Help

Is there anyway to prevent a Mac from being enrolled, if the Mac name hasn't been changed from default

conwayk
New Contributor

Posted on ‎02-04-2019 08:07 AM

Hey,

We sometimes forget to change the Mac name before enrolling the device into Jamf and then it binds the Mac to AD, enrolls into Jamf and another agent and it's quite a process to rename the Mac in all of the above.

Is there anyway to prevent a Mac from being enrolled into Jamf if the name hasn't been updated from the default (e.g. LocalAdmin's iMac)

Thanks,

Labels:
0 Kudos
5 REPLIES 5

merps
Contributor III

Posted on ‎02-04-2019 02:51 PM

There's probably not a way to prevent it from enrolling, but you could wrap some logic around the policy/profile that binds the Mac to AD.

If it's set to All Computers, you could build a Smart Group that keys on the device name %like% your naming convention instead.

0 Kudos

ShaunRMiller83
Contributor III

Posted on ‎02-04-2019 04:50 PM

The way I've handled this is on enrollment the machine name is elevated by script andor extension attribute. If the system meets the standard naming criteria it gets dropped into one smart group, and if it doesn't it get's put into its own smart group. Which is excluded from almost all policies.

The only thing scoped to the misnamed system was a dialog box via JAMFHelper telling the person They need to contact the IT group to have the system reviewed and/or have a system name change script in self service to address the naming of the system.

0 Kudos

MichaelH
New Contributor III

Posted on ‎02-05-2019 03:49 AM

I normally just run a script on enrolment to prompt a computer name change.
Works a treat for us and you cant forget it

*#!/bin/bash

/usr/bin/osascript << EOF property compName : ""
repeat while compName is "" tell application "Finder" activate display dialog "What should this computer be named:" default answer compName set compName to text returned of result end tell
end repeat
try do shell script "hostname " & quoted form of compName on error errorMsg number errorNum display alert "Error " & errorNum message errorMsg buttons "Cancel" default button 1
end try
EOF

name=$(hostname)
scutil --set ComputerName "${name}"
scutil --set LocalHostName "${name}"
scutil --set HostName "${name}"*

mconners
Valued Contributor

Posted on ‎02-05-2019 07:10 AM

Hello @kconway23 we take a bit of a different approach. Everything we do inside Jamf is based on names. Because of this, we don't bind any Mac unless it has the correct name. We have a "not named properly" smart group and it is set to find all the DEP specific names like iMac, MacBook and so forth. We have our binding policy set to run on all computers, with the exclusion of the not named properly smart group. Once the Mac appears in inventory, we re-name it correctly and once this happens and the computer checks in, it will begin to get the correct applications, will become bound and so forth.

Essentially, we have smart groups all based on names and this way, if a non Mac field tech needs to name a Mac that was recently enrolled, they don't need to know about the inner working, just give it the correct name.

0 Kudos

conwayk
New Contributor

Posted on ‎02-12-2019 08:07 AM

Thanks for all the advice. It would be good if Jamf implemented something that can prevent this at the top level. We use multiple agents and one of them makes it very hard to update the name once enrolled, so would be good to prevent a Mac from being enrolled right from the start.

0 Kudos