We have a local account on our Macs called "student" to which we want to apply the same restrictions that we apply to Active Directory accounts. Now that we've had our JAMF JumpStart, this account is created by policy during the imaging process. We're aware that the account needs to be MDM enabled using the jamf mdm -userLevelMdm command, and we have a policy to do that.
However we have run into a problem. If we reimage a computer that was previously imaged by Casper (and had its local student account created automatically by Casper), the MDM enabling setting "remembers" the UUID of the "old" student account meaning that in "MDM Capable Users" we see "student" twice, and when logging in with the "new" student account, the Configuration Profiles are not applied. The workaround the reseller who installed the system suggested (which we tested, and which does work, but is not ideal) is to delete the computer record from the JSS - if done after imaging, the computer needs to be manually re-enrolled.
This is not ideal though, particularly if we want to reimage large numbers of machines. Is there a proper way to deal with this problem, or is this a bug I should be filing with JAMF?
Thanks,
Dan Jackson (Lead ITServices Technician)
Long Road Sixth Form College
Cambridge, UK
