catalina --eraseinstall command

tcandela
Valued Contributor II

I have a Catalina upgrade policy without --eraseinstall in the command. So computers running 10.13 or 10.14 can do in place upgrade to 10.15. No problems.

I'm wondering if the --eraseinstall command is also added will this then result in the computer to then be unenrolled? since it's being erased I would think so, but I haven't tried it yet.

1 ACCEPTED SOLUTION

fgonzale
Contributor

The computer object remains in Jamf but technically once the machine wipes itself it will be unenrolled until it goes through the Setup Assistant again and contacts your Jamf server to enroll (re-enroll). Of course, if you don't want the machine to enroll again then you would need to remove it from its Apple Manager assignment before going through the Setup Assistant.

View solution in original post

8 REPLIES 8

fgonzale
Contributor

The computer object remains in Jamf but technically once the machine wipes itself it will be unenrolled until it goes through the Setup Assistant again and contacts your Jamf server to enroll (re-enroll). Of course, if you don't want the machine to enroll again then you would need to remove it from its Apple Manager assignment before going through the Setup Assistant.

tcandela
Valued Contributor II

@fernando.gonzalez its not part of DEP. I want it to stay enrolled, so it looks like im gonna have to re enroll it using my quick add pkg or another enrollment method?

fgonzale
Contributor

@tcandela for newer versions of macOS you can do a user-initiated enrollment at https://yourjssinstance/enroll
That will re-enroll the macOS client back into Jamf.

tcandela
Valued Contributor II

@fernando.gonzalez ive been trying this user initiated e rollment for months now. Sending out invitations to user, but when its time for the user to login to enroll they are not allowed. Looks like ldap is whatever the issue.
Do you have user initiated enrollment working?

fgonzale
Contributor

@tcandela oh, do you have an ldap connection configured in Jamf? (Settings > System Settings > LDAP Servers)

tcandela
Valued Contributor II

@fernando.gonzalez yes, but when i send the enrollment invitation out to a person when it comes time for them to login it doesnt work, it tells them they are not allowed. Jamf was working on it, been months now.
Testing ldap from the panel works but not when a user enters their credentials from the invitation process. Seems they need an account in jamf users section.
That's how i see it supposed to work, is that correct?
User goues through the enrollment invitation and when prompted to enter credentials it should validate through ldap?

sdagley
Esteemed Contributor II

For a user to authenticate on the enrollment screen only requires that the LDAP lookup for the account info they entered be successful, they don't need to already be in the Jamf Pro list of known users

tcandela
Valued Contributor II

@sdagley When I test the ldap from the Jamf pro settings it finds users, but when I send invite to a user and then it's time for them to enter their ldap credentials it does not work, user can't get through.

Jamf is notified and working on it.