Jamf Nation Community

CSHGreenwich · ‎03-19-2015

I have read many of the Discussions on Pre - Enrollment. We have a vendor who images the Macbook airs for our students. I provide them with a like mac with our image( monolithic never touched by Casper). We use Casper Suite, they use Deploy studio.
What is the best way to enroll students with very little interaction?

I could configure the hidden management account and our local admin. Then is it best to run recon once the students return to school in the Fall or to place the quick add package on the Desktop?

Will this capture their email addresses. We have our JSS instance hosted by JAMF and our software distribution server is only accessible on campus.

mm2270 · ‎03-19-2015

We also have an outside vendor do our initial imaging for newly provisioned systems, and have them use DeployStudio for imaging. Like @rderewianko mentioned, we use a regular QuickAdd.pkg created from Recon.app that they use as part of the image build we provide them with.
You mentioned your JSS is hosted by JAMF, so it should mean its publicly accessible, yes? If so, your vendor would not need special access into your organizations network to have the Mac enroll itself into your JSS, so it should work to have them include that package as part of the DS imaging process.

View solution in original post

rderewianko · ‎03-19-2015

Could you not build a non expiring quickadd pkg (through the recon tool) and have them add that to their deploy studio build?

Or alternatively, utilize DEP to get them enrolled.

Look · ‎03-19-2015

To expand on @rderewianko Yes.
Deploy Studio can have the Quick Add package added directly to the workflow (very easy to do) and set to run on next boot, the machine will automatically enroll on first boot provided the JSS is visible when booted, so either make the JSS visible to the vendors imaging location or delay first boot until the machines get to a location where they can see the JSS.

rderewianko · ‎03-19-2015

Cloud hosted is safe to assume it already is public.

The question I have is what are you needing to collect thier emails for?

mm2270 · ‎03-19-2015

We also have an outside vendor do our initial imaging for newly provisioned systems, and have them use DeployStudio for imaging. Like @rderewianko mentioned, we use a regular QuickAdd.pkg created from Recon.app that they use as part of the image build we provide them with.
You mentioned your JSS is hosted by JAMF, so it should mean its publicly accessible, yes? If so, your vendor would not need special access into your organizations network to have the Mac enroll itself into your JSS, so it should work to have them include that package as part of the DS imaging process.

Look · ‎03-19-2015

The enrollment process itself won't collect their email address. However you should be able to collect it one way or another using Casper at a later date, worse case scenario you could just get it to prompt them and pass the info back as an extension attribute.
I am assuming the collection of addresses is so you can contact the owner of a specific machine should you need to do so.

CSHGreenwich · ‎03-20-2015

The email is how I identify whose machine it is. We do not add to AD and some names even last names are the same.

CSHGreenwich · ‎03-20-2015

@mm2270 How do you identify who the computer belongs to? We need this to add the machine to the correct

class and building groups..

bentoms · ‎03-21-2015

@CSHGreenwich are the accounts tied to a directory service? Is the JSS as well?

CSHGreenwich · ‎03-24-2015

Yes, the JSS is tied to AD.. Our quick add package has them log in with their AD credentials . That is how access is granted.

jduvalmtb · ‎04-22-2015

We also use DeployStudio to enroll devices. During imaging, a FirstBoot.pkg deploys a FirstBoot script and the QuickAdd.pkg (like others, taken from recon.app), and that script then runs QuickAdd.pkg.

Jamf Nation Community

Enrollment Clarification.