- Jamf Nation Community
- Community & Events
- Jamf Nation
- Re: PreStage Enrollment - Policy to enable ARD and...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-12-2022 02:34 PM
Greetings,
I'm familiarizing myself with PreStage Enrollments, and while for the most part it's going well, there are a couple things I was hoping to get some feedback on.
The first may be a simple setting that I'm just missing - applying a Mac's previous name once the enrollment is complete (or during if that's where it needs to take place). For example if I had a Mac called "Mac-99" that's in my Jamf Pro system, and I wipe it, once the PreStage Enrollment is complete (or during) is there a way to apply it's previous computer name "Mac-99" to it? Right now, it gets placed back into it's previous groups, and it get its previous Config Profiles applied back to it. However it does not receive its previous name, and now has the default macOS assigned name of "iMac".
The second conundrum I'm facing it trying to get a post-enrollment script to run that correctly enables ARD, and grants all access to the local admin account that gets created during the enrollment. The account gets created, and works (I can login with it and it is an admin account), however I have scoured the inter webs and tried many different scripts that folks have suggested, and none seem to work. Once it's reporting into Jamf, I can select "Enable Remote Desktop" from the Management category, which does work at simply activating ARD, but that alone of course does not grant any user access. What I'm needing is for a Mac (once done with the PreStage Enrollment) to have ARD activated, and grant the local admin account access to ARD with full permissions.
Again I've tried numerous scripts, some even from here in other Jamf Community posts, however none are working.
Macs are all running Monterey by the way.
Thanks in advance for any help.
Matt
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-10-2022 10:14 AM
I do indeed - thanks for asking.
Another Jamf user PM'd me and I was able to chat with them this morning. I was missing a key component when attempting to get ARD activated with a Config Profile during the PreStage Enrollment - which was granting com.apple.screensharing.agent the needed access via a PPPC payload within one of the Config Profiles I included in the enrollment. Most likely the ARD access and permissions settings were getting applied, but it was fruitless since ARD itself did not have the needed to function that is granted via the PPPC payload.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-12-2022 03:56 PM
EDIT - I found what I was missing as far as applying the previous computer name, by creating a Policy that runs post-enrollment that resets the computer name to match it's Jamf entry - so all good there :-)
Now if I can just get the ARD stuff to work........
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-17-2022 07:42 AM
If I am following your ARD request correctly, I dont think its possible. With macOS Catalina Apple removed the ability to enable (kick start) Screen Recording from any method other than via the GUI. The only exemption to this is using the MDM Command to Enable Remote Desktop.
Enable remote management for Remote Desktop - Apple-support (SE)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-17-2022 04:07 PM
Thanks for the reply. I am able to get ARD enabled by either creating a policy that runs a script post-enrollment, or by selecting the "Enable Remote Desktop" button from client's management tab once enrolled. However, the main issue is granting ARD access and setting the ARD permissions for the local admin account that gets created during the enrollment.
I'm looking into possible solution and will definitely post back with an update.
Matt
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-08-2022 11:39 AM
Do you have an update on this?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-10-2022 10:14 AM
I do indeed - thanks for asking.
Another Jamf user PM'd me and I was able to chat with them this morning. I was missing a key component when attempting to get ARD activated with a Config Profile during the PreStage Enrollment - which was granting com.apple.screensharing.agent the needed access via a PPPC payload within one of the Config Profiles I included in the enrollment. Most likely the ARD access and permissions settings were getting applied, but it was fruitless since ARD itself did not have the needed to function that is granted via the PPPC payload.
