I am testing no-touch app installs and configuration with DEP Mac devices in JAMF.
I have a DEP Mac that I registered with JAMF and initially the device info did note that YES it was enrolled via DEP. After testing many settings I wiped the MAC and deleted the entry in JAMF so it can be configured as a new machine. However, thereafter, in the JAMF computer info, the info states that NO it was not enrolled via DEP. The thing is I have a smart group to add devices enrolled via DEP so now this workstation cant be added and the policies i have created that are tied to the smart group do not apply to this machine.
What is the trick to get JAMF to recognize that this mac was enrolled via DEP?
I also have one error come up: Command requires DEP enrollment: UserList <MDMClientError:74>
Thanks!
Enrolled via DEP: No (?? - YES!)
+5Best answer by chriscollins
I can't address why that is showing as no but my recommendation is to build your smart group around the criteria "Enrollment Method = PreStage enrollment: <name of prestage enrollment>" instead of using that Enrolled via DEP criteria. It will always be accurate. We set our smart group with that as the criteria and enrolled within the last day.
Also I just checked and I am pretty sure jamf gets that status of Enrolled via DEP from the profiles command.
sudo profiles status -type enrollmentI just checked and on a lot of machines that were enrolled via DEP its saying NO even though it was so the underlying profiles command might be giving back bad info.
I can't address why that is showing as no but my recommendation is to build your smart group around the criteria "Enrollment Method = PreStage enrollment: <name of prestage enrollment>" instead of using that Enrolled via DEP criteria. It will always be accurate. We set our smart group with that as the criteria and enrolled within the last day.
Also I just checked and I am pretty sure jamf gets that status of Enrolled via DEP from the profiles command.
sudo profiles status -type enrollmentI just checked and on a lot of machines that were enrolled via DEP its saying NO even though it was so the underlying profiles command might be giving back bad info.
+5I believe I found the solution to the "Enrolled via DEP: No" issue.
In this case I was getting the following error: Command requires DEP enrollment: UserList <MDMClientError:74>
So I triggered DEP on an already configuered mac by running the following:
For lower than 10.13.4: sudo /usr/libexec/mdmclient dep nag
For 10.13.4 and higher: sudo profiles renew -type enrollment
This cleared all the profiles and re-registered it.
Now JAMF see "Enrolled via DEP:" as YES.
Still @chriscollins method is more reliable since it wont depend on this, which I just realized can break.
+14A similar issue has been bugging me all day while preparing computers for incoming students. Thanks @chriscollins and @jsantiago
+1sudo profiles renew -type enrollment
sudo profiles status -type enrollment
Enrolled via DEP: No
still not working and ...
Enrollment Method: User-initiated - no invitation
I enrolled via the https://<jamfserver>/enroll
+5@jsantiago that worked for me, thanks! Just a note, I had to approve the MDM profile again which was ok because the machine was on my testing bench, but it won't work for our 600+ remote computers...
+12Brand new Mojave iMacs (2, three more to go but am holding off...) - JAMF pro 10.12
Same issue: UserList <MDMClientError:74>
Enrolled via DEP: No
Devices are enrolled, have received all of their Policies and Config Profiles
All methods used above have had zero affect
+4I’m getting the same.
I run the profiles command and see no change in the JSS.
I’ve also removed the keychain.aspd file like some other discussions suggest.
Any help would be great.
+4I am starting to see this too, I have 60 computers with this issue and counting. Seeing it's been going on since 2018 I don't think this is ever solved?
+2Same problem..
I also tried the below commands and it still doesn't work when I run the sudo jamf recon.
sudo profiles renew -type enrollment
sudo profiles status -type enrollment
Enrolled via DEP: No
still not working and ...
Enrollment Method: User-initiated - no invitation
I enrolled via the https://<jamfserver>/enroll
Any idea or update on this?
+2Yes. I have the admin account under the laptop.
+11In my experience with this issue, you need to be logged into the machine with an Admin account to run the "sudo profiles renew -type enrollment" command. If you aren't logged in as Admin, the notification to update profiles doesn't show.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.