I was thinking if there was a way to create an API script and load it into Casper and display on a page a way to execute it, it would be executed using the logged in User's credentials instead of statically setting username and password in the script. Access could be granted to each script through ACL. Results would be shown on a separate page and could be exportable.
I would personally use this to automate some API functions and provide access to other admins in my company. I could do this via Self service, but then it's not running the Script in the context of the logged in user. Hope that makes sense.
If there is something like this already requested, sorry. But there are common KPIs I think we all develop, like Computers with OS Version 10.11, 10.10, 10.9,etc. or FileVault Encryption Valid percent, or Checked In Today, 2-7 days, 8-30 days, 30+ days, or iOS version, or MacBook Pro, IMac, Mac Pro, etc
I was thinking it would be great to offer these as Pie charts and total tables on the dashboard, but something pre-built with a nice visual. I get that I can create smart groups and show these as individual items, but would be good for management to see visually without needing to export and manipulate some of these things in Excel or the like. If I come up with a graphic, I'll post it here.
Would it be possible to add an Execution Frequency for policies to go on specific weeks of the Month at a specific time.
Example: Have a policy run on the First, Third, Fourth, and Last week of the Month. Allowing the Policy creator to select which weeks they want their policy to run.
We have tutorial videos in our institution that assist users with everyday tasks. If we could embed videos in the self service the same way we do "policies" rather than self service plugins we could scope videos to the departments that need them. Have the video play inside the self service.
In restricted software I would love it if anything outside of the base OS is inherently blocked to be used unless it is added to a scope. We have a large number of computers that only need to use about 10 total .app files. What I would like is if you change the software restriction to include a Whitelist/Blacklist outside of the base OS files. This constant finding apps to add to restricted software can be a full time job with the people at our company that do not like to use work machines for the work they are employed to do.
Thus you do -
Base OS App - Whitelist - can run
10 .app files - Whitelist - can run
ALL other .app files - Blacklist - can't run does the kill and uninstall.
Having just started using JSS, I was a bit surprised that you can't add third-party apps to the configuration profile dock settings. This seems a bit crazy! Especially as it is possible to add them to the dock profile in Apple's Profile Manager.
Could this be added?
We're currently using descriptive tags to our policies (ie. PROD-CheckInventory or TEST-Install-Outlook). We would like to be able to have an optional friendly display name for these policies in self service.
In our environment, we are utilizing device-based app deployment to our iOS devices. The issue we are finding, though, is how the licenses are handed out. For the most part, we acquire enough licenses so that there is one available for each device. There a few instances, though, that isn't the case.
Let's use the app, GoodReader, as an example. We have a set number of licenses, but want to make it available for all of our student devices. Unfortunately, knowing exactly who will need the app, and when, is not easy task (especially when it's over 3000 students). If you set a scope for all devices, only the first ones (up to the number of licenses), would have a license available, and be able to install the app. To avoid this issue we ended up creating two config profiles, and 2 smart groups. We wanted to make sure that, if the student no longer wanted the app, the app could be removed, and release the license. So, we set up an install, and a remove, profile. The smart groups were set for those that have the install profile, and those that have the remove profile. The app is scoped for those that have the install profile, and install the app automatically. When students want to install GoodReader, they are able to install the profile, and the app pushes out to the device. Once it completes, the remove profile is made available in Self Service. If they no longer need the app, they install the remove profile, which then sets up a process of removing the GoodReader app, the install profile, and then the remove profile (since the remove profile is only scoped to those than have the install profile, and the remove profile smart group is excluded from those that have the install profile). The license is then freed up for another user.
As you can see, this is a cumbersome process, which we have to do for a decent handful of apps. So, what I would like to see is have an option where it will only assign the license out after the user tries to install it from self service, without having to use this workaround.
I came across an issue that my images were hanging and not completing, and I discovered that when casper imaging reboots the computer into the adobeinstall account to finish installing other apps like symantec and adobe, I found that software update window popping up was causing it to not complete.
My request is, instead of having that black curtain, why not just have adobeinstall log in without the curtain, launches casper imaging in the middle of the screen while hiding the dock and menu bar items so that the admin can see if anything errors or pops up, and also can see from the progress bar how much longer is it going to take before the tasks are complete.
Highly desirable information is captured in the policy logs and should be easily reportable. Please consider adding the following capabilities: