Casper supports two types of users and groups. Local users and groups stored only in Casper’s MySQL database and directory users and groups added from an external directory service such as Active Directory, Open Directory, Novell or other LDAP-compatible service.
During the setup process, the JSS will have you create your first account. This account will be a local administrator with full privileges. Although you will probably choose to use directory accounts for daily operations, keep this or another local account’s information available in case access to the directory service fails. A common first account name is “casperadmin”.
New Standard Account
To add a new standard (local) account, click the New button or press the “n” key for “new”. Choose Create Standard Account and click the Next button.
Under the Account tab, complete all fields for the new local user and choose either a pre-defined Privilege Set or choose Custom for more granular privileges. If choosing Custom, click the Privileges tab to assign permissions. Click the Save button or press “Control + s” for “save” when done.
To change any of the settings for a standard account, click the Edit button or press the “e” key for “edit”.
New LDAP Account
Note: LDAP accounts require you configure an LDAP Server connection first! Create an LDAP Server connection before trying to add an LDAP account. A directory connection makes the Add LDAP Account and Add LDAP Group options available.
To add a new LDAP (directory) account, click the New button or press the “n” key for “new”. Choose Add LDAP Account and click the Next button.
Enter a username from the directory and click the Next button.
Click the Add button next to the account you’re adding to the JSS.
Under the Account tab, complete or modify any additional fields for the new LDAP user and choose either a pre-defined Privilege Set or choose Custom for more granular privileges. If choosing Custom, click the Privileges tab to assign permissions. Because this is an LDAP account, password fields are not displayed. Directory users should modify their directory account passwords outside the JSS.
Click the Save button or press “Control + s” for “save” when done.
Each account contains a history with creation date, modification dates and notes as well as who created or modified the account. Click the History button or press the “l” key while viewing the account to view the history.
Click the Add Note button to include miscellaneous information for the user account.
The note appears in inline with the account’s history and other notes.
While viewing a standard or directory account, click the Clone button to duplicate the account and its privileges to make a new account. If cloning an LDAP account, you must enter the username of a directory user. You will also need to manually update the Full Name and Email Address fields for this new user.
Each account and group contains a privilege set to define access to objects within the JSS and control access to the Casper Suite applications (Casper Admin, Casper Imaging, Casper Remote and Recon). Carefully designed privileges allow certain users or groups access only to those objects they need for their roles. For example, a full administrator may have privileges to all parts of the JSS and applications whereas a Help Desk group may have privileges only to review logs and use Casper Remote.
While editing a user click the Account tab or while editing a group click the Group tab. Choose the Privilege Set that most closely matches this user’s or group’s responsibilities.
- Administrator: Full privileges to create, read, update and delete all objects in the JSS and use all Casper Suite applications.
- Auditor: Privileges to read all objects and settings in the JSS but no privileges to create, modify or delete those objects.
- Enrollment Only: Privileges to use any part of the JSS required to add users and devices but no privileges to delete users and devices.
- Custom: Granular privileges to access part or all of the JSS and applications.
If choosing the Custom Privilege Set then click the Privileges tab to edit privileges.
|JSS Objects||JSS Settings||JSS Actions||Recon||Casper Admin||Casper Remote||Casper Imaging|
|Create, Read, Update and Delete||Read and Update||Allow or Deny|
|Accounts and Groups||Activation Code||Change Password||Add Computers Remotely||Use Casper Admin||Use Casper Remote||Use Casper Imaging|
|Advanced Computer Searches||Apache Tomcat Settings||View License Serial Numbers||Create QuickAdd Packages||Save With Casper Admin||Install/Uninstall Software Remotely||Customize a Configuration|
|Advanced Mobile Device Searches||Apple Configurator Enrollment for Mobile Devices||Send Email to End Users via JSS||Run Scripts Remotely||Store Autorun Data|
|Advanced User Content Searches||Autorun Imaging||Send Computer Remote Lock Command||Map Printers Remotely|
|Advanced User Searches||Casper Imaging||Send Computer Remote Wipe Command||Add Dock Items Remotely|
|Buildings||Change Management||Send Computer Unmanage Command||Manage Local User Accounts Remotely|
|Categories||Check-In||View Disk Encryption Recovery Key||Change Management Account Remotely|
|Classes||Cloud Distribution Point||View Activation Lock Bypass Code||Bind to Active Directory Remotely|
|Computer Enrollment Invitations||Clustering||Flush Policy Logs||Set Open Firmware/EFI Passwords Remotely|
|Computer Extension Attributes||Computer Inventory Collection||Send Inventory Requests to Mobile Devices||Reboot Computers Remotely|
|Computer PreStage Enrollments||Customer Experience Metrics||Send Mobile Device Remote Lock Command||Perform Maintenance Tasks Remotely|
|Computers||GSX Connection||Send Mobile Device Remove Passcode Command||Search for Files/Processes Remotely|
|Configurations||JSS URL||Send Mobile Device Remote Wipe Command||Enable Disk Encryption Configurations Remotely|
|Departments||Limited Access||Unmanage Mobile Devices||Screen Share with Remote Computers|
|Device Enrollment Program||Log Flushing||Send Mobile Device Managed Settings Command||Screen Share with Remote Computers Without Asking|
|Directory Bindings||Mobile Device Inventory Collection||Send Mobile Device Mirroring Command|
|Disk Encryption Configurations||PKI||View JSS Information|
|Disk Encryption Institutional Configurations||Security|
|Dock Items||Self Service|
|eBooks||Self Service Web Clip|
|Enrollment Profiles||SMTP Server|
|File Share Distribution Points||User-Initiated Enrollment for Computers|
|iOS Configuration Profiles||User-Initiated Enrollment for Mobile Devices|
|Managed Preference Profiles|
|Mobile Device Applications|
|Mobile Device Enrollment Invitations|
|Mobile Device Extension Attributes|
|Mobile Device Managed App Configurations|
|Mobile Device PreStage Enrollments|
|OS X Configuration Profiles|
|Removable MAC Addresses|
|Self Service Plug-ins|
|Smart Computer Groups|
|Smart Mobile Device Groups|
|Smart User Groups|
|Software Update Servers|
|Static Computer Groups|
|Static Mobile Device Groups|
|Static User Groups|
|User Extension Attributes|
Log in to user-specific account
The ultimate goal of creating accounts is to have each JSS administrator log in to his own account. This makes tracking changes made by an administrator (accountability) possible and gives him the ability set his own preferences without affecting others. Each login provides an administrator his own dashboard, display and email settings.
To log out the first account or current account, click the down arrow next to the username in the upper right corner of the window and choose Log Out.
Enter the newly created standard or LDAP account and click the Log In button.
Going forward, continue logging in with a user-specific account.