Once a device has been enrolled, whether by Apple/JAMF prestage enrollment, by the user initiated website, or by an enrollment package created by EUT, a collection of policies are configured to ensure the device is set up with EUT's standard build. Below you will find a list of the policies applied to all computers and triggered by enrollment. Keep in mind this was designed to suit the need for macOS High Sierra setup, but works for all versions of macOS from 10.10.5 and up.
How the computer gets set up
- Once a device has been enrolled into the JAMF mac management server, a few applications and policies become available to execute automatically on the computer.
- These policies were designed to assist the ITSS group with installing all standard software in an easy automated fashion.
- This differs greatly from imaging in a way that we no longer need to build a golden master and keep it updated with all the software packages.
- It will work for all machines regardless of their OS version. Just install the version that Apple ships it with or upgrade to the latest via the App store. If a computer is being repurposed, simple reinstall the OS from recovery or by a usb boot disk created by EUT and re-enroll. All the applications will be reinstalled.
- Imaging will still work for now with device that shipped with 10.12.6 and older, however, EUT is recommending we move towards computer deployments over computer master imaging.
- Policies executed:
Active Policy Name Frequency Trigger Scope Details Site Constraint Notes
Ongoing Enrollment All computers Installs a small, lightweight app in background to display current operation, and installation progress. Cleaned up after configuring. All Sites
Ongoing Enrollment All computers Sets the computer name to serial number. All Sites
Ongoing Enrollment All computers Sets the computers time server from time.apple.com to ntp-pool.net.maine.edu and configures the timezone to 'America/New_York' All Sites
Ongoing Enrollment All computers Install Office 2016, includes patches and updates. All Sites
Ongoing Enrollment All computers Installs latest Firefox ESR and Google Chrome All Sites
Ongoing Enrollment All computers Installs Microsoft Security Endpoint Protection. Antivirus All Sites
Ongoing Enrollment All computers Installs latest Canon postscript drivers, negates users' need for admin privileges to install printers later. All Sites
Ongoing Enrollment All computers Enables filevault for all users logging in and forwards encryption key to JAMF for later use. User policy in Mac Software Center enables users to regenerate their key at will, and will forward the new key to JAMF as well. All Sites Disabled until can determine scopable method for limiting to laptops only.Can be turned on manually after configuration.
Ongoing Enrollment All computers Checks Apple Update Server and installs all updates. All Sites
Ongoing Enrollment All computers Cleans up DEP Notify app, it is not needed after configuration. All Sites Can be left if we want to create a progress window for users installing software from Mac Software Center.
Additional policies can be added and scoped to individual sites so that all or a collection of devices at a campus get additional software.
These policies will need to have exclusions applied by groups only if restricting installation of some or all standard software. Furthermore, all lab machines enrolled will get the same software unless devices are assigned to a group and then excluded from the policy. But all software is standard and can be installed on all lab machines.
There is no content with the specified labels