Help

Restrict all policies from a computer

Go to solution
Ricky
Contributor

Posted on ‎05-27-2016 02:48 PM

Hello everyone,

We have a couple computers that are enrolled in JAMF, but we want to make sure they never get any packages or certificates pushed to them. We like the reporting that JSS gives us, especially with the inventory / IP for remote services; but we don't want to risk pushing out a policy to the computer.

Is this possible? I know for each policy we can exclude it. Not only is this a lot of work to do, but we also run the risk of an accidental deployment if someone isn't paying attention.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
stevevalle
Contributor III

Posted on ‎05-29-2016 03:39 PM

@Ricky Have you thought about using sites to do this.

You can create two sites. A "Main" site and a "No Policy" site (or whatever you want to call them!). If you add these computers to the "No Policy" site, then it's a matter of adding all policies to the "Main" site.

As long as all policies are in the "Main" site, policies won't deploy to the "No Policy" site machines.

It's a bit of work to edit all current policies, but it will do the job. It Also saves excluding machines from every policy!

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
bentoms
Release Candidate Programs Tester

Posted on ‎05-27-2016 04:00 PM

@Ricky this might be accomplished by unmanaging them in the JSS.. Although I think that breaks recon.

Another thing you can do is add them to a Static Group, & then add that group as an exclusion for each policy & profile.

0 Kudos

Go to solution
dpertschi
Valued Contributor

Posted on ‎05-27-2016 05:55 PM

@Ricky

I know for each policy we can exclude it. Not only is this a lot of work to do, but we also run the risk of an accidental deployment if someone isn't paying attention.

Yep, this actually jogs my memory about a feature request I've been meaning to submit- we need the simple ability to create templates. Templates for policies, smart groups, advanced searches. I can't tell you how many sets of screenshots and lists I have to remember to setup for certain situations.

But yeah, create a exemption static group and always add that.

0 Kudos

Go to solution
stevevalle
Contributor III

Posted on ‎05-29-2016 03:39 PM

@Ricky Have you thought about using sites to do this.

You can create two sites. A "Main" site and a "No Policy" site (or whatever you want to call them!). If you add these computers to the "No Policy" site, then it's a matter of adding all policies to the "Main" site.

As long as all policies are in the "Main" site, policies won't deploy to the "No Policy" site machines.

It's a bit of work to edit all current policies, but it will do the job. It Also saves excluding machines from every policy!

0 Kudos

Go to solution
dmw3
Contributor III

Posted on ‎05-29-2016 05:51 PM

We actually do the reverse that @stevevalle does in that no policies are applied to computers unless they belong to a group, we are using AD security groups for this.

0 Kudos