My PreStage is configured to create a hidden local admin account and a Standard Local user account.
However, when I deploy a machine running Big Sur the local user is created with Admin permissions.
Has anyone else seen this?
Yes, you need to look at your user initiated enrollment settings in Jamf. In here you have a management account that is being created. This account needs to have a different name than the one you are creating in your prestage enrollment.
i personally created JSSAdmin and set it to have a random password and that fixed my issue