Skip to main content
Solved

Best Workflow for Testing Prestage Enrollment

  • October 31, 2022
  • 8 replies
  • 25 views
M
Forum|alt.badge.img+4

Hello All, 

If there is already another thread dedicated to this please point me in that direction, I don't mean to duplicate them.

I'm very new to Jamf prestage enrollments, so I am doing a lot of testing. Basically I have taken one of our new Macbooks out of the box and am using it as the testing device. I have been enrolling it, then making changes, then wiping from Jamf Pro, then enrolling again. Sometimes this works as if the computer is new out of the box and sometimes it doesn't. Many times it is as if Jamf remembers the machine even though I delete it. I have also tried unassigning the device in apple manager, sometimes this works sometimes not. 

Does anyone have a workflow for this that works every time? Basically I want to enroll the device see what happens, then make changes and do it again.

Best answer by Tribruin

Try changing this setting in your Jamf Pro settings:

Jamf Pro Settings -> Re-enrollment -> Clear policy logs on computers. 

By default, Jamf remembers the policies your computer has run, even through a re-enrollment. So any policies you have set less than re-occurring, may not run again. For example, "Once per Computer" will never run again until you flush the policy logs. By setting this option, all the policy logs will be flushed when a computer is re-enrolled, so all policies should run again. 

Deleting the computer should accomplish the same thing, but I know I don't always remember to do that. (Plus, then you lose any assignments to Static Groups you might have, which is important in my case.) 

 

Also, if you are on Monterey or Ventura and have a comptuer with a T2 or M1/M2 chip, I suggest using Erase All Contents and Settings in System Preferences/Settings to wipe the computer. It is the fastest option. 

    8 replies

    T
    Forum|alt.badge.img+19
    • Tribruin
    • Honored Contributor
    • 582 replies
    • Answer
    • October 31, 2022

    Try changing this setting in your Jamf Pro settings:

    Jamf Pro Settings -> Re-enrollment -> Clear policy logs on computers. 

    By default, Jamf remembers the policies your computer has run, even through a re-enrollment. So any policies you have set less than re-occurring, may not run again. For example, "Once per Computer" will never run again until you flush the policy logs. By setting this option, all the policy logs will be flushed when a computer is re-enrolled, so all policies should run again. 

    Deleting the computer should accomplish the same thing, but I know I don't always remember to do that. (Plus, then you lose any assignments to Static Groups you might have, which is important in my case.) 

     

    Also, if you are on Monterey or Ventura and have a comptuer with a T2 or M1/M2 chip, I suggest using Erase All Contents and Settings in System Preferences/Settings to wipe the computer. It is the fastest option. 

    M
    Forum|alt.badge.img+4
    • MrR0g3rs
    • Author
    • Contributor
    • 13 replies
    • October 31, 2022

    Try changing this setting in your Jamf Pro settings:

    Jamf Pro Settings -> Re-enrollment -> Clear policy logs on computers. 

    By default, Jamf remembers the policies your computer has run, even through a re-enrollment. So any policies you have set less than re-occurring, may not run again. For example, "Once per Computer" will never run again until you flush the policy logs. By setting this option, all the policy logs will be flushed when a computer is re-enrolled, so all policies should run again. 

    Deleting the computer should accomplish the same thing, but I know I don't always remember to do that. (Plus, then you lose any assignments to Static Groups you might have, which is important in my case.) 

     

    Also, if you are on Monterey or Ventura and have a comptuer with a T2 or M1/M2 chip, I suggest using Erase All Contents and Settings in System Preferences/Settings to wipe the computer. It is the fastest option. 


    Thanks for the advice. I have everything checked in re-enrollment. Could you give me more information about where to find Erase All Contents and Settings? Is it in Jamf or on the device?

    M
    Forum|alt.badge.img+4
    • MrR0g3rs
    • Author
    • Contributor
    • 13 replies
    • October 31, 2022

    Thanks for the advice. I have everything checked in re-enrollment. Could you give me more information about where to find Erase All Contents and Settings? Is it in Jamf or on the device?


    Nevermind. I found it!

    M
    Forum|alt.badge.img+4
    • MrR0g3rs
    • Author
    • Contributor
    • 13 replies
    • October 31, 2022

    Try changing this setting in your Jamf Pro settings:

    Jamf Pro Settings -> Re-enrollment -> Clear policy logs on computers. 

    By default, Jamf remembers the policies your computer has run, even through a re-enrollment. So any policies you have set less than re-occurring, may not run again. For example, "Once per Computer" will never run again until you flush the policy logs. By setting this option, all the policy logs will be flushed when a computer is re-enrolled, so all policies should run again. 

    Deleting the computer should accomplish the same thing, but I know I don't always remember to do that. (Plus, then you lose any assignments to Static Groups you might have, which is important in my case.) 

     

    Also, if you are on Monterey or Ventura and have a comptuer with a T2 or M1/M2 chip, I suggest using Erase All Contents and Settings in System Preferences/Settings to wipe the computer. It is the fastest option. 


    This is going to save me so much time!

    E
    Forum|alt.badge.img+7
    • erichughes
    • Valued Contributor
    • 90 replies
    • November 1, 2022

    Where did you find the erase contents?

    M
    Forum|alt.badge.img+4
    • MrR0g3rs
    • Author
    • Contributor
    • 13 replies
    • November 1, 2022

    Where did you find the erase contents?


    On the new Macs, if you open System Preferences click the word System Preferences in the top toolbar, you'll see it in that menu.

    E
    Forum|alt.badge.img+7
    • erichughes
    • Valued Contributor
    • 90 replies
    • November 1, 2022

    On the new Macs, if you open System Preferences click the word System Preferences in the top toolbar, you'll see it in that menu.


    Thanks, we are mostly still Intel machines. I'll look out for it in the future.

    WilsonFredonia
    Forum|alt.badge.img+4
    • WilsonFredonia
    • Contributor
    • 14 replies
    • November 3, 2022

    Thanks, we are mostly still Intel machines. I'll look out for it in the future.


    As Tribruin mentioned, it is also there on Intel Macs with the T2 security chip.

    A work around for testing older Intel Macs can be to open Terminal before enrollment in setup assistant and press ⌃ Control + ⌥ Option + ⌘ Command + T and then type tmutil localsnapshot

    What this will allow is for you to snap the Mac back to that state in recovery in a matter of minutes. The only downside is that the local snapshot only sticks for 24 hours. But when verifying a DEP-notify etc kind of setup for functionality across different generations, it definitely saved me a lot of time.


    Terms & ConditionsCookie settingsAccessibility statement