 |
|
You are here: CLASSE Wiki>Computing Web>MacUserPages>CLASSEManagedMacs-JAMF (21 Jul 2022, MichaelRoman)Edit Attach
CLASSE Management of macOS Computers
Increasing adoption of Macintosh computers by CLASSE personnel has led to a need for Mac management software that helps us comply with Cornell policies on information security. To meet this important need, CLASSE-IT has installed a software package called JAMF on CLASSE-managed Macs.What is JAMF?
JAMF is a widely-used management solution for the Apple platform that provides extensive functionality for IT managers in larger scale enterprise and education environments. It allows us to automate deployments, updates to software, and configurations on CLASSE Macs similarly to how we manage CLASSE Linux and Windows computers.What does JAMF do?
JAMF software will check CLASSE-managed Macs for standard preferences, applications, documents, and deploy CLASSE standards where needed. Many of these preferences, applications, and documents are required by Cornell University policy and are shown in RED. For more details on Cornell policies, see https://www.dfa.cornell.edu/sites/default/files/vol5_10.pdf (45 pages). For an "executive summary", see https://it.cornell.edu/certified-desktop/certified-desktop-security-policy (nb: CLASSE is required to employ whole-disk encryption only in special cases, and is NOT currently employing Code42).Standard System Preferences
| Preferrence Pane | Tab | Setting |
|---|---|---|
| Date & Time | Time Zone | Set Time Zone to Automatic |
| Desktop & Screensaver | Start after 10 minutes | |
| Energy Saver | Power Adapter | Sleep display 30 min, disable display off, never sleep disk, allow wifi wakeup, enable power nap |
| Energy Saver | Battery | Sleep display 10 min, never sleep disk, dim display while on battery, enable power nap |
| Network | Set DNS for active CLASSE Public ports, set search domains for all network ports, allow standard user to configure network settings | |
| Printer & Scanners | Allow standard user to modify printer list | |
| Security & Privacy | General | Require password 5 minutes after sleep or screensaver |
| Security & Privacy | FileVault | Enable (for users with confidential/sensitive data) |
| Sharing | Allow ssh and Apple Remote Desktop management | |
| Software Updates | Automatically keep my Mac up to date - check all boxes under "Advanced …” | |
| User & Groups | Login Options | Display login window as Name and password join to CLASSE domain |
Standard Applications
| Application | Use |
|---|---|
| ConnectWiseControl.Client | Remote access to and from other computers |
| ESET | Anti-malware and network firewall |
| Fetch | FTP/SFTP client |
| FireFox | Web browser |
| Microsoft Office 2019 | Office Productivity |
| Microsoft Remote Desktop | Control a Windows-based PC remotely |
| Spirion(for users with confidential/sensitive data) | Scan for confidential/sensitive data |
| Pritunl | VPN client |
| Vivaldi | Web browser |
| VLC | Video player for multiple formats |
| X2GoClient | Control a Linux-based PC remotely |
| XQuartz | X Server for mac OS |
Standard Student Programmer Applications
| Application | Use | URL |
|---|---|---|
| Homebrew | package manager for Mac | https://brew.sh - note different install locations based on Intel vs Apple Silicon (https://docs.brew.sh/Installation) Apple Silicon installs in /opt/homebrew; /opt/homebrew/bin needs to be added to the PATH |
| Apache NetBeans 14 | IDE for Java app development | https://netbeans.apache.org/download/archive/index.html |
| DBeaver | GUI for database administration | https://dbeaver.io/download/ |
| Git | version control system | Use version that ships with XCode; 2nd option - https://git-scm.com/downloads |
| Java 11 | Java Development Kit (JDK) 11 | https://adoptium.net/temurin/releases |
| MariaDB | Open Source Database Management System based on MySQL | Homebrew: https://mariadb.com/kb/en/installing-mariadb-on-macos-using-homebrew/ |
| MySQL Connector/J | Connection driver required by Payara; install in home directory | https://dev.mysql.com/downloads/connector/j/ (platform independent) |
| Payara | Latest Community Edition; install in home directory | https://www.payara.fish/downloads/payara-platform-community-edition/ Payara Server 5.2022.2 (Full) |
| Xcode | Apple IDE | https://developer.apple.com/download/all/?q=xcode Credentials in Keepass database |
User Actions Necessary for CLASSE Managed Enrollment
In a small number of cases, users will be asked to approve an MDM Profile. The steps below will need to be performed when physically at the computer. Approve Mobile Device Management (MDM) Profile:- Open System Preferences, select *Profiles*
- Click the "Approve" button to approve the *MDM Profile*
Edit | Attach | Print version | History: r21 < r20 < r19 < r18 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r21 - 21 Jul 2022, MichaelRoman
Quick Links
Usage Information
Collaboration
IT Communications
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding CLASSE Wiki? Send feedback