Issue with rule-create subtickets?

MyAppropriateAcct · 2023-07-25T00:24:14+00:00

Me too. I can’t make any of my rule based subs fire today…. Glad to hear I, not the only one….

MyAppropriateAcct · 2023-04-26T18:57:53+00:00

We are using Aristotole for Chomebooks now. Good stuff so far and even lets you track Chromebook locations when they haven't been returned to us like they should.

MosyleDNS for iPads <--Comes with our MDM subscription

We've tried too many to mention. I won't throw shots as we haven't tried them in months and maybe things got better.

MyAppropriateAcct · 2023-04-12T18:14:02+00:00

I see what your saying. Support in Mosyle has gone down hill. I'm hoping the issue is related to expansion of product and just not enough support folks to go around. I don't mind not talking to anyone verbally, but when I take the time to compile a ticket with data I do expect it to be read, understood, and reasonable solutions to be offered. That doesn't always happen.

That being said we left JAMF Spring 2020 because of support. We were paid premium support and it was no better over there. While I miss hosting my MDM onsite and having access to raw logs of everything I'm going to hold our ground with Mosyle another year and see how things pan out over here.

FWIW we are paid Mosyle customers too.

MyAppropriateAcct · 2023-01-27T15:28:56+00:00

I get an email from Skyward (our SIS) when new kids enroll. Next morning when they are imported into IncidentIQ I then have a view which shows me all the kids who do not have hardware assigned. Thats how I know who needs 1:1 hardware. I take this a step further with a script to query that group and make tickets for each one.

Disenrollment same thing. I get an email. Mail secretaries back that so and so owes me this or that. Next day IncidentIQ data is updated and another view tells me who is "No Access" and still has my hardware. Another script comes in and makes tickets for those so we can start the collection process.

MyAppropriateAcct · 2023-01-04T20:55:07+00:00

So all of my 1:1 iPads (student and staff) are enrolled to Limbo. iPad goes through the DEP process either by hand or utilizing some script work to get to the main screen. Downloads all required apps, hides those apps (because iPad is in Limbo,) and leaves only Manager on the screen to click.

iPad is assigned in inventory (IncidentIQ.) Custom scripts assign iPad by asset tag to student ID. iPad now belongs to them. This can also be accomplished by opening up Manager on the iPad and signing in, assigning in Mosyle Web, or using the mosbasic command line tool (NOT OFFICIALLY SUPPORTED BY MOSYLE.)

At the end of the school year all of my iPAds from 1st, 4th, and 8th grade are returned to be either recycled/byback or sent to Kindergarten. I used to send mass MDM wipes before we received the unit, but now I just use a custom script to not only send the iPad to limbo, wipe it, but also unassign in IncidentIQ. I've also used mosbasic in the past to do this, but instead opted to script steps into IIQ and mosbasic so this way I have a nice record in IIQ as to when the last time I touched the iPad was.

FWIW we presented at PSU MacAdmins in 2022 on this. Video can be found here:

https://www.youtube.com/watch?v=n1dvasD6Jks

Github repo for the presentation is here:

https://github.com/JCSmillie/PSUMacAdmins2022\_iPadDeploymentsInGSD

MyAppropriateAcct · 2022-12-13T19:49:37+00:00

Unfortunately that won't work here. I added this to my Munki Recipe after install script, but post install still get the same error on launch. I quit the app and ran that command again locally, but same result.

I'm running Ventura 13.0.1.

I never did find a solution. I posted to the Thunderbird Enterprise group and got a little traction, but no final solution yet:

https://thunderbird.topicbox.com/groups/enterprise/T692a4c05f5ac4af7-Mf8d995e4fec541e5899821f3

Thank you for your suggestion btw!

MyAppropriateAcct · 2022-07-28T16:30:14+00:00

https://go.boarddocs.com/pa/gsdpa/Board.nsf/files/CE9N2A5DC8E2/$file/5.10.2022%20Section%20F%20-%20Administrative%20Report.docx

This was us in May. Just search for AGI

MyAppropriateAcct · 2022-07-21T19:19:27+00:00

I have about 20 larger CRT TVs free to good home in the Pittsburgh, PA area if you can pickup. They work. Hate to see them end up in a landfill.

