- #Configuration profiles may only be created in jamf pro full#
- #Configuration profiles may only be created in jamf pro pro#
We were able to continue leveraging our OUs and AD groups for scoping policies by connecting JAMF Pro to AD via LDAP and requiring users to sign in with domain credentials during enrollment to JAMF. Most of our machines were used by a single person, so there wasn't really any need to use domain accounts for login. It's a real joy to use.Īs for the domain binding, after mulling things over we decided that in 90% of our deployment we didn't need it at all. Used it for years and it's the single best management product I've ever touched, bar none. A behemoth clusterf**k of a set up but one that, hopefully now, will run oh so much smoother. Hence trialling JumpCloud to manage directory authentication, JAMF (potentially) to manage the devices although JumpCloud has policies built in, and O365 using shared mailboxes for the alternative domains. As many resources are shared and many of the staff tend to flit between companies, it makes sense to have one mother company and all the companies that use the resources as child groups - this is where it commonly gets problematic with regards to MDM, directories, or even email (office 365 expects one domain, one email, per person, not potentially 5-6 sporadically). In one building are multiple businesses, many staff members and resources are shared between businesses and they're all effectively owned by the same people. Our setup here is a bit different and I want to document it (partially) below as although it's somewhat uncommon, I'll bet someone has had the same issues I had in managing this type of nightmare. I've since decided to have a play with JumpCloud and JAMF Now. Thanks everyone for the tips, comments, questions, answers, thoughts, and more. So my question is this: how do I manage OS X/iOS devices more efficiently, automatically, and seamlessly like I could in AD/Win environments.Īny tips/resources/scripts greatly appreciated. I’ve had a look at the OD in the cloud setups and really not keen on that kind of security implication. Several problems with OD make me want to go back to the hack of AD binding, but that’s problematic for a whole other set of reasons and actually gives less control.
Even connecting to the internal OD server from a client fails occasionally leaving staff unable to login.
#Configuration profiles may only be created in jamf pro full#
I’ve also had Open Directory fail on me twice needing a full restore & every machine needs to be manually reconfigured. Simple things like pushing apps, managing restrictions, etc are always a tedious chore. My biggest issue is that Apple’s “Open” Directory is proprietary and almost impossible to granularly control similar to AD. So far I’ve used OS X’s server app, configuration profiles, and I’m tempted to try out Jamf and put the MDM devices into supervision mode which gives me more control. I’m looking to manage OS X devices better in a business that 90% uses Apple devices (TV, iPhone, iPad, iMac, MacBook Pros) and 10% Windows/Android/other devices.
0 kommentar(er)
