Posted on 06-16-2017 12:46 PM
We are imaging multiple Mac devices and they are not respecting the Prestage enrollment settings (specifically the "skip account creation" setting) after DEP has been applied and is still prompting to create the user account. This issue has been occurring sporadically.
So far, the devices we have been imaging are:
-Macbook Pro 13" (Mid 2012)
-Macbook Air 13" (Early 2015)
We are currently using Jamf Pro 9.99
Posted on 06-16-2017 01:06 PM
I've been told by JAMF that in order to use the Account Settings payload you also need to have the Directory payload configured. While it is not called out anywhere if you only configure the Account Settings the entire prestage will fail.
Posted on 06-16-2017 01:57 PM
Are you installing anything on your image? If it's a completely blank OS this shouldn't happen. We see this as well with some applications that we have installing on boot drive after imaging.
Posted on 06-21-2017 11:00 AM
@BostonMac At the moment, we do not have the Directory payload configured and we have days where laptops will respect the Account Settings payload and days where the laptop(s) will prompt to create the local user account.
@rhoward During our reimaging process, we install a blank OS. All the other applications are installed via policy after enrollment completes.
Posted on 07-25-2017 07:28 AM
@ctopacia01 I am also having this issue. I received it after updating to 9.100 yesterday. Last week, on 9.98, it respected "the Prestage enrollment settings (specifically the "skip account creation" setting)" and created the hidden admin account as set in Prestage. We would like to return to that workflow.
Do anyone know if that is possible?
We would also like to wait on OD directory binding till after software installations and data restores are complete. We are setting up 350 New 2017 iMacs and would like to use Prestage Authentication and skip account creation since we use Configuration Profile to create local mobile accounts.
Posted on 07-25-2017 09:18 AM
@BostonMac did Jamf mention to you if adding but not configuring the Directory payload would fix the issue? What's the implication of leaving out the Account Creation payload? If a policy happens on check-in to create a local admin as needed does this payload need to be set at all, or will not having the account set at all keep it from running policies or other standard management of the Mac?
Posted on 07-25-2017 11:20 AM
I have added a configured Directory payload to my testing and it did not work. The iMac during Prestage Enrollment creates the Authenticated user as a local admin account and the payload also creates an Admin account.
Posted on 08-02-2017 09:49 PM
I am seeing this issue as well since upgrading JSS to 9.100.0.
No combination I have tried seems to get around the problem.
I was even told by JAMF support to unhide the Management Account set in User-Initiated Enrollment.
Posted on 02-15-2018 08:57 PM
Did anyone ever get any resolution to this? Now that High Sierra is coming along and DEP is being forced upon us, I'm starting to work on my implementation and am running into this. Was going to put in a ticket with JAMF, but ran across this.
Posted on 02-19-2018 07:47 AM
Posted on 02-19-2018 08:07 AM
Yeah we're on 9.101 currently. We're hoping a combo of updating to 10.2, making sure redirects to Akamai are allowed on our firewall rules (we'll see who on the network security team I need to bake cupcakes for to make that happen), and the release of 10.13.4 will all fix this for us. 🤞🏻
Posted on 02-19-2018 12:26 PM
Habanero Cupcakes if they say no.
I have a similar issue with 10.1.0 that I will post about shortly.
Posted on 03-06-2018 02:19 PM
Also seeing "Skip Account Creation" not being respected on Jamf Pro 10.2.1 + macOS 10.13.3.
Posted on 03-16-2018 01:33 AM
@analog_kid We are also on 10.2.1. With 10.13.3 we see that account creation is only skipped if "Require Authentication" is deselected :-(
Posted on 06-12-2018 01:29 PM
I saw the same thing when we were on 9.100.0 and we recently upgraded to 10.3.1 hoping it would fix the issue. However, I think that it is now worse. Now instead of not skipping account creation when the setting is checked it just hangs at "Contacting remote management server" at the Remote Management step of the Setup Assistant. Has anybody else seen this behavior with 10.3.1?