Disable TouchID Setup during Monterey Upgrade

RickR
New Contributor

We have the skip TouchID setup for our new enrollments which works great for new machines, however as we upgrade to Monterey after reboot that setup wizard runs again.  I have tried many of the scripts and profiles out there but they all look old and non still work, especially with Monterey.  I am hoping someone else has worked through this already as part of their Monterey Upgrade?  Any solutions out there that have been tested and are working in Monterey?  

Thanks in advance.

4 REPLIES 4

snowfox
Contributor III

Hello,

I deploy the following configuration profile to all our machines to disable any setup assistant windows during the OS installation and during the user account setup.  I found that the Jamf Pro Prestage Enrolment Setup Assistant tick boxes were not 100% disabling all setup windows.  Apples developer documentation that covers the Apple Management Framework lists the below settings for managing the 'Setup Assistant' screens.  I have done Monterey upgrades and I haven't seen the screen you are referring to as all of our screens are disabled using the below in a Configuration Profile.

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>SkipAppearance</key>
	<true/>
	<key>SkipCloudSetup</key>
	<true/>
	<key>SkipiCloudStorageSetup</key>
	<true/>
	<key>SkipPrivacySetup</key>
	<true/>
	<key>SkipScreenTime</key>
	<true/>
	<key>SkipSiriSetup</key>
	<true/>
	<key>SkipSetupItems</key>
	<array>
		<string>Accessibility</string>
		<string>Appearance</string>
		<string>AppleID</string>
		<string>AppStore</string>
		<string>Biometric</string>
		<string>Diagnostics</string>
		<string>FileVault</string>
		<string>iCloudDiagnostics</string>
		<string>iCloudStorage</string>
		<string>Location</string>
		<string>Payment</string>
		<string>Privacy</string>
		<string>Restore</string>
		<string>ScreenTime</string>
		<string>Siri</string>
		<string>TOS</string>
		<string>UnlockWithWatch</string>
	</array>
	<key>SkipTouchIDSetup</key>
	<true/>
	<key>SkipTrueTone</key>
	<true/>
	<key>SkipUnlockWithWatch</key>
	<true/>
	<key>SkipAccessibility</key>
	<true/>
</dict>
</plist>

 

 

 

Thanks for this! I'm about to put this together for our environment.

Do you deploy this as a system configuration or a user configuration?

snowfox
Contributor III

System Configuration.  I use System Configuration Profiles as much as possible for everything I do but in this case it needs to be System because you're configuring settings for the 'Setup Assistant' which runs outside of the Desktop and typically no user is logged in when its running.

Specify com.apple.SetupAssistant.managed as the payload type.

More info from the official documentation can be found here:

https://developer.apple.com/documentation/devicemanagement/setupassistant

 

I ended up converting it to a JSON schema and using that to create the configuration profile. Worked a treat, thanks!