I have seen a lot of topics where people talk about running their quick add packages to re-enroll a mac with the JSS. Maybe I am understanding what they mean incorrectly, but when I run a quick add package on a machine that has previously been enrolled with the JSS it fails unless I completely delete the device entry from the JSS and then run the quick add again. So I guess what I am asking is, is there a way to reenroll a device without having to delete all of the data that is stored in the device entry on the JSS, such as policies that have been run and application usage?
Page 2 / 2
If the device still has the jamf binary and framework I have had good success using
jamf reenroll -prompt
Will prompt for JSS login and ssh login but works with JSS credentials for both, at least on my cloud deployment.
The main difference is how the full chain of trust is established. OTA enrollment, you download a cert (root CA) that is signed by your jamf pro instance (self signed) and you must install it first to establish trust. Once that is established, you then get the MDM profile, which uses that chain of trust to enroll the device. This is designed to do user approved MDM
If you are doing DEP to the cloud, jamf has public certs, which are pre-trusted by Amazon. DEP enrollments are automatically user approved MDM
they are technically different methods. If I am wrong, someone please correct me.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.