Tweet
Tweet

Slide 1

Slide 1 text

© JAMF Software, LLC Common Pitfalls of Jamf Administration and How to Fix Them 10:15 - 11:00 AM UP NEXT

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

© JAMF Software, LLC Matthew Phillips Implementation Engineer jamf

Slide 4

Slide 4 text

© JAMF Software, LLC

Slide 5

Slide 5 text

© JAMF Software, LLC You Issues

Slide 6

Slide 6 text

The Struggle is Real Most Common Non-Technical Blockers • No buy in from upper management • Conflict from other teams: infoSec, networking, infrastructure • Money / Time / Staff • Tradition • Misunderstandings • Knowledge deficit

Slide 7

Slide 7 text

The Struggle is Real Blockers come in all shapes and sizes • Political Issues • Following the mythical “Best Practice” • Legacy Workflows • Analysis Paralysis • No time or place to Test

Slide 8

Slide 8 text

Common Pitfalls and how to fix them Agenda • Get out of that Bind • Can we practice “Best Practice”? • Help for your Analysis Paralysis • Document the documentation documents and document it • Imagine the best way • Using the tools you have

Slide 9

Slide 9 text

© JAMF Software, LLC Almost every reason to bind a Mac has an alternative approach. What are you actually getting from binding? Get out of that Bind

Slide 10

Slide 10 text

Get out of that Bind “But we need to bind our Macs because…” • Certificates! and we use those for WiFi and VPN and stuff. • Network Shares and Printers. • Off-boarding and termination. • GPOs and AD group membership. • Consistent password experience. • Honestly, we don’t know why.

Slide 11

Slide 11 text

© JAMF Software, LLC Get out of that Bind Azure AD Conditional Access ADCS Connector JIM

Slide 12

Slide 12 text

Can We Practice… “Best Practice” Every environment is different. • There is no silver bullet • Unicorns don’t exist • You have to build your own Easy Button • Santa Clause Isn’t Real • It won’t work Every Single Time. That’s Okay.

Slide 13

Slide 13 text

Can We Practice…“Best Practice” Pro Tips from our Jamfs in the field: • Eliminate redundant effort • Less Steps = Less Issues • Avoid Shotgun policy triggers • Sites are probably for someone else • Advanced Search whenever possible • Smart Group Abuse • Naming. Naming. Naming.

Slide 14

Slide 14 text

© JAMF Software, LLC Eliminate Redundant Effort Do not add the same package to multiple similar policies. Creates trouble and more work later.

Slide 15

Slide 15 text

© JAMF Software, LLC Eliminate Redundant Effort DO: reference the main installation policy by using the custom trigger name: install_chrome Scope and frequency is controlled by each policy.

Slide 16

Slide 16 text

© JAMF Software, LLC Less Steps = Less to go Wrong Hey Rube Goldberg… Uh, It didn’t work‽ Clever policy chains are risky. Script it whenever possible. No shame in having Hundreds of policies if organized.

Slide 17

Slide 17 text

Shotgun Policy Triggers Usually its best to pick just One Trigger • “Why did that policy run?” • Custom triggers are powerful • To many triggers looses control • Scripting allows for full control • Move past “once per computer”

Slide 18

Slide 18 text

Sites are probably for someone else Very few cases where it is helpful • Sites should be reserved for multiple distinct admin groups. • Used when different devices are managed separately in very different ways. • Meant to make things easier not to make more work for the jamf admin.

Slide 19

Slide 19 text

Advanced Search - Hero. Friend. Do This.

Slide 20

Slide 20 text

Advanced Search whenever possible • Doesn't Calculate until time of viewing • Not for scope, just metrics • No Excess Server Load • Great for reporting!

Slide 21

Slide 21 text

Smart Group Abuse Constantly being Calculated • IS installed vs IS NOT installed • Too Many Criteria • Nested Groups in Nested Groups in Nested Groups… • Name it what it Does not what its For • Naming is so very important

Slide 22

Slide 22 text

Whats in a Name? You decide. But please, Stick to it. • Be Specific. Be Accurate. • Little notes to Future You. ~Thanks Past Me. • Avoid naming TEST, Working, DONT DELETE ME • Stop with OLD, Disabled, DO NOT USE. • Clean House. Now is always the time. • Document the Naming Scheme!!!

