Posted on 02-28-2018 07:09 AM
I know there has been chats regarding this and I thought I would reach out to see if anyone can give insight based on our special issue.
We have a set of enrolment policies which kick off everything from our gatekeeper permissions to software updates and all the app installs. We had a policy to add the management account to FV2 as well. I guess I was living under a rock and not realizing High Sierra broke this policy. I now have 71 computers where this has failed.
All of our computers are off domain and the initial user account (501) is the employee's. We never had the Management Account added to the machine as a visible user, rather a hidden one. I know with FV2 it unhides it, but that is only when its working accurately, which its not at the moment.
I'm not sure (fingers crossed this isn't the only way) if this is the solution, but off the top of my head I thought I could create a policy to add a new local admin to every computer in the environment. Then once successful, create a script to use that account to generate a secure token for the management account and then add the management account to FV2. Once everything is done I would create something to remove the local admin account.
Can anyone help out with this??? It's my fault for not paying attention and now I'm in a bigger pickle then I should be in. Also my Jamf Pro instance is cloud hosted, in case that changes anything.