directions to download the package you want and toss it in to JAMF. You don’t package adobe software or write any scripts for it. Adobe provides you with a zip file you upload in to JAMF admin, for Adobe products you deploy the zip file. JAMF Admin has a button specifically for “New Adobe Install”. It’s fairly simple, the only reason people consider it complicated is it’s a total departure from how you will package anything else.

For the dock, this would need to be done last. You can either write a script to customize the dock, or use JAMF's "dock utilities" in JAMF Admin. You can manage a lot of the dock preferences with a Configuration Profile. However, to add dock items that is done with a policy. You Add dock items to the policy using JAMF Admin so they will show in the as selectable in the Payload and just check the boxes for whatever you want. You can also add dock items with a script but that is getting more complex.

If you try to add something to the dock on a Mac that is not installed it will put a "?" on the dock instead that is a broken link, make sure software is installed first.


Superb article and I would really like to thank for your article it’s really helpful.

KSammet
New Contributor

I have finally came back around to work on this. And, unfortunately I do not see the App Button for New Adobe Install. I tried to add an App using 'Add In-House macOS Package' but the upload never finished. I have the package from Adobe downloaded to my computer. 

I was going to add a screen shot but I do not have permission to upload images.