Slide 23

Slide 23 text

Paralysis from Analysis Fear of Change - common complaints: • Jamf management can be overwhelming. • Switching workflows is a really big deal. • Testing and getting approval takes too long. • We cant have an outage of any kind. ever. • “If it aint broke dont fix it.”

Slide 24

Slide 24 text

Paralysis from Analysis Break it down in to easy to handle pieces 1. Identify each issue that can be solved separately 2. Solve each piece individually in a dev environment 3. Figure out how to bolt them together 4. Move it over into UAT or Pre Production Server. 5. Success. Profit?

Slide 25

Slide 25 text

Paralysis from Analysis Ideal Setup • Multiple Jamf test environments • VMs and Hypervisor are your best friends • Backups of Backups. Not Snapshots. • Do you really need Hot Spares? • Clean. Lean. Fighting Jamf Machine!

Slide 26

Slide 26 text

Your Server Setup Even Jamf Cloud Customer’s can have one. • On prem servers are easy when it’s a test environment • Sandbox for playing • Test / Dev for testing and building • UAT / Preproduction for real world sanity checks • Jamf tools to move from one to the other

Slide 27

Slide 27 text

Your Server Setup Do you even backup, Bro? • First, Have Backups • Snapshots are not backups and should not be trusted. • Backups of Backups. • Disaster recovery vs Hot spares • Clean. Lean. Fighting Jamf Machine!

Slide 28

Slide 28 text

© JAMF Software, LLC Level Up your Upgrade Game Read the Red. Read every single piece of relevant information.

Slide 29

Slide 29 text

© JAMF Software, LLC Level Up your Upgrade Game Release Notes are your Friend. When in doubt… Ask jamf

Slide 30

Slide 30 text

© JAMF Software, LLC Level Up your Upgrade Game Beta Program. Get around it. How good? So Good.

Slide 31

Slide 31 text

Level Up your Upgrade Game Lessons We’ve Learned. • Clean. Lean. Fighting Jamf Machine! • Give yourself enough time. • Backup. Then, restore backup to your Dev Server. • Dry run the upgrade. • Check available drive space on all servers.

Slide 32

Slide 32 text

© JAMF Software, LLC Document the Documentation Write everything down and make it available. • It’s about more than Job Security • No Detail is too small • Imagine if you had to do it all again.

Slide 33

Slide 33 text

© JAMF Software, LLC Document the Documentation Remember thy name! • Naming of everything is important. • Versioning of Package names • Consistency is key • Consider date, and creators name

Slide 34

Slide 34 text

© JAMF Software, LLC Document the Documentation Whats in a name? • It’s about more than Job Security • Versioning of Package names

Slide 35

Slide 35 text

© JAMF Software, LLC Imaging the Best Way You can still do it… doesn’t mean its right. • Out of box experience? • White glove treatment? • Network / Bandwidth concerns? • IT staff size? • Time? Speed, down time turnaround. Imagine

Slide 36

Slide 36 text

© JAMF Software, LLC Square Peg in a Round Hole Never ever force it. • Mistakes happen, but don’t have to be public. • Someone else’s solution might not be right for you. • Don't make extra work for you or the users • Patching intervals aren't necessary

Slide 37

Slide 37 text

© JAMF Software, LLC TL;dr… cheat sheet Key Take-Aways • Mistakes compromise faith in the management framework. • Someone else’s solution might not be right for you. • Don't make extra work for you or the users. • Build a test server and use it. • Simple approach is best approach. • Document and Share Everything.

Slide 38

Slide 38 text

© JAMF Software, LLC Q & A Open Discussion Time for you…

Slide 39

Slide 39 text

© JAMF Software, LLC Thank you

Slide 40

Slide 40 text

© JAMF Software, LLC Thank you for listening! Give us feedback by completing the 2-question session survey in the JNUC 2019 app. UP NEXT Tailor Machine Setup for Both IT and Employees 11:30 - 12:15 PM