Jamf DEP deployment - Enrollment Complete Trigger

Contributor II

Background: I'm a new system administrator taking / primary for setting up the jamf pro (web hosted) install for a large community college to replace the monolith imaging / deployment studio system we've been using.

Trying to make it as automated as possible. Question, what can and can not be accomplished at the "enrollment complete" trigger without having someone login / just sitting at the login screen and having to use the "login" trigger to complete?

Policy(s) I'm running:
- Name the computer using CSV / Jamf binary
- Binding to AD
- Installing multiple software including AV / Mac Office
- Setting TimeZone/Server
- Deploying custom background / branding

Currently, after DEP deployment, I sign in with an pre-created account, runs the polices, then it reboots (bound to AD) correctly.



I think you should be able to handle all of those policies with the enrollment complete trigger.

I’d say set up some test policies and see what happens. One important consideration is the “network state change” trigger. This can disrupt enrollment triggers, but can be disabled. It’s under computer management > check-in.

Another strategy you can try, depending on your results is using the enrollment trigger to run an on boarding script. The script we use calls policies based on a custom trigger name. Anyway, it looks something like this:


jamf policy -event SetARDField3

jamf policy -event NameComputer

jamf policy -event ADBind

jamf policy -event AppInstall

jamf policy -event ConfigureComputer

exit 0

I can definitely explain more about what each of these policies do. Just let me know if you have any questions.

Valued Contributor III

We do something similar to @wesleya We also do pretty much everything your trying to do there, although you will probably find for software etc... that the best way to approach it is to have the Enrollment policy setup up the machine in such a way that it falls into scope for any other required items in seperate policies. Try and keep the initial part as simple as possible.

If you want a slightly easier way of lining up custom triggers, this simple script takes the script parameters as triggers and runs them in the order specified. Allows you to change the order of things without editing scripts.

echo START
for Custom_Policy in $(seq 4 11); do
if [[ "${!Custom_Policy}" ]]; then
echo Running trigger ${!Custom_Policy}
jamf policy -event "${!Custom_Policy}"

If you have an asset database of serial numbers and desired names it works pretty well to have some kind of web API created, where you curl to the database with the serial number of the device and it returns the desired name, otherwise your pulling the CSV from somewhere (network share of web API) then parsing it for the desired serial.

Contributor II

I've been using this script https://github.com/jamfprofessionalservices/DEP-Notify

The main issue I've been having is getting the machine to reboot to finish the installation without it getting stuck in a loop or just sitting there.

@wesleya - That not a bad idea going that route.

@Look - I've using a simple package install with csv, then using the Jamf binary to rename it based off it.