Posted on 12-03-2020 11:48 AM
I want to do some software testing on a batch of test Macs to test our zero touch deployments for Big Sur / M1 / Anything New. Basically a test lab where I can erase the drive and reinstall the OS and test out prestage enrollment and policies on this targeted group without disrupting the current production machines or current setups - and without getting any of the existing policies/profiles scoped to the test machines.
I tried making a static test group and putting the Mac in there - however, by the time I add it in there, a lot of policies and profiles have already been added to the test Mac because they are scoped to "All Computers" and "On Enrollment", so as soon as the machine enrolls via prestage enrollment, it gets old versions of software/scripts, etc and mucks up my testing.
I am thinking of creating a smart group instead, and adding the machines by serial number. But I am not sure this would catch it fast enough to stop the policies and installs.
I read something about making another Prestage Enrollment - but when I try that, no computers show up under Scope. Perhaps because in ABM we have a default enrollment set up?
Maybe I am headed in the wrong direction and there is another way people are testing their new packages and settings on a new OS (or vice versa)?
Posted on 12-03-2020 01:03 PM
I think you are right track with creating a separate PreStage enrollment. You just need to find the Serial Number of the devices you want to use for testing, remove them from the scope their current PreStage enrollment and then scope them to the testing Prestage.
You can also create a Smart Group based on the PreStage enrollment Enrollment Method: Prestage Enrollment
and select your testing PreStage. That give you a group you can scope to your Policies and Profiles and well as use that Smart Group as an exclusion for existing Policies and Procedures. (However, I would add, that i would look at moving away from using All Computers for a scope and target your scopes.)
Posted on 12-03-2020 05:22 PM
Thank you - I was contemplating the "All Computers" scoping, however in our company we don't have a lot of differences between computers as far as how they need to be configured.
Going to give this a try tomorrow!