Can a machine be managed before the first "user" account is created?

chlaird
New Contributor III

My goal here: unbox a brand new machine, netboot it, have it get named and managed, then reboot to the account setup screen. We then shut it off, deliver it to the user, and they create their account. We don't want an administrator account on them (the user will be local admin), just the management account.

Problem: they just won't manage. They show up in the JSS with a name and "unmanaged", but that's it. If I run through the account creation process, it usually will sync up and become managed at some point in the middle. But this requires being online during setup, and it's not always 100% (as we found out the hard way, and had to contact some people to come in and have it done again manually).

I have no idea why they reboot into the JAMF setup assistant to run scripts / install software, but they're not being managed during that period.

JSS 9.7, tested on Casper Imaging 9.65 and 9.7

2 REPLIES 2

RobertHammen
Valued Contributor II

Thunderbolt or USB Ethernet adapters? May need to run a script At Reboot, named aaadetectnewhardware.sh, with the following command: networksetup -detectnewhardware

That should allow machines to come online.

If you hide the admin account that Casper uses (i.e. UID under 500), it will not show up in the GUI. Might be a good compromise approach.

chlaird
New Contributor III

Thanks @RobertHammen, you're correct that that worked. We have a few other bugs that are all combining, so my combo-script fixes them all as it goes. I'm not sure if it's a bug on our end, but I tried a clean thin-image, that does NOT format HD, gives it a name, reboots and runs an "empty" firstrun, and then reboots. The below issues still occur, so the below script cleans them all up.

Experiencing this on 9.7 with MacbookPro12,1 machines fresh from the factory. The factory image is 10.10.2, forked build with support for force-touch trackpad

Our issue a bunch of little things rolled into one:

  • Time is wrong after imaging and on boot (it sets it to 00:01), so connection to JSS is rejected
  • Timezone is wrong, so updating the time still leaves it wrong
  • Ethernet adapter is not detected, so updating time fails, and connection to JSS fails
  • "Automatic" management/enrollment, and an added quickadd, still fail due to the above issues
  • If we check the "Force Apple Setup Assistant" box during imaging, it won't run the first-run script until AFTER the user creates their account, then it reboots, then it makes them create their account AGAIN, and then it brings them to their desktop, where they'll have two accounts. Buggy buggy buggy.

Fix:

  1. Run a package that places quickadd.pkg in temp directory /var/empty ('Install on boot drive after imaging')
  2. Run this script
#!/bin/sh

# detects the ethernet adapter
/usr/sbin/networksetup -detectnewhardware
sleep 30

# sets NTP to ntp.moravian.edu
/usr/sbin/systemsetup -setnetworktimeserver ntp.moravian.edu
sleep 2

# makes sure time is actually correct from NTP
/usr/sbin/ntpdate -u ntp.moravian.edu
sleep 2

# sets timezone to ET
/usr/sbin/systemsetup  -settimezone America/New_York 
sleep 2

# installs the quickadd
/usr/sbin/installer -pkg /var/empty/QuickAdd.pkg -target /
sleep 30

# deletes the temp directory
/bin/rmdir /var/empty
sleep 2

# manage again to be safe
/usr/sbin/jamf manage
sleep 2

# recon again to be safe
/usr/sbin/jamf recon
sleep 2

# force firstrun on reboot
/bin/rm /var/db/.AppleSetupDone