CLASSE Management of macOS Computers
Increasing adoption of Macintosh computers by CLASSE personnel has led to a need for Mac management software that helps us comply with Cornell policies on information security. To meet this important need, CLASSE-IT has installed a software package called JAMF on CLASSE-managed Macs.
What is JAMF?
JAMF is a widely-used management solution for the Apple platform that provides extensive functionality for IT managers in larger scale enterprise and education environments. It allows us to automate deployments, updates to software, and configurations on CLASSE Macs similarly to how we manage CLASSE Linux and Windows computers.
What does JAMF do?
JAMF software will check CLASSE-managed Macs for standard preferences, applications, documents, and deploy CLASSE standards where needed. Many of these preferences, applications, and documents are required by Cornell University policy and are shown in RED.
For more details on Cornell policies, see
https://www.dfa.cornell.edu/sites/default/files/vol5_10.pdf (45 pages). For an "executive summary", see
https://it.cornell.edu/certified-desktop/certified-desktop-security-policy (nb: CLASSE is required to employ
whole-disk encryption only in special cases, and is NOT currently employing
Code42).
Standard System Preferences
Preferrence Pane |
Tab |
Setting |
Date & Time |
Time Zone |
Set Time Zone to Automatic |
Desktop & Screensaver |
|
Start after 10 minutes |
Energy Saver |
Power Adapter |
Sleep display 30 min, disable display off, never sleep disk, allow wifi wakeup, enable power nap |
Energy Saver |
Battery |
Sleep display 10 min, never sleep disk, dim display while on battery, enable power nap |
Network |
|
Set DNS for active CLASSE Public ports, set search domains for all network ports, allow standard user to configure network settings |
Printer & Scanners |
|
Allow standard user to modify printer list |
Security & Privacy |
General |
Require password 5 minutes after sleep or screensaver |
Security & Privacy |
FileVault |
Enable (for users with confidential/sensitive data) |
Sharing |
|
Allow ssh and Apple Remote Desktop management |
Software Updates |
|
Automatically keep my Mac up to date - check all boxes under "Advanced …” |
User & Groups |
Login Options |
Display login window as Name and password join to CLASSE domain |
Standard Applications
Application |
Use |
ConnectWiseControl.Client |
Remote access to and from other computers |
ESET |
Anti-malware and network firewall |
Fetch |
FTP/SFTP client |
FireFox |
Web browser |
Microsoft Office 2019 |
Office Productivity |
Microsoft Remote Desktop |
Control a Windows-based PC remotely |
Spirion(for users with confidential/sensitive data) |
Scan for confidential/sensitive data |
Pritunl |
VPN client |
Vivaldi |
Web browser |
VLC |
Video player for multiple formats |
X2GoClient |
Control a Linux-based PC remotely |
XQuartz |
X Server for mac OS |
Standard Student Programmer Applications
User Actions Necessary for CLASSE Managed Enrollment
In a small number of cases, users will be asked to approve an MDM Profile. The steps below will need to be performed when physically at the computer.
Approve Mobile Device Management (MDM) Profile:
- Open System Preferences, select *Profiles*
- Click the "Approve" button to approve the *MDM Profile*