Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Multiple OUs in the Search Base mappings for LDAP Servers

Posted: Today at 1:46 AM by c.kay

We have a rather large AD OU structure and would like to be able to specify multiple OUs in the search base when defining the Mappings for an LDAP Server.

For example we'd like to specify multiple OUs that are searched for groups so the JSS doesn't have to search from the root which takes a lot longer.

Implementing Corporate Security features already developed but not in Casper

Posted: 5/22/17 at 1:01 PM by Cornoir Last Response: Yesterday at 4:18 PM by Cornoir

There are already features in existence developed by the Jamf community by talented individuals for some time now that Jamf needs to incorporate if they trulls want to support Mac Admins in the business arena and not just stay barely ahead of new Apple features.
I speak of two lacking features developed by non Jamf employees;

Local Administrator Password Solution


Both should have been a part of the Jamf Pro set by now as they are without a doubt well within Jamf's ability to include and much needed by Mac Admins.

Sort Static Computer Group correctly

Posted: Yesterday at 11:05 AM by jason.bracy

In JSS 9.98 when adding computers to a static group, if you attempt to sort the list of computers by any of the date options the sort is wrong. Seems to sort as a string instead of a time (i.e. sort order is 01/01/01... 01/01/2017... 10 minutes ago... 12/31/16... 15minutes ago... Today... Yesterday... etc)

Please fix.


Include option to download all content of a policy before executing it (without having to use additional policies to cache content)

Posted: Yesterday at 6:11 AM by mpi

Would like to request a feature where I can checkmark 1 box in a policy that instructs the client to download all content in the policy (packages, scripts, etc) before executing.

Current need for this feature is distributing an upgrade for our VPN client. Deployment needs the VPN client (package 1) and the config file (package 2). Since VPN gets disconnected (if the user is currently on VPN) after the client is upgraded, the installation of the configuration file fails. Being able to cache everything then execute would fix this issue.

Other benefits of this feature would give a better customer experience as the content can be downloaded before its ran which would make that process a lot quicker. I do understand there are other ways to do this (smart groups packages for caching packages for installing cached packages.

While this may work fine in practice, it adds a lot of unneeded complexity that could be solved by making this option part of the package as a whole. The simpler the deployment, the less that can go wrong and if something goes wrong its easier to troubleshoot.

Policy Execution 'Once Per Computer, If Successful'

Under Review
Posted: 10/1/12 at 12:41 PM by brent.buckner Last Response: Yesterday at 5:58 AM by bkp

Set policy to run once per computer when the script exit code is equivalent to a success.

For instance, if a large package fails to download successfully, and triggers the policy to fail, it should not count as the "once per computer" execution.

Please update to Java 8 on Jamfcloud

Posted: 5/14/17 at 8:27 PM by owen.pragel Last Response: Yesterday at 1:45 AM by owen.pragel

Please upgrade Jamfcloud to Java 8. As of today (2017/05/14), Jamfcloud is running 1.7.0_121.

As stated in this feature request (which is marked as complete), "With Java 7 going end-of-life in April 2015, we're only about 4 months out from security updates ending for that product."

In addition, Apple's GSX program does not support Java 7 any longer. Attempting to use the GSX integration on Jamfcloud today will result in a Java SocketException error if the JSS is running Java 7, and is not usable. This is functionality that is documented as working for Jamfcloud, but it currently doesn't:

MDM App Download Priority

Posted: 5/23/17 at 6:49 PM by jenskiallegiant Last Response: 5/23/17 at 8:34 PM by Look

Being able to assign an app priority for MDM apps would be a huge help! We have some apps that are more important than others for our employees. To be able to have those apps download first would ensure we cover the important apps first during handoffs and deploys.

Enhancement for Manual Config Profile functionality

Under Review
Posted: 3/21/14 at 8:58 AM by JPDyson Last Response: 5/23/17 at 4:45 PM by gachowski

In Apple's Profile Manager, it is possible to manually create a Custom Confgiruation Profile Payload by specifying domain, key, and value without having to upload a pre-formatted plist. This is far easier to manage when you want to make adjustments, as it does not require re-creating the entire setting from scratch (or storing plist snippets somewhere). It very closely resembles manual MCX as implemented in JSS 8.x, a functionality that was removed in JSS 9.x.

Apple is still supporting and recommending the use of the Custom Config Profile payload to mimic the older custom MCX functionality (for example, this article about managing Safari Plug-Ins

It would be supremely helpful to have this capability in the Custom payload, as the Manual MCX settings are tremendously flexible and powerful.

Inventory Time becomes incorrect with API

Posted: 5/22/14 at 10:37 AM by brandonusher Last Response: 5/23/17 at 3:10 PM by cdenesha

When updating anything in a device record with the JSS API, the "Last Inventory Update" becomes wrong because it reads the API push as an inventory update instead of just a record update.

The "Last Inventory Update" field does not get updated when editing the device through the GUI, so it is quite aggravating when it updates through the API.

It would be nice to have a different way to calculate the "Last Inventory Update" and maybe have a new field that reflects when anything is changed, whether it be with the API or the Web GUI. Maybe even include who updated the device record.

Patch Reporting: Display versions in descending order for Smart Group Criteria

Implemented in 9.99.0
Posted: 5/16/17 at 2:18 PM by Taylor.Armstrong Last Response: 5/23/17 at 1:49 PM by Taylor.Armstrong

Sounds minor, but a very frequent annoyance that would save a lot of time on repetitive tasks:

When listing a specific version number for a smart group, the versions for patch-management titles are currently in ascending order. This means that to update a smart group, I need to scroll to the end every time, instead of choosing the item near the top of the list.

Ex: To update my smart group for Firefox, I need to scroll PAST a full screen's worth of entries to get to the current (53.0.2). Having the versions in descending order (and a way to purge old versions from the database so I don't even see entries for 3x.0) would be nice.

Implemented in 9.99.0 Responded: 5/23/17 at 9:22 AM by erin.miska

This was actually a bug, and we fixed it in 9.99.0.