Help

How to stop re-enrollment policy when triggered

Captainamerica
Contributor II

Posted on ‎09-03-2019 03:09 AM

Is it possible somehow to stop the enrolment policy if first triggered. We are using depnotify and when first the install starts depnotify pops up and start installing. I don't know how to stop it again, and is quite waste of time if not needed
Is it somekind of launchagent/deamon that must be killed or any tips?

0 Kudos
Reply
2 REPLIES 2

marklamont
Contributor III

Posted on ‎09-03-2019 03:50 AM

what I do is use an on enrollment policy that checks if anything is required to be done. So if you create a file on your build such as /Library/Management/myorg/build-complete then check for that existing in a script. If it does exit, if it doesn't call the build by a custom trigger.
that way this never happens

0 Kudos
Reply

tlarkin
Honored Contributor

Posted on ‎09-03-2019 07:36 PM

There are a few ways to do this:

1) sudo jamf enroll -invitation 1234567789 -NoPolicy -NoRecon (see jamf help in terminal) this will re-enroll a device, but only if it was previously enrolled and the jamf binary is present. It will do so, with out executing any policy upon completion of enrollment

2) change your workflows to not use the EnrollmentComplete trigger. Instead, have a single master script run at EnrollmentComplete and then trigger DEP Notify in code, based on logic you write. This would allow you to bypass DEP Notify in situations where you can code for it

If you are looking to do a one off and just kill DEP Notify for whatever reason you can always open terminal and do sudo killalll jamf if this is for like testing purposes or niche cases. I sometimes do this when I enroll a test device because I may not need all the apps installed, just a working enrolled Mac.

What exactly are your use cases for bypassing DEP Notify?

Reply