How exactly is this an additional Admin account? At the prestage there are no admin accounts or any account. You must have at least one admin account created when you first setup the Mac, otherwise no further accounts will ever be able to grant admin rights to another due to no account having the secure token. You can always remove this first admin account later once the admin account you want to use has been created.
How exactly is this an additional Admin account? At the prestage there are no admin accounts or any account. You must have at least one admin account created when you first setup the Mac, otherwise no further accounts will ever be able to grant admin rights to another due to no account having the secure token. You can always remove this first admin account later once the admin account you want to use has been created.
@geoff_widdowson wrote:
How exactly is this an additional Admin account?
Well, the label on the check box does say "Create an ADDITIONAL local administrator account".
@geoff_widdowson wrote:
At the prestage there are no admin accounts or any account. You must have at least one admin account created when you first setup the Mac, otherwise no further accounts will ever be able to grant admin rights to another due to no account having the secure token. You can always remove this first admin account later once the admin account you want to use has been created.
Fair enough on the requirement to have at least one admin account, but maybe I (mis?)understood the requirement for me to fill up the Management Account field under User Initiated Enrollment to be because it is THE primary admin account. If I was to follow your logic that whatever "additional" Admin account I create with that checkbox is not really additional but a requirement, then why is it that I can uncheck it? What admin account exists on the machine if I don't tick that checkbox?
@geoff_widdowson wrote:
How exactly is this an additional Admin account?
Well, the label on the check box does say "Create an ADDITIONAL local administrator account".
@geoff_widdowson wrote:
At the prestage there are no admin accounts or any account. You must have at least one admin account created when you first setup the Mac, otherwise no further accounts will ever be able to grant admin rights to another due to no account having the secure token. You can always remove this first admin account later once the admin account you want to use has been created.
Fair enough on the requirement to have at least one admin account, but maybe I (mis?)understood the requirement for me to fill up the Management Account field under User Initiated Enrollment to be because it is THE primary admin account. If I was to follow your logic that whatever "additional" Admin account I create with that checkbox is not really additional but a requirement, then why is it that I can uncheck it? What admin account exists on the machine if I don't tick that checkbox?
We can blame Jamf for the confussing here. The first part where you
"Create a local administrator account before the Setup Assistant"
This allows you to enter the account details for both account name and passord. I've never not used this in pre-stage, so I don't know what happens if you don't use it.
The second part, I think should really just say create ANY additional account (at Setup Assistant). And this account is one that you don't give details in Jamf, as it is part of the setup assistant and will prompt for the user to create their own account. You pick if this is STANDARD or ADMIN. This option is needed if you are shipping devices to users, and trust DEP will work out of the box. When you select Skip Account creation, when the device is being setup whomever is turning it on will have to use the Admin account created in the first part.
We can blame Jamf for the confussing here. The first part where you
"Create a local administrator account before the Setup Assistant"
This allows you to enter the account details for both account name and passord. I've never not used this in pre-stage, so I don't know what happens if you don't use it.
The second part, I think should really just say create ANY additional account (at Setup Assistant). And this account is one that you don't give details in Jamf, as it is part of the setup assistant and will prompt for the user to create their own account. You pick if this is STANDARD or ADMIN. This option is needed if you are shipping devices to users, and trust DEP will work out of the box. When you select Skip Account creation, when the device is being setup whomever is turning it on will have to use the Admin account created in the first part.
@geoff_widdowson wrote:
We can blame Jamf for the confussing here. The first part where you
"Create a local administrator account before the Setup Assistant"
This allows you to enter the account details for both account name and passord. I've never not used this in pre-stage, so I don't know what happens if you don't use it.
If I don't tick that check box, the account created during Setup Assistant becomes the admin.
@geoff_widdowson wrote:
We can blame Jamf for the confussing here. The first part where you
"Create a local administrator account before the Setup Assistant"
This allows you to enter the account details for both account name and passord. I've never not used this in pre-stage, so I don't know what happens if you don't use it.
If I don't tick that check box, the account created during Setup Assistant becomes the admin.
Right that makes sense, so it just acts like the default state of any out of the box Mac of making the first account created an admin.
you can send out a policy that creates a admin account on each computer and then you'll only set up a standard user upon set up