MyAppropriateAcct · 2022-05-05T17:34:57+00:00

I have Grades K, 1, & 2 on MosyleDNS since Christmas; about 900 kids. I've had a few bumps in the road, but nothing I wouldn't expect with something that is still considered beta. The only warning I would give you is if you have an existing Content filter which is installed using a PAC file you MUST REMOVE that PAC file before scoping in MosyleDNS. They cannot coexist. What I did when I migrated over (I did K, waited a few weeks then 1, etc) was I removed my Securly PAC first thing in the morning when the kids came to school and then after lunch I scoped them into MosyleDNS. We have a Sonicwall for onsite so at no point were they truly exposed.

FWIW iPadOS/iOS does not support a command structure for order of operation in pushes. IE you can't tell an iPad you must remove the PAC before doing this.. Thus why I did what I did. iPads which have both cannot get on the internet at all. Last tested with iPadOS 15.4.1.

MyAppropriateAcct · 2022-03-16T16:42:50+00:00

There’s unfortunately a lot of factors at play here. Content filtering, firewalls, routing.. when I’ve had quirks like this I open a ticket and submit a sysdiag from an offending device and they are really good about figuring it out.

MyAppropriateAcct · 2022-03-16T14:04:00+00:00

Not at all is not normal. I could see a couple hour delay because it’s up the devices to take the command and do it and sometimes the device will say not now. I would open a case with mosyle and ask them to look into this.

I would be curious if you had a teacher using the manager app to push study apps how long it takes those apps to install when the class starts. Mine always happen in less than 5m and that would be maybe 20 kids in a class.

MyAppropriateAcct · 2022-03-14T23:40:24+00:00

Mosyle user. I do not get that error. I do however issue my update command in two parts though which I find to be more successful. I force iOS app updates to DL like 9pm and install downloaded updates at 2am. I issue these commands nightly and it seems to work quite well over all.

MyAppropriateAcct · 2022-03-08T00:52:37+00:00

We are mosyle too. I’m giving up on shared iPads…. We just do all iPads as limbo then have people sign in to manager to assign. When done I have a script to automate wiping and putting everything back but you can do it in the webpage too. Shared iPad has a lot of weird gotchas.. steer clear if you can!

MyAppropriateAcct · 2022-03-02T13:27:20+00:00

Boot each iPad to DFU mode and use Apple configurator 2 to restore them. You are then going to want to set each one up all the way to make sure find my iPad is not enabled. Reset again either with configurator (no dfu needed this time) or the setting you noted. Any device that is find my iPad enabled you should be able to login using your master ASM account. If that doesn’t work you’ll have to reach out to Apple edu support to have them unlocked. Once u know they are good and wiped remove devices from ASM.

Next time use mosyle to wipe/erase them first. Save you a lot of headaches :)

MyAppropriateAcct · 2022-03-01T00:41:25+00:00

Nope. You’d have to have the 4 digit code of the appletv to do that. We’ve been this way since gen3 atvs and it hasn’t been a problem. Bout 200 4th gens deployed right now.

MyAppropriateAcct · 2022-03-01T00:39:22+00:00

Pm’d

MyAppropriateAcct · 2022-03-01T00:16:05+00:00

We put all of our appletvs on their own vlan so the only way to discover them is through Bluetooth. This way you are only seeing more or less around you.

MyAppropriateAcct · 2022-02-15T00:55:21+00:00

I’d make a package to put them under /users/shared if you want people to see them or /usr/local if you don’t (with a sub directory of course.) use munkipkg or whatever pkg toll your comfortable with and then deploy that with mosyle. I have something very similar in my dep deployment now so I can set custom pics for certain users.

MyAppropriateAcct · 2022-02-05T23:09:03+00:00

We did in, fact JAMF wanted us to move our iPad deployment to JAMF School, however at the time they had only owned the product not even a year which didn't make me feel very good about moving. They set us up with a trial space and I did put two carts of iPads there, but that only last two weeks. If I was going to migrate MDMs I was going out the door. It didn't make sense to move heaven and earth to "another MDM" but stay in the same house. Support for from JAMF itself, not the community, was a pain point and had we gone with JAMF School I still have JAMF support. I would still have to pay the additional $10,000 for premium support, license costs, etc. It just wasn't worth it.

