Jamf Nation Community

nvandam · ‎07-20-2017

One of my concerns with our DEP prestage enrollment deployment is that if the end user does not have an internet connect during their setup, they can just skip the DEP enrollment... But I've been told that a nagging notification should pop up telling the end user that their computer wants to be managed by company XYZ. I don't seem to get that notification. I've had a MacBook setup and connected to the internet for over a day now and no notifications. I found another post here that said to try "sudo /usr/libexec/mdmclient dep nag" and that results in show me all the DEP info: Organization Address, Department, Phone number, etc. Does anyone have some insight for me regarding this? Thanks!

stuartwilcox · ‎07-20-2017

Is the test computer in PreStage Enrollments in your JSS? And does it have a check next to it?

nvandam · ‎07-20-2017

@stuartwilcox , It is and it does. What's interesting is I just went to take a screenshot of it, and it says it's completed it's prestage enrollment. This morning...

stuartwilcox · ‎07-20-2017

@nvandam Interesting. I have not seen that before.

I can say that we have had several computers that were not connected to network and later did get the DEP nag that you mention and we were able to enroll them at that time.

Look · ‎07-20-2017

I can absolutely attest that it nags the heck out of you any time you have an internet connection!
Had my own machine set for DEP and it nagged me every 15 minutes or so.

mahughe · ‎08-10-2017

when this nag appears which I have seen on a laptop but have not been able to duplicate yet however, does the user use their local credentials they created to allow the profile to push down, then does that trigger the enrollment process over?

lehmanp00 · ‎08-11-2017

Is the only way to turn off the 'Nag' by removing from the Pre-Enrollment?

ooshnoo · ‎08-11-2017

I asked Apple about this once, and they said the only way to stop it was to run through the Setup Assistant again.

mahughe · ‎08-11-2017

A method to disable the DEP nag popups

https://apple.stackexchange.com/questions/216890/disable-device-enollment-notification-window

tlarkin · ‎08-11-2017

If you cancel the DEP process in any way and then perform say an OTA enrollment the DEP portal does not contain any intelligence that you are currently enrolled in your MDM solution. So it will generate the dep nag command and it will pop up until the device re-enrolls. I suggest filing radars with Apple to fix this or get into the habit of unscoping prestage profiles to devices in this state. If you have Apple Care Enterprise I suggest also filing a ticket with them as well as filing a radar.

To reproduce the issue scope a prestage enrollment profile to one of your Macs. Skip the Setup Assistant and do not connect to a network. Then OTA enroll the Mac into Jamf. You will now have a fully managed system but DEP will still nag it constantly.

mahughe · ‎08-12-2017

Hey Tom, thanks for the info..the one laptop finally starting nagging several hours after I posted about this..it's a definite issue and I am going to get in touch w. Apple about it. It doesn't make sense to have DEP/ASM if devices aren't force into the process. It's going to be a fun yr going this route, but once the fires are put out it'll be a much better way to deal with deployments..

brock_walters · ‎08-13-2017

Hey guys -

Just wanted to post this link here: https://mosen.github.io/profiledocs/troubleshooting/mdmclient.html

It's some of the best documentation I've found on the mdmclient binary & Configuration Profiles in general.

eng · ‎08-14-2017

There is a bug with dep nag that goes as far back as 10.11.6. I have an open issue with them on this and it will be fixed in 10.13.

There are a few workarounds Apple gave me, but in my testing they caused issues and didn't work 100% of the time. If you're interested in the commands, reach out to me.

@erik on Slack

cbrewer · ‎01-26-2018

Does anyone have a solid understanding of how and when the DEP notification is triggered? In my case, I'm not seeing the DEP notification triggered even if I run "mdmclient dep nag". The command shows me all of the relevant DEP information, but no notification is triggered. I am wondering if Apple changed something recently as I've definitely seen the notification before in prior testing. Currently, I'm not seeing the notification in 10.13 or 10.11.

gachowski · ‎01-26-2018

I think "mdmclient dep nag" is going away.. check the current beta..

C

cbrewer · ‎01-26-2018

@gachowski I do see that some changes are coming on the OS side. The bigger question is still how DEP notifications work. Should they pop up automatically? Will they only pop up if a command is run to trigger them? Can the notifications themselves be controlled by your MDM somehow?

cbrewer · ‎01-26-2018

In High Sierra there are new commands used to display the Notification for DEP enrollment.

profiles renew -type enrollment
profiles show -type enrollment

It appears that the show command will provide a notification and relevant information about your Device Enrollment configuration.
The renew command appears to just bring the notification up without providing any other information.

gachowski · ‎01-26-2018

@cbrewer

Thanks I didn't take the time to figure out why "mdmclient dep nag" wasn't working . : )

C

rex1103 · ‎07-23-2018

@gachowski when you run "mdmclient dep nag" in HS 10.13.6, Apple will ask you to use the new command instead

RW

PS. good to see you here...

akarneboge · ‎07-25-2018

You can use sudo profiles renew -type enrollment or profiles -N to trigger a nag in High Sierra. If you want to read the cloud configuration record, sudo profiles show -type enrollment

Jamf Nation Community

DEP "nagging"