[Casper] Dealing with laptops that are on/off the network

Nesbitt, Sean M. sean.m.nesbitt at lmco.com
Mon Apr 27 11:36:37 PDT 2009 

The ³self serve-send messages out² procedure is a good idea.

It is possible that the ³SystemConfigTrigger² located in the Casper Resource
Kit may provide a helpful alternative. According to its description:

> This package will install an additional policy trigger onto client machines
> that are managed by the Casper Suite. The policy trigger will check for
> policies whenever a system configuration changes. This includes network
> changes. For example, when changing from a wireless to a wired network, the
> client will then check up on the JSS to see if there are any policies in scope
> for the "SystemConfigTrigger" trigger.

So, as I see it, if this pkg is installed on the laptops *and* if you use
this trigger, it would seem that as soon as the laptop comes from off-site
onto the company network, the change in network address would force it to
check for policies. It would seem like a good solution, except that a policy
can only have a single trigger (it cannot even have ³Self Serve² and another
trigger). More importantly, a policy can only have a single set of status
logs. To my way of thinking, if I was could create a single policy with two
(or more) triggers‹for example, Self Serve and SystemConfigTrigger‹then I
could cover the main possibilities for the software to be installed. (I
understand I could create separate policies for each trigger, however, I
risk the software being installed twice to the same computer).

Is this analysis logical? I would appreciate any thoughts on this or other
solutions.

Thanks,

Sean

On 4/27/09 12:57 PM, "Thomas Larkin" <tlarki at kckps.org> wrote:

>    
> 
>  This is how I massively updated the machines (6,000 macbooks) when the 10.5.5
> and airport update came out that was supposed to address roaming in large WiFi
> network connectivity issues.
> 
>        
> 
>  I downloaded the combo update separate from Apple, and dropped it into Casper
> Admin.  Since Casper will install PKG files just fine no need to create a
> package.  Then I created a self service item that installed the 10.5.5 update
> and the airport update and forced a reboot.  I was also sent out messages
> saying that if you did not manually update the software by a certain date it
> would be pushed out to you with out your consent.
> 
>        
> 
>  Another option I explored but didn't do was push it out to cache and then
> install from cache.  The problem is, most of my users never reboot and hardly
> ever log in/out with their laptops.  So after that grace period of self
> service I changed the policy to ongoing and to hit every machine once, those
> not already installed or updated got it then.
> 
>        
> 
>  I also of course updated my images as well so that when a machine gets
> freshly imaged all the updates are applied.  I really don't know a better
> method, other than just opening up software update, which you can do, and you
> can hack the Unix back end to ensure that admin rights are not needed to
> install updates but that probably opens up some sort of security loop hole, so
> that was something else I explored but then ultimately said no after looking
> into it.    
> 
>        
> 
>  Any suggestions beyond this I would also appreciate.
> 
>        
> 
>  Thanks    
> 
>        
> 
>  Tom
> 
> 
> ___________________________
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> blackberry:  913-449-7589
> office:  913-627-0351
> 
> 
> 
> 
> 
>>>> >>> "Ernst, Craig S." <ERNSTCS at uwec.edu> 04/27/09 12:25 PM >>>
>     
>  
>  
> 
>  In terms of laptops the issue for me is users hardly ever login or logout,
> which means they aren¹t hitting the startup, and so what¹s left? Hoping they
> hit a random schedule task time.
> 
> Care to share with all, Tom?
> 
> Craig E
> 
> On 4/27/09 12:17 PM, "Thomas Larkin" <tlarki at kckps.org> wrote:
> 
>       
>  
>  
>>  
>>  
>> 
>>    
>> 
>>          
>>  
>>  
>>  
>> 
>>  Updates, like software updates, or what are you talking about specifically?
>>  I have tons of laptops that go off and on campus, so I may be able to send
>> you some input, feel free to contact me off the list too.
>>  
>>  
>>  
>> 
>>     
>> 
>>        
>> 
>>          
>>  
>>  
>>  
>> 
>>  Tom
>>         
>>  
>>  
>>  
>> 
>>  
>>>>>  >>> "Nesbitt, Sean M." <sean.m.nesbitt at lmco.com> 04/27/09 12:07 PM >>>
>>     
>>  
>>         
>>  
>>  
>>  
>> 
>>  
>>  
>>   I have some users who have company laptops, however, they do not use them
>> as their primary computer. In fact, these company laptops are only
>> sporadically on the company network. As a result, the laptops are
>> significantly behind in updates once they access the company network.
>> 
>> I would like to set either a procedure or policy that would catch these
>> laptops once they initially logon to the network, yet, I have been unable to
>> find an acceptable solution. I am wondering if other users have this
>> situation and how they have dealt with it.
>> 
>> Thanks,
>> 
>> Sean
>>  
>>         
>>  
>>  
>>  
>> 
>>  
>>  
>>  
>>  
>  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090427/272bca29/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7344 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090427/272bca29/attachment.bin

More information about the Casper mailing list