Archive for the ‘Casper’ Category

JAMF Software releases Casper 9.2 for OS X 10.9

Wednesday, October 23rd, 2013

Apple released OS X 10.9 (Mavericks) Tuesday and within an hour JAMF Software had released Casper 9.2  with support for Mavericks. Current customers can log in to their accounts at https://jamfnation.jamfsoftware.com/login.html to download the update.

Casper 9.2 includes some bug fixes and new features just for Mavericks. It also includes some new features independent of Mavericks such as support for deploying Mac OS X 10.7 and later upgrades using an OS X installer downloaded directly from the Mac App Store.

JAMF has published full Casper 9.2 release notes on its site.

[New in Casper 9.1] Identify iOS 7 devices managed by ‘Find My iPhone’

Tuesday, October 1st, 2013

Find My iPhoneEnterprise and educational institutions have a new tool in Casper 9.1 for identifying iOS 7 devices under Apple’s new Activation Lock management. This tool becomes increasingly important if employees or students are allowed to use their personal Apple IDs with their devices because only they can return the device in an unmanaged state.

Apple introduced “Find My iPhone” in iOS 3 allowing users to track their own devices or others with their owners’ permission. Since that time Apple has added remote lock to prevent use of a lost device and remote erase to wipe data from the device when the owner can’t recover it.

With iOS 7 Activation Lock is automatically enabled when remotely locking or erasing a device, making using or selling it difficult without first entering the password for the Apple ID that locked it and then removing the management. When a remote lock or erase command is issued Activation Lock effectively bricks the device preventing anyone from erasing or reactivating it.

JAMF Software released Casper 9.1 the same day Apple released iOS 7 and added the new field “Device Locator Service Enabled” for identifying iOS 7 devices tied to  Apple IDs that can remotely lock or erase them. This field appears both under the General payload of an individual device as well as a criterion under Smart Mobile Device Groups.

Device Locator Service Enabled

Casper can only identify whether the device location service is enabled. It cannot report the Apple ID itself managing the device.

As part of any device return policy for an employee’s departure from his company or a student’s end-of-year equipment return, administrators should review whether the Device Locator Service Enabled field is true or false for the device. The employee or student must remove the device from his Apple ID prior to returning the equipment. He must do this on the device itself under Settings > iCloud and turning off Find My iPhone or Find My iPad. This requires he enter his Apple ID password to complete disabling the management.

While iOS 6 and earlier devices include the remote lock, locate and erase features they don’t include Activation Lock. This is new in iOS 7.

Apple has made no announcements about whether OS X 10.9 (Mavericks) will include this option as part of its “Find My Mac” feature set.

[New in Casper 9] Use keyboard shortcuts in JSS

Monday, September 30th, 2013

Matthew Fjerstad with JAMF Software recently posted a handful of keyboard shortcuts for the JAMF Software Server (JSS) in Casper 9. Updating JSS items in Casper 8 and earlier was as simple as clicking a link and editing the record. To enable new features in version 9 the JAMF developers changed this behavior to require clicking additional buttons when changing information.

Clicking extra buttons meant adding tedious steps when working in the JSS so the JAMF Software developers included these new editing and navigation commands.

N = New (from a list view)

To add a new object such as a new JSS user account, press N. This applies wherever a New button appears.

Press N

E = Edit

To edit an object such as an existing JSS user account, press E. This applies wherever an Edit button appears.

Press E

B = Done or Back

To return to a list after viewing an object such as an existing JSS user account, press B. This applies wherever an Done button appears.

Press D

Control-C = Cancel

To quit editing an object without making any changes, press Control-C. This applies wherever the Cancel button appears.

Control-S = Save

To save changes after editing an object, press Control-S. This applies wherever the Save button appears.

Press Control C or S

Control-D = Delete

To delete an object such as an existing JSS user account, press Control-D. This applies wherever a Delete button appears.

