memili.blogg.se - Jamf dep

JAMF DEP INSTALL
JAMF DEP SOFTWARE
JAMF DEP PASSWORD

Dockutil: Allows for modification of the dock using a script.

Useful to set some specific user settings without modifying the user template.

Outset: A utility that allows scripts to be run at various times, login or boot and with options for running once or every time.

JAMF DEP PASSWORD

NoMAD: An alternative to binding to AD, allows a local user account maintain a kerberos ticket and sync your password with an AD account password.DEPNotify-Starter: A bash script you can customize to run an array of policies and display output to DEPNotify.

JAMF DEP SOFTWARE

DEPNotify: a great utility to make it look nice while installing your standard software.

A backup plan in Self Service in case our DEPNotify workflow doesn’t start because of the enrollmentComplete trigger failingĪnd here is a list of important tools I used in the process:.

Use NoMAD to sync a local password with the user’s AD password.

Configure setup with DEPNotify and DEPNotifyStarter.sh.

Ensure our JSS and package repo is available off campus.

Here’s a short list of the major steps needed to make sure we were ready to deploy zero touch: I ensured that new users would have NoMAD and VPN installed to make sure they could access network resources and sync their password to their AD credentials even when off campus. I made sure our package repository was available in the cloud by replicating our on-prem repo to Jamf cloud. We still had new employees starting who needed computers. By having a workflow with packages we were able to migrate and test easily a new automated workflow.īut this spring, suddenly everyone was remote.

This was an important setup step to allow us to more easily move to a Device Enrollment Program, or DEP, (now known as Apple Device Enrollment or ADE) workflow. We wiped the drive, but used a blank OS image created with AutoDMG and installed all applications and settings individually with packages. We migrated to using Jamf Imaging, which was similar in some ways. These two settings specifically require approval at each machine unless you enroll with DEP/ADE. One of the biggest reasons to move was the changes with User Approved Kernel Extension Loading (UAKEL) and User Approved Mobile Device Management (UAMDM). We started seeing permissions issues crop up, and with certain updates machines weren’t getting firmware updates. We initially were modifying the Default User Template and found that certain things were no longer working when customized. Most of you know that this is no longer the preferred method, and hasn’t been for some time due to changes in Apple’s security and macOS.

JAMF DEP INSTALL

It was also able to install packages, and truthfully we were installing many items from packages for multiple workflows. DeployStudio worked with netboot, which is no longer available as an option on new Macs. The workflow was to erase the machine and push down static image known as a Gold Master. Initially we were using DeployStudio to image our Macs. Hi folks! If you’ve found your way here for more detailed information from my session at JNUC 2020, From Hands-on to Zero Touch, welcome! I’ve detailed the steps here outlining the process that took us to being able to support zero touch when suddenly everyone was remote.