Jamf Nation Community

That sounds like the right approach. I initially started reading about that tool - however - could you please describe step 2 & 3 in more detail?

@k3vmo If you're using DEP you can create a PreStage that creates an additional local admin account for this purpose, and then skip the "normal" user account creation during Setup Assistant. My org does this and has the login screen set to show username & password fields vs just the username icons.

Sure.
Create a script from the following ( making edits where needed):

#!/bin/sh
sudo sysadminctl -addUser youradminshortname -fullName "Your Admins Full Name" -password youradminspassword -home /Users/youradminshortname  -admin -shell /bin/bash -picture /path/to/picture

once you have the script you can do:

(2). use Rich's payload free pkg creator to create the package. upon installing the .pkg, the user will be created

or

(3). install outset. place script in applicable folder. create .pkg with composer. install. on login, user is created transparent to the person logging in.

Charles Edge's Blog sysadminctl

@k3vmo Hello, does pycreateuserpkg create a user with secure token?
Last time I have tried (likely it was not the most current version) I could not make it (it was still with High Sierra)
Thank you!
Carlo

jamf 10.9 should allow you to pre-deploy NoMAD login before other profiles run. Allowing you to create the first account with with NoMAD. Check out the NoMAD section of last JNUC keynote. They talk about it a bit.

Each system has an asset tag with a 6 digit number. The format [before I got here] was to create 123456admin <-- as the local admin name

I like the idea of NoMAD pre-deploy @evan684 said - I'll check that out. Seem I won't have any other option that manual interaction since the name isn't based on serial or any other hardware identifier.

@carlo.anselmi I actually don't know. pycreateuserpkg is new to me since the secure token. I hadn't tested it yet

@sshort

Question
How are you doing this on Mac OS Catalina? I am currently on jamf pro.

Many Thanks.

If you're using DEP you can create a PreStage that creates an additional local admin account for this purpose, and then skip the "normal" user account creation during Setup Assistant. My org does this and has the login screen set to show username & password fields vs just the username icons.

@PE2000 I'm actually making changes to that PreStage right now, lol. Yes this is working under Catalina. Look under PreStage Enrollments>Account Settings, and check the box for "Create a local administrator account before the Setup Assistant." Then click the Skip Account Creation button near the bottom.

The "Hide managed administrator account in Users & Groups" option is not referring to this account. That refers to the account you can make in the Jamf Pro settings under Management Settings>Global Management>User-initiated Enrollment>Platforms.

@sshort

Thank you.

This setup will create local admin account and secure token will be pushed out by jamf?

Thank you!

@sshort @PE2000 @k3vmo I think I remember reading somewhere that Apple fixed this in a Catalina release, maybe 10.15.3 or .4? Has anyone tested without creating the local admin account with these later macOS versions?

I just tested with 10.15.4 and it appears to be working without having to create a local admin account now.

Hello, is pre-stage enrolment will work on an existing enrolled system with non-DEP enrolment?