Jamf Nation Community

jesseshipley · 03-01-2016

I'm having an incredibly annoying issue crop up with an increasing number of my users based around logging in after the screensaver locks their computer. The computer logs in but when they hit the main GUI all of the applications appear to be in the ...

jesseshipley · 03-18-2015

This morning we had a disruption in our LDAP service and it resulted in a large number of people not being able to login to their machines if they let them fall asleep or lock. The passwords do cache though as users are able to login to their machine...

Configuration Profile Security · 02-18-2015

This may be a simple question that I'm just missing the answer for. I'm about to switch how we give access to our network so it is done by configuration profiles. In the interest of not needing to change the password every time an admin leaves the co...

jesseshipley · 02-12-2015

I'm have an incredibly frustrating problem on my hands and I'm hoping someone has an idea of what direction I should head in. I recently rolled out a large number of Time Machine drives to my company and created a Self Service policy that automatical...

jesseshipley · 02-05-2015

Thought I'd share this for anyone that might be interested. I've rolled out 100 or so TimeMachine drives to users who leave them plugged into their Thunderbolt Displays for convenience. The problem quickly arose that no one was remembering to eject t...

jesseshipley · 08-17-2022

If you leverage _and_ LDAP groups via the Okta connection, a lookup is done for every possible group membership one after the other on multiple different UI element clicks in browser. It is INSANELY inefficient and destroys your rate limit. You need ...

jesseshipley · 04-05-2022

Policies that run erase-install inherently fail before completion because the script reboots the system to run the macOS installer. Thus your files and processes payload will never get run. You should design a separate healing process for your brandi...

jesseshipley · 07-08-2021

@Mauricio in the end, the only thing protecting your creds is POSIX permissions. Because the script gets downloaded to the JAMF application support folder in plain text and the parameters are published in ps output as plaintext, all the piece are the...

jesseshipley · 07-06-2021

Sadly these "encrypted" options don't actually increase complexity much at all. Parameters form the JPS are passed in plain text to the sh binary. All you need to do is run a ps aux | grep sh and you have what you need.

jesseshipley · 07-01-2021

@Mauricio this is definitely best practice, but the annoying reality is that the permissions necessary for reassigning site membership are Computer and User update. The good thing is this means you don't have to worry about data exfiltration. The bad...

Jamf Nation Community

User Statistics

User Activity

Partially unlocking screen after login

LDAP Login Caching

Configuration Profile Security

Encrypted External Backups

TimeMachine unmount assistant

Re: Okta Rate limit.

Re: Custom Trigger That Requires Reboot

Re: Site chooser using osascript and API

Re: Site chooser using osascript and API

Re: Site chooser using osascript and API