Best Workflow for Testing Prestage Enrollment

MrR0g3rs
New Contributor III

Hello All, 

If there is already another thread dedicated to this please point me in that direction, I don't mean to duplicate them.

I'm very new to Jamf prestage enrollments, so I am doing a lot of testing. Basically I have taken one of our new Macbooks out of the box and am using it as the testing device. I have been enrolling it, then making changes, then wiping from Jamf Pro, then enrolling again. Sometimes this works as if the computer is new out of the box and sometimes it doesn't. Many times it is as if Jamf remembers the machine even though I delete it. I have also tried unassigning the device in apple manager, sometimes this works sometimes not. 

Does anyone have a workflow for this that works every time? Basically I want to enroll the device see what happens, then make changes and do it again.

1 ACCEPTED SOLUTION

Tribruin
Valued Contributor II

Try changing this setting in your Jamf Pro settings:

Jamf Pro Settings -> Re-enrollment -> Clear policy logs on computers. 

By default, Jamf remembers the policies your computer has run, even through a re-enrollment. So any policies you have set less than re-occurring, may not run again. For example, "Once per Computer" will never run again until you flush the policy logs. By setting this option, all the policy logs will be flushed when a computer is re-enrolled, so all policies should run again. 

Deleting the computer should accomplish the same thing, but I know I don't always remember to do that. (Plus, then you lose any assignments to Static Groups you might have, which is important in my case.) 

 

Also, if you are on Monterey or Ventura and have a comptuer with a T2 or M1/M2 chip, I suggest using Erase All Contents and Settings in System Preferences/Settings to wipe the computer. It is the fastest option. 

View solution in original post

8 REPLIES 8

Tribruin
Valued Contributor II

Try changing this setting in your Jamf Pro settings:

Jamf Pro Settings -> Re-enrollment -> Clear policy logs on computers. 

By default, Jamf remembers the policies your computer has run, even through a re-enrollment. So any policies you have set less than re-occurring, may not run again. For example, "Once per Computer" will never run again until you flush the policy logs. By setting this option, all the policy logs will be flushed when a computer is re-enrolled, so all policies should run again. 

Deleting the computer should accomplish the same thing, but I know I don't always remember to do that. (Plus, then you lose any assignments to Static Groups you might have, which is important in my case.) 

 

Also, if you are on Monterey or Ventura and have a comptuer with a T2 or M1/M2 chip, I suggest using Erase All Contents and Settings in System Preferences/Settings to wipe the computer. It is the fastest option. 

MrR0g3rs
New Contributor III

Thanks for the advice. I have everything checked in re-enrollment. Could you give me more information about where to find Erase All Contents and Settings? Is it in Jamf or on the device?

MrR0g3rs
New Contributor III

Nevermind. I found it!

MrR0g3rs
New Contributor III

This is going to save me so much time!

erichughes
Contributor II

Where did you find the erase contents?

MrR0g3rs
New Contributor III

On the new Macs, if you open System Preferences click the word System Preferences in the top toolbar, you'll see it in that menu.

Thanks, we are mostly still Intel machines. I'll look out for it in the future.

As Tribruin mentioned, it is also there on Intel Macs with the T2 security chip.

A work around for testing older Intel Macs can be to open Terminal before enrollment in setup assistant and press ⌃ Control + ⌥ Option + ⌘ Command + T and then type tmutil localsnapshot

What this will allow is for you to snap the Mac back to that state in recovery in a matter of minutes. The only downside is that the local snapshot only sticks for 24 hours. But when verifying a DEP-notify etc kind of setup for functionality across different generations, it definitely saved me a lot of time.