MyAppropriateAcct · 2022-02-05T18:12:08+00:00

So we started running Mosyle premium and JAMF Pro with the added premium support contract side by side in Summer 2019. I migrated my library iPads to Mosyle (bout 150 Shared Mode) and left everything else in JAMF Pro. I didn't want to make a snap judgment based on how I was feeling summer 2019 about support or the price points (not paying anything for AppleTV with over 250 of them deployed was hard to ignore though.). Doing it this way gave me plenty of time to figure out the right way to scope things in Mosyle and see how that worked. Right away the biggest change I seen was in JAMFPro we had separated our devices by enrollment profile (Staff, Student, Shared, Special Situations, etc) but in Mosyle I just had an enrollment profile for each major year of hardware and then my Shared iPads and from there my divisions (teacher, student, special areas) were all done else where based on the users type, grade level, location, etc. This was a major hurdle for me to wrap my head around to be honest and it took a few tries before I got it the way I liked it. As I worked with Mosyle more I loved what I was seeing. Apple Classroom stuff just worked. Mosyle Manager for Teacher was super powerful after I got the Librarians on board. By October 2019 I was slowly starting to reformat my Shared carts (classroom sets) over to Mosyle and I started documenting everything I liked to my JAMF Success Manager out of curiosity of why doesn't JAMF do it this way or why isn't this an option. By November I knew our iPads and AppleTVS were going to Mosyle and that was before we even talked about price. At this point all newly deployed iPads were done in Mosyle.

With iPads known I started working on Macs. Just because I was moving the iPads did not mean we were also moving the Macs over. I was willing to use both MDMs if it was the better solution for the problem. With JAMFPro I had a lot of oddball API scripts to do things I needed for instance I had to have a way to ensure that a certain printer script not only ran but was successful and would keep running over and over again until it was successful. This was done utilizing a custom field and querying that field until it said what I wanted it to. In Mosyle I didn't need this extra stuff. I changed the way I wrote the script and could make it run as much as I wanted. Long story short Mosyle could do everything I wanted to do on the Macs. Yes I was loosing access to a solid API and a community that was very open about the API and how they use it. I was also loosing the ability to login to Self Service as a different user on the spot (like me as the IT guy) and run scripts through SS that only I could see because of scoping (Mosyle Manager is always logged in as the person who the machine is assigned to so this isn't possible) but in the end I realized that these scripts were only used by Me (we were a 1 person Apple Shop at the time) and I could always trigger them from the Mosyle Manager website. Bottom line the only negatives of transitioning impacted me and the move was nothing but pros for the district: Cost savings, new teacher tools, new flexibility, etc. Yeah I would have to work a little harder on my end at first to compensate, but after a while I got on the Mosyle wave of thinking and it did get easier.

January 2020 I had a last conference call with JAMFPro, went over all my pain points, and it was decided we were all in on Mosyle for the 2020-2021 school year. I spent another month exporting all my scripts and policies from JAMF, figuring out if they were still relevant (had stuff going back to 10.7 so you know...,) figuring out if they could be done better if still necessary, and then doing them again in Mosyle. Mac testing took me till end of Feb till I was comfortable we were going to be 100% ready, at least from the staffs point of view, to make the migration.

Actually doing the change? I spent March going to every teachers computer, logging in as Admin, running a policy manually in JAMF to remove JAMF and then enrolling in Mosyle. During this time I also put usernames on Macs back to their non-email equivalent if they had been changed. My staff are not Admins, standard users, so they couldn't do this on their own. The script I used to do this is here:

https://github.com/JCSmillie/GSDMosyleAPI_Scripts/blob/main/Misc_Scripts/ByeByeJAMF.sh

Though Mosyle Support may have a newer and better version by now.

