Posted on 03-27-2022 04:24 PM
So I am trying to setup our PreStage Enrollment for my company and I was watching this video https://www.youtube.com/watch?v=rGmlmZCL5gk
However, I noticed there is a section in the accounts pane where there is already an User-Initiated enrollment and the narrator gave us an option to create another local account.
My question is: how is that even setup (the Jamf admin local account in User Enrollment pane)?
My goal is to have one local admin account that is hidden and one viewable account that is a standard account.
Any advice, or links for tutorials will be appreciated thanks.
03-28-2022 09:13 AM - edited 03-28-2022 09:14 AM
In your Jamf Pro Dashboard, navigate to Settings -> Global Management -> User-Initiated Enrollment
Within the User-Initiated Enrollment settings, navigate to the "Platforms" pane & you can set your management / admin account.
This is where you can make all the changes you are referring too.
03-29-2022 06:14 AM - edited 03-29-2022 06:28 AM
@sujal1208@sujal1208 Hi, as far, as I know, your described goal cannot be reached.
You can create a local account, but you will not be able to use that account to login into the mac, because your created account is not approved in FileVault.
The first user who is created after the initial setup on a mac is always a local administrator. This user will have to grant your hidden account for FileVault. To grant users to FileVault, the concerned user have to type his password in the "grant mask" on the Mac.
Because of these facts above, for me, it is useless to create a local (and or hidden) account on our macs.
If someone give me a reason to do this nevertheless, I will give it a chance, again, but I cannot see any way to grant that hidden account for FileVault via a policy or a script.