Skip to main content
Solved

Question about Zero-Touch imaging - What's next after DEP enrollment?

  • August 8, 2018
  • 7 replies
  • 45 views
T
Forum|alt.badge.img+13

I have a computer enrolled into my JSS using DEP. The pre-enrollment ran correctly and all I had to do was select my country and the computer did the rest.

My question is, how do you scope computers to policies that used pre-stage enrollment and not computers that are already enrolled in the JSS?

For example, now I have this computer which I can log into with no packages or settings installed. I want install all my new programs and scripts on it, but I want to ensure I'm not messing with existing computers in my JSS.

Best answer by rderewianko

So, after you run through DEP it would get placed into a smart group.
Enrollment Method: Prestage enrolment is: <dep workflow name>
Last Enrollment is Less than X days ago (2)
We also have a EA that we built that just looks for a file called DEPDone.. and we look for that not to be true.

From there, we trigger a script that: Starts DEPNotify, and walks through a bunch of other policies by trigger.

    7 replies

    R
    Forum|alt.badge.img+18
    • rderewianko
    • Honored Contributor
    • Answer
    • August 8, 2018

    So, after you run through DEP it would get placed into a smart group.
    Enrollment Method: Prestage enrolment is: <dep workflow name>
    Last Enrollment is Less than X days ago (2)
    We also have a EA that we built that just looks for a file called DEPDone.. and we look for that not to be true.

    From there, we trigger a script that: Starts DEPNotify, and walks through a bunch of other policies by trigger.

      T
      Forum|alt.badge.img+13
      • tnielsen
      • Author
      • Valued Contributor
      • August 8, 2018

      BOOM DUDE, that was the group I missed! That's awesome. I thought I was going to have to redesign my entire JSS for this. This is perfect.

      I think JAMF needs to work on their documentation just a wee bit. This is KEY.

        R
        Forum|alt.badge.img+19
        • ryan_ball
        • Contributor
        • August 8, 2018

        @rderewianko Does this begin to work in some version:
        Enrollment Method: Prestage enrollment is: <dep workflow name>

        This is blank for me in 9.101

        R
        Forum|alt.badge.img+18
        • rderewianko
        • Honored Contributor
        • August 8, 2018

        I'm not sure what it looks like in 9. You'd fill it out with the name of your DEP work flow.

        L
        Forum|alt.badge.img+16
        • Look
        • Valued Contributor
        • August 8, 2018

        One thing to note about Prestage Enrollment names: Don't change them if your using them for scoping, unlike other references in criteria which often use the internal ID number for the target, Prestage Enrollment has to string match the name exactly.

        S
        Forum|alt.badge.img+16

        @rderewianko Would it be possible for you to share your EA and and workflow for this?

        R
        Forum|alt.badge.img+18
        • rderewianko
        • Honored Contributor
        • August 9, 2018

        Sure, this was inspired by what @chriscollins is doing.

        In my initial script that triggers off DEPNotify and runs the rest, I have a line at the end 

        touch /var/db/.DEP_Done

        I then have a EA that looks for that file

        #!/bin/sh
if [ -e  /var/db/.DEP_Done  ]
then 
  echo "<result>True</result>"
else
  echo "<result>False</result>"
fi

        Based on that, I can search for "Not True" which also would include no value.. It's a small safe guard for me to ensure that DEP never runs again on a machine that's been DEP'ed

          Terms & ConditionsCookie settingsAccessibility statement