correct flattening/reinstall procedure (missing profiles)


Hi everyone,

I'm nearly done with our initial JAMF setup, one thing I still haven't got right is a way to flatten/wipe/reinstall computers (however you want to call it) which are already in JAMF.

Initially I created a policy to cache the mojave installer and then run it with the erase flag which works OK, but I was deleting the computer record from JAMF each time so that everything ran again when I re-enrolled it.

Reading about that it seems as though it's not a good idea as you lose all the historical usage data for the computer, plus it's an extra step which has to be carefully timed and requires a JAMF admin also. Ideally I'd like to get this working through self service alone so our academic computer support team (who won't be going into JAMF) can do it themselves.

I then changed the policy so that it runs two lines of script before the mojave install, which are

  1. unload the JAMF check-in daemon so it stops doing check-ins
  2. clear the policy history on jamf using the binary

This works well in that when the machine re-enrolls any 'run once' policies run again correctly but don't start running while the mojave download is doing its thing.

I thought I'd cracked it but what doesn't seem to work is that when the machine has been re-enrolled it only ever gets a couple of the configuration profiles pushed to it. There should be 20-30 on there as I've done most of the software preferences that way but they never seem to appear.

It's as though when a machine is freshly created in JAMF it instructs APNS to push out all the profiles in scope, but when it re-enrolls this step doesn't happen?

I wondered if this is a bug of some kind or if I need to add some code to the initial setup scripts which does some forced sync of all the profiles if that's possible.

It would be good to hear how other people are handling this.