Press Control D

Connect Casper to Active Directory

Wednesday, November 14th, 2012

Integrating any system into Active Directory can seem like a daunting task, especially for someone who’s not an AD administrator or doesn’t even has access to the directory service. JAMF Software has supported connecting Casper to AD for several versions of its product and has refined the connection process to be simple enough for someone with little or no AD experience to complete.

Connecting Casper to AD allows it to take advantage of existing user and group accounts, eliminating the tedium of creating them manually, and the user himself has one less password to remember. When his password changes the new password works immediately in Casper. Likewise, when a user’s account expires or is disabled then access to Casper ceases.

Gather the following information for the connection process:

  • Service account. This should be an AD account dedicated for Casper to use to authenticate to AD. It should be set not to expire and not to require changing at first login. This requires both the account name and its AD password.
  • The name of an AD Domain Controller (same as a Windows Global Catalog server, which assumes the role of an LDAP server).
  • The name of the organization’s NetBIOS domain.
  • The login names for any two user accounts in AD. Passwords aren’t required; these are used for testing lookups only.
  • The names for any two security groups in AD that include one or both test user accounts. These are used for testing lookups only. (Domain Users and Domain Admins are two common security groups.)

To connect Casper to AD do the following:

  1. Log in to the JAMF Software Server (JSS) for Casper using a local user account.
  2. Navigate to Settings tab –> LDAP Server Connections. Click on the Add LDAP Server Connection button. This begins a process that verifies the service account’s credentials and creates the user and group mappings between Casper and AD.
    New LDAP Server Connection button
  3. Select Active Directory as the LDAP server type and click the Continue button.
    LDAP server connection type
  4. For Host name enter the fully qualified domain name or IP address of the Domain Controller.
  5. For AD Domain enter the Windows NetBIOS domain name. Click the Continue button.
    Domain information
  6. Enter the name of the service account and its password that the JSS will use to authenticate and connect to AD. Click the Continue button.
    Service account
  7. If the Enter Test Accounts page appears then AD has accepted the service account’s credentials. Now, enter the account names of two AD users. These can be your own and a co-worker’s account. For the best results pick two users who are in very different parts of the organization. Click the Continue button.
    Test accounts
  8. The Verify Attribute Mappings page should display information about each user the JSS found in AD. Mappings are the pairing of attributes and values for an object in AD. In this case, verify the Username shown is actually the user’s short account name, verify Real Name shows the user’s first and last name, verify that Email displays the correct email address for each user, etc.New mappings
  9. Some fields may not be populated. That’s typically because the AD information is incomplete. If either user has information for a field but not the other then verify that information is correct or at least in the correct format.
  10. Casper may have wrongly mapped an attribute. For example, the telephoneNumber attribute may actually be phone in AD. To change the mapping click the edit button (ellipsis) to the right of the mapping and review the LDAP Attributes to see if another one is more suitable. Changing the attribute immediately changes the values for each user to help quickly identify better choices. Click the Return to Verify Mappings button when done.
    Edit mappings
  11. The new mappings appear in the list. Click the Continue button.
    New mappings
  12. Enter the two domain security groups and verify whether the test users are members. They may be members of one, both or none. Click the Continue button.
    Verify groups
  13. Finally, click the Save button to save the settings.
    Complete

Now, when adding new users to Casper, the JSS can pull the user information from AD.

  1. Navigate to Settings tab –> Accounts. Click on the Add Account from LDAP button.
    New Account button
  2. Enter the name of an AD user who should have privileges in the JSS. Click the Next button.
    Add User from LDAP Account
  3. If the lookup returns more than one result then locate the correct result and click the Add… link to the right.
    Result
  4. Grant the necessary privileges to the JSS and click the Save button.

At this point the newly added user should be able to log in to the JSS using his AD credentials. The JSS will also use the AD information for email alerts and other functions.

If the LDAP connection is ever deleted then existing LDAP user accounts will fail to work, even if the LDAP connection is recreated. Re-enabling users to log in will require adding their accounts and privileges again under the new LDAP connection.