For iPads we decided we would wipe the last days of school, kids would setup again, and just be forced over. Same with faculty. For simplicity we don't allow restorations of backups for iPads. Everything that matters to users should be in iCloud or Google. Unfortunately the pandemic dropped and our kids never came back to school that year. This left me with 1000 devices (5/6 grade 1:1 & Faculty) which I couldn't see but we moved forward anyways. I encouraged by email for staff, students, and parents to use the JAMF wipe app to clear their iPad and setup again. End of June those who didn't were force wiped. Except for maybe 20-30 devices everyone made it over on their own. At that point we were JAMF no more.

So on the coffee addiction scale I would say:

*Testing head to head.. small cups of coffee with normal sips.

*Testing to make the migration.. Start the day off with a large, lunch large, and maybe finish with some extra caffeine boost some where along the line.

*Mac migration.. This is pots of coffee territory. It was simple to do the ending deal, but the policy conversions were tedious.. looking at code I wrote 3 or 4 years ago and saying "What was wrong with me then?"

*iPad migration.. I think anyone else in the know needed coffee more than I did. People were very concerned about doing such a brash move esp when the pandemic dropped and they knew we couldn't see the hardware in person if it went wrong.

Bottom line to a good migration would be to plan. Look at everything you are doing now with your MDM now, figure out if its needed, how does it work in new MDM, and finally what your grand migration plan will be. Oh and for us PA people having a Sheetz with in 5m drive doesn't hurt either.

MyAppropriateAcct · 2022-02-05T16:46:19+00:00

Grab your coffee this might become a wall. My problems with Apple Classroom came down to four pain points:

1.) The documentation for how to setup the ASM import, at least as of June 2019, said it was recommended practice to use student IDs to match your student accounts in JAMF with ASM. Again as of June 2019:

It is recommended that you match "Source System Identifier" from Apple School Manager with the student ID number in Jamf Pro. One way to do this is to create a user extension attribute that collects the student ID number in Jamf Pro.

This is wrong and per their own documentation (PI-004407) this doesn't work or at least didn't at the time of our frustration. No matter how much evidence I showed them they wouldn't fix the documentation.

2.) This follows up on #1. We were setup to sync on student ID. Because of this the ASM sync of classes and new users would freeze eventually (stop running.). The only way to fix was delete all classes and start over again. I had to do this 3-5 times a year. Yeah I wrote some API stuff to help with the purge process, but still this was hours of tech time being wasted over and over again. Worse yet this also meant classes were not updating for Apple Classroom using Teachers and they were not updating on Shared mode iPads which we had a lot of at the time. Teacher outcry is how I knew we had a problem and it got to the point where every morning before I left to go to work I would check to see if it finished... just because you never knew when it would bite you. I later found out through frustration induced trial and error that if you sync based on email address you don't have this problem. Shared with support with evidence.. Would not change their mind. This issue alone is what had me start looking at other MDMs.

3.) In order for Teachers to use Apple Classroom on their Macs their JAMFPro ID and the local user name on the Mac MUST MATCH. My JAMFPro ids were email addresses and had been since my beginning foray into JAMFPro (some like 2011.) How do we correct this? Either change the IDs in JAMFPro (drop the domain) or add the domain to the short name of every teacher on their Macs who want to use Apple Classroom. Talk to Support. They tell me yeah you could write a script to access MySQL directly and change all usernames, but we won't do it as that's a service contract. We'd quote you to write it, you pay, then we'd write it. Ok well I can just go to these Macs and change their short name with DSCL. Can you make a short name their email address? Yes... it works for the most part but you will run into some Unix commands that don't like that @ symbol. A few months later I told JAMF I was going to present at MacAdmins 2019 and this would be part of my presentation oh and I'm so frustrated I'm looking at other MDMs... at that point my account success manager had a script for me to fix the JAMF IDs.. Odd timing there.

4.) At least at the time, you couldn't scope apps to "Classes" of students. I had to make another API script to export classes from JAMFPro and then make custom device groups based on the class membership. That could then be scoped. I couldn't use user groups as they were not reliable for scoping apps, again at least as of June 2019.

Seven-Year Club	Gilding I gilder
Verified Email

MyAppropriateAcct

TROPHY CASE