Skip to main content
Question

User-Initiated Enrollment

  • March 27, 2022
  • 2 replies
  • 14 views
revive
Forum|alt.badge.img+7

Hi Everyone,

So I am trying to setup our PreStage Enrollment for my company and I was watching this video https://www.youtube.com/watch?v=rGmlmZCL5gk 

 

However, I noticed there is a section in the accounts pane where there is already an User-Initiated enrollment and the narrator gave us an option to create another local account.

 

My question is: how is that even setup (the Jamf admin local account in User Enrollment pane)?

My goal is to have one local admin account that is hidden and one viewable account that is a standard account. 

 

Any advice, or links for tutorials will be appreciated thanks. 

    2 replies

    Hugonaut
    Forum|alt.badge.img+15
    • Hugonaut
    • Esteemed Contributor
    • 574 replies
    • March 28, 2022

    In your Jamf Pro Dashboard, navigate to Settings -> Global Management -> User-Initiated Enrollment

     

    Within the User-Initiated Enrollment settings, navigate to the "Platforms" pane & you can set your management / admin account.

     

    This is where you can make all the changes you are referring too.

    Looking for a Jamf Managed Service Provider? Look no further than Rocketman Tech! Virtual MacAdmins Monthly Meetup - First Friday, Every Month
    A
    • Anonymous
    • 0 replies
    • March 29, 2022

    @revive@sujal1208 Hi, as far, as I know, your described goal cannot be reached.
    You can create a local account, but you will not be able to use that account to login into the mac, because your created account is not approved in FileVault.
    The first user who is created after the initial setup on a mac is always a local administrator. This user will have to grant your hidden account for FileVault. To grant users to FileVault, the concerned user have to type his password in the "grant mask" on the Mac.

    Because of these facts above, for me, it is useless to create a local (and or hidden) account on our macs.

    If someone give me a reason to do this nevertheless, I will give it a chance, again, but I cannot see any way to grant that hidden account for FileVault via a policy or a script. 


    Terms & ConditionsCookie settingsAccessibility statement