Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Common Pitfalls of Jamf Administration and How ...

Jamf
November 13, 2019
53

Common Pitfalls of Jamf Administration and How to Fix Them

Jamf

November 13, 2019
Tweet

Transcript

  1. © JAMF Software, LLC Common Pitfalls of Jamf Administration and

    How to Fix Them 10:15 - 11:00 AM UP NEXT
  2. The Struggle is Real Most Common Non-Technical Blockers • No

    buy in from upper management • Conflict from other teams: infoSec, networking, infrastructure • Money / Time / Staff • Tradition • Misunderstandings • Knowledge deficit
  3. The Struggle is Real Blockers come in all shapes and

    sizes • Political Issues • Following the mythical “Best Practice” • Legacy Workflows • Analysis Paralysis • No time or place to Test
  4. Common Pitfalls and how to fix them Agenda • Get

    out of that Bind • Can we practice “Best Practice”? • Help for your Analysis Paralysis • Document the documentation documents and document it • Imagine the best way • Using the tools you have
  5. © JAMF Software, LLC Almost every reason to bind a

    Mac has an alternative approach. What are you actually getting from binding? Get out of that Bind
  6. Get out of that Bind “But we need to bind

    our Macs because…” • Certificates! and we use those for WiFi and VPN and stuff. • Network Shares and Printers. • Off-boarding and termination. • GPOs and AD group membership. • Consistent password experience. • Honestly, we don’t know why.
  7. © JAMF Software, LLC Get out of that Bind Azure

    AD Conditional Access ADCS Connector JIM
  8. Can We Practice… “Best Practice” Every environment is different. •

    There is no silver bullet • Unicorns don’t exist • You have to build your own Easy Button • Santa Clause Isn’t Real • It won’t work Every Single Time. That’s Okay.
  9. Can We Practice…“Best Practice” Pro Tips from our Jamfs in

    the field: • Eliminate redundant effort • Less Steps = Less Issues • Avoid Shotgun policy triggers • Sites are probably for someone else • Advanced Search whenever possible • Smart Group Abuse • Naming. Naming. Naming.
  10. © JAMF Software, LLC Eliminate Redundant Effort Do not add

    the same package to multiple similar policies. Creates trouble and more work later.
  11. © JAMF Software, LLC Eliminate Redundant Effort DO: reference the

    main installation policy by using the custom trigger name: install_chrome Scope and frequency is controlled by each policy.
  12. © JAMF Software, LLC Less Steps = Less to go

    Wrong Hey Rube Goldberg… Uh, It didn’t work‽ Clever policy chains are risky. Script it whenever possible. No shame in having Hundreds of policies if organized.
  13. Shotgun Policy Triggers Usually its best to pick just One

    Trigger • “Why did that policy run?” • Custom triggers are powerful • To many triggers looses control • Scripting allows for full control • Move past “once per computer”
  14. Sites are probably for someone else Very few cases where

    it is helpful • Sites should be reserved for multiple distinct admin groups. • Used when different devices are managed separately in very different ways. • Meant to make things easier not to make more work for the jamf admin.
  15. Advanced Search whenever possible • Doesn't Calculate until time of

    viewing • Not for scope, just metrics • No Excess Server Load • Great for reporting!
  16. Smart Group Abuse Constantly being Calculated • IS installed vs

    IS NOT installed • Too Many Criteria • Nested Groups in Nested Groups in Nested Groups… • Name it what it Does not what its For • Naming is so very important
  17. Whats in a Name? You decide. But please, Stick to

    it. • Be Specific. Be Accurate. • Little notes to Future You. ~Thanks Past Me. • Avoid naming TEST, Working, DONT DELETE ME • Stop with OLD, Disabled, DO NOT USE. • Clean House. Now is always the time. • Document the Naming Scheme!!!
  18. Paralysis from Analysis Fear of Change - common complaints: •

    Jamf management can be overwhelming. • Switching workflows is a really big deal. • Testing and getting approval takes too long. • We cant have an outage of any kind. ever. • “If it aint broke dont fix it.”
  19. Paralysis from Analysis Break it down in to easy to

    handle pieces 1. Identify each issue that can be solved separately 2. Solve each piece individually in a dev environment 3. Figure out how to bolt them together 4. Move it over into UAT or Pre Production Server. 5. Success. Profit?
  20. Paralysis from Analysis Ideal Setup • Multiple Jamf test environments

    • VMs and Hypervisor are your best friends • Backups of Backups. Not Snapshots. • Do you really need Hot Spares? • Clean. Lean. Fighting Jamf Machine!
  21. Your Server Setup Even Jamf Cloud Customer’s can have one.

    • On prem servers are easy when it’s a test environment • Sandbox for playing • Test / Dev for testing and building • UAT / Preproduction for real world sanity checks • Jamf tools to move from one to the other
  22. Your Server Setup Do you even backup, Bro? • First,

    Have Backups • Snapshots are not backups and should not be trusted. • Backups of Backups. • Disaster recovery vs Hot spares • Clean. Lean. Fighting Jamf Machine!
  23. © JAMF Software, LLC Level Up your Upgrade Game Read

    the Red. Read every single piece of relevant information.
  24. © JAMF Software, LLC Level Up your Upgrade Game Release

    Notes are your Friend. When in doubt… Ask jamf
  25. © JAMF Software, LLC Level Up your Upgrade Game Beta

    Program. Get around it. How good? So Good.
  26. Level Up your Upgrade Game Lessons We’ve Learned. • Clean.

    Lean. Fighting Jamf Machine! • Give yourself enough time. • Backup. Then, restore backup to your Dev Server. • Dry run the upgrade. • Check available drive space on all servers.
  27. © JAMF Software, LLC Document the Documentation Write everything down

    and make it available. • It’s about more than Job Security • No Detail is too small • Imagine if you had to do it all again.
  28. © JAMF Software, LLC Document the Documentation Remember thy name!

    • Naming of everything is important. • Versioning of Package names • Consistency is key • Consider date, and creators name
  29. © JAMF Software, LLC Document the Documentation Whats in a

    name? • It’s about more than Job Security • Versioning of Package names
  30. © JAMF Software, LLC Imaging the Best Way You can

    still do it… doesn’t mean its right. • Out of box experience? • White glove treatment? • Network / Bandwidth concerns? • IT staff size? • Time? Speed, down time turnaround. Imagine
  31. © JAMF Software, LLC Square Peg in a Round Hole

    Never ever force it. • Mistakes happen, but don’t have to be public. • Someone else’s solution might not be right for you. • Don't make extra work for you or the users • Patching intervals aren't necessary
  32. © JAMF Software, LLC TL;dr… cheat sheet Key Take-Aways •

    Mistakes compromise faith in the management framework. • Someone else’s solution might not be right for you. • Don't make extra work for you or the users. • Build a test server and use it. • Simple approach is best approach. • Document and Share Everything.
  33. © JAMF Software, LLC Thank you for listening! Give us

    feedback by completing the 2-question session survey in the JNUC 2019 app. UP NEXT Tailor Machine Setup for Both IT and Employees 11:30 - 12:15 PM