- Jamf Nation Community
- Products
- Jamf Pro
- Re: Different Management Accounts for Different Pr...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Different Management Accounts for Different PreStage Enrollments?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-03-2018 07:06 AM
When I create a prestage enrollment I see this note in the Account setting section under the Management Account:
Edit the management account via the User-Initiated Enrollment settings
The issue is that we would have two Prestage enrollments and we would like them to have different Management account. Is this possible?
Labels:
- Labels:
-
Imaging
-
PreStage imaging
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-16-2018 02:57 PM
I am bumping this thread. We also have various sites and scenarios that dictate separate management accounts. For instance, our students enroll using the user-initiated enrollment URL and are not automatically enrolled in DEP.
We have school own devices that are automatically enrolled in DEP and are designated to certain sites. Each site has its own site administrator and we give them their own management account for their site.
I'm not clear on why the JSS forces you to use the management account for user-initiated enrollments. Can someone clarify or suggest a way around this?
What is the point of having separate prestage enrollments?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-17-2018 06:04 AM
If you don't plan to use Casper Remote, I don't think there is even a need for a management account at all.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-17-2018 06:31 AM
We most certainly will use Casper remote although knowing the management account is less important for that as long as the JSS has the right account.
The use case for us is ssh, vnc, ard or any other service where an administrator needs elevated permissions to tech a machine beyond automated means.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-17-2018 10:07 AM
A possible workaround is using Recon.app to create separate QuickAdd packages with the different management accounts, and install them to their respective sites. You could also modify the postinstall script in the package to include something like:
jamf enroll -invitation XXXX -noRecon -noPolicyOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-17-2018 10:27 AM
Thanks, Ryan. The issue is that this is for prestage enrollment. To your point, we can certainly alter the machines after but that means more human interaction and manual work. That means more time and potential for human error. The advantage of prestage enrollment is to leverage all of the aforementioned from factory to onsite and then configure the device with whatever customizations you need for a site or user etc.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-17-2018 11:20 AM
Correct, but what I'm saying is in lieu of being able to do what you want, you could prestage with the same user, then set a policy scoped to each site with a different quickadd which will then change the management account for you. It enrolls with the prestage, then gets changed to the new management account at check-in or whatever you choose.
Just a thought.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-27-2018 03:09 PM
Thanks!
