Help

Restricted Software - Computers moved out of smart group is still in scope?

Go to solution
Ferrard
New Contributor II

Posted on ‎02-23-2016 01:19 PM

Hey Guys,

I'm unsure if this is a defect.

We have a restricted software setup in our JSS where the installation of OSX 10.11 is blocked for computers that falls under two different smart groups. We see no issues with this.

But when a computer was part of these smart group previously and now moved out of the group, the Restricted software should no longer be applicable for the machine. But when the user tries to install OSX 10.11.3 is still says its blocked. Even if I manually exclude the machine from this restricted Software and run a recon it still says its blocked. Any idea what is going on here?

Please let me know.

Thanks,

Ravi

0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
dgreening
Valued Contributor II

Posted on ‎02-23-2016 01:21 PM

Try running a "jamf manage" on the machine.

View solution in original post

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on ‎02-23-2016 01:22 PM

Run a sudo jamf manage on the Mac, not a recon. Restricted Software gets updated on a system when the management framework is refreshed. See if that helps.

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
dgreening
Valued Contributor II

Posted on ‎02-23-2016 01:21 PM

Try running a "jamf manage" on the machine.

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on ‎02-23-2016 01:22 PM

Run a sudo jamf manage on the Mac, not a recon. Restricted Software gets updated on a system when the management framework is refreshed. See if that helps.

0 Kudos

Go to solution
thoule
Valued Contributor II

Posted on ‎02-23-2016 01:37 PM

That block list is /Library/Application Support/JAMF/.blacklist.xml I find it gets refreshed about every 15 mins in my environment and jamf mange or recon had no effect on that.

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on ‎02-23-2016 01:50 PM

@thoule I'm not sure what would be up with that, but I can assure you doing a sudo jamf manage refreshes the Restricted Software items on the Mac. I just did a quick test on this. We block the BootCamp Assistant application since we don't want people using it to install an unmanaged Windows OS on their Macs. I ran the app, Restricted Software blocked it right away. I then went into our JSS and to that Restricted Software item, added my Mac into the Exclusions tab, hit Save and within about 2 seconds ran a sudo jamf manage command on my Mac, and then launched the app again right after. The entire amount of time between me saving my Mac into the Exclusions tab and running the app again couldn't have been longer than about 10-15 seconds, and I was able to then keep BootCamp Assistant running - no Restricted Software block.
I then did the same process in reverse, removing my Mac from Exclusions, and as soon as I ran the jamf manage command the open BootCamp Assistant application was shut down and I received our block message.

0 Kudos

Go to solution
Ferrard
New Contributor II

Posted on ‎02-23-2016 02:00 PM

Thanks all! Waiting for the user to come back from Lunch to test this :)

Do you know how often management framework gets updated automatically on the managed computers?

0 Kudos

Go to solution
Ferrard
New Contributor II

Posted on ‎02-23-2016 02:18 PM

btw, just tested sudo jamf manage and that did the trick. Appreciate the responses here.

0 Kudos

Go to solution
TechSpecialist
Contributor

Posted on ‎07-28-2020 02:03 AM

This should not be. If I scope a smartgroup to Restricted software, then I expect the restriction to be lifted automatically when that mac is no longer part of that smartgroup.

0 Kudos