Skip to main content
Question

High Sierra and Quick-add package. Need physical action ??

  • November 11, 2017
  • 7 replies
  • 69 views
astiephi
Forum|alt.badge.img+8

Hi all,

I just created a QuickAdd package with Recon, signed with my wildcard certificate, deployed to a few machines with ARD.

Pre High-Sierra machines (10.11 and 10.12) are enrolled, the MDM profile is properly signed and available. No problem.

In 10.13 (.2 beta I have to say), it enrolls, the profile is installed, but... this needs to be approved, and this needs to be done PHYSICALLY with a keyboard on the machine, so... you can not do it via any remote control.

What am I missing ? How can we do ?

I guess this would not happen if using DEP ?

(at least, the JAMF binary seems fully functional)



40 years of Apple Experience... but not that old ! :)

    7 replies

    C
    Forum|alt.badge.img+16
    • chriscollins
    • Honored Contributor
    • November 13, 2017

    Yes. This is an intentional change by Apple coming in 10.13.2. If it is enrolled with DEP it automatically is considered “approved”.

    Requiring physical input to approve is also intentional.

    astiephi
    Forum|alt.badge.img+8
    • astiephi
    • Author
    • Contributor
    • November 13, 2017

    OK.... I understand the idea, but this will be a headache for headless servers !

    Or we have to be sure that proper IP KVMs are in place.

    40 years of Apple Experience... but not that old ! :)
    M
    Forum|alt.badge.img+10
    • MatG
    • Valued Contributor
    • November 13, 2017

    Not really happy with this. Apple answer is use DEP but for us at this time its not an option. DEP is not even supported worldwide yet so I don't really see why are Apple are even taking that approach.

    astiephi
    Forum|alt.badge.img+8
    • astiephi
    • Author
    • Contributor
    • November 13, 2017

    Keep in mind, it's in 10.3.2 beta. So still time to raise concerns.

    40 years of Apple Experience... but not that old ! :)
    M
    Forum|alt.badge.img+10
    • MatG
    • Valued Contributor
    • November 13, 2017

    Yep, concerns raised to Apple on this already.

    iJake
    Forum|alt.badge.img+23
    • iJake
    • Contributor
    • November 13, 2017

    I encourage everyone that has not already done to reach out to your Apple team and let them know how poor and shortsighted this change is without proper lead time, feedback, and most importantly DEP not being nearly useless.

    D
    Forum|alt.badge.img+18
    • dgreening
    • Honored Contributor
    • November 13, 2017

    I raised this with our SE! Everyone please do the same! We can't leverage DEP right now, and can't have users opting out of Config Profiles which control security compliance!

    Terms & ConditionsCookie settingsAccessibility statement