out of that Bind • Can we practice “Best Practice”? • Help for your Analysis Paralysis • Document the documentation documents and document it • Imagine the best way • Using the tools you have
our Macs because…” • Certificates! and we use those for WiFi and VPN and stuff. • Network Shares and Printers. • Off-boarding and termination. • GPOs and AD group membership. • Consistent password experience. • Honestly, we don’t know why.
There is no silver bullet • Unicorns don’t exist • You have to build your own Easy Button • Santa Clause Isn’t Real • It won’t work Every Single Time. That’s Okay.
Wrong Hey Rube Goldberg… Uh, It didn’t work‽ Clever policy chains are risky. Script it whenever possible. No shame in having Hundreds of policies if organized.
Trigger • “Why did that policy run?” • Custom triggers are powerful • To many triggers looses control • Scripting allows for full control • Move past “once per computer”
it is helpful • Sites should be reserved for multiple distinct admin groups. • Used when different devices are managed separately in very different ways. • Meant to make things easier not to make more work for the jamf admin.
IS NOT installed • Too Many Criteria • Nested Groups in Nested Groups in Nested Groups… • Name it what it Does not what its For • Naming is so very important
it. • Be Specific. Be Accurate. • Little notes to Future You. ~Thanks Past Me. • Avoid naming TEST, Working, DONT DELETE ME • Stop with OLD, Disabled, DO NOT USE. • Clean House. Now is always the time. • Document the Naming Scheme!!!
Jamf management can be overwhelming. • Switching workflows is a really big deal. • Testing and getting approval takes too long. • We cant have an outage of any kind. ever. • “If it aint broke dont fix it.”
handle pieces 1. Identify each issue that can be solved separately 2. Solve each piece individually in a dev environment 3. Figure out how to bolt them together 4. Move it over into UAT or Pre Production Server. 5. Success. Profit?
• On prem servers are easy when it’s a test environment • Sandbox for playing • Test / Dev for testing and building • UAT / Preproduction for real world sanity checks • Jamf tools to move from one to the other
Have Backups • Snapshots are not backups and should not be trusted. • Backups of Backups. • Disaster recovery vs Hot spares • Clean. Lean. Fighting Jamf Machine!
Lean. Fighting Jamf Machine! • Give yourself enough time. • Backup. Then, restore backup to your Dev Server. • Dry run the upgrade. • Check available drive space on all servers.
still do it… doesn’t mean its right. • Out of box experience? • White glove treatment? • Network / Bandwidth concerns? • IT staff size? • Time? Speed, down time turnaround. Imagine
Never ever force it. • Mistakes happen, but don’t have to be public. • Someone else’s solution might not be right for you. • Don't make extra work for you or the users • Patching intervals aren't necessary
Mistakes compromise faith in the management framework. • Someone else’s solution might not be right for you. • Don't make extra work for you or the users. • Build a test server and use it. • Simple approach is best approach. • Document and Share Everything.