Posted on ‎04-02-2019 03:17 PM
I have DEP enrollment of managed Macs, after a reinstall of the OS, down to four steps:
1. Selecting the Country
2. Selecting the Keyboard Layout
3. Clicking Continue on Remote Management/MDM enrollment (not optional for our Macs)
4. Selecting the Time Zone
However, my school was a bit spoiled with Netboot and DeployStudio as we would set the Startup Disk via ARD to our Netboot Server which would load into DeployStudio which was configured to automatically apply a workflow and run automatically.
Basically nobody had to physically touch the machines. It was truly "Zero Touch".
Is there a way to automate the DEP process to skip the steps 1-4 I listed above and simply enroll in our Jamf MDM server?
Thanks.
Solved! Go to Solution.
Posted on ‎04-02-2019 07:16 PM
If you take out the Time Zone selection you can get it down to 3 steps but at this stage that's as far as you can get. I'm hoping that Apple give us the ability to auto-continue the Setup Assistant (like the Apple TV) in 10.15 🤞🏼
Posted on ‎04-02-2019 07:16 PM
If you take out the Time Zone selection you can get it down to 3 steps but at this stage that's as far as you can get. I'm hoping that Apple give us the ability to auto-continue the Setup Assistant (like the Apple TV) in 10.15 🤞🏼
Posted on ‎04-02-2019 07:37 PM
Thanks. I don't see another setting for Time Zone selection. In the screenshot I have configured the Setup Assistant to skip everything. Is it located somewhere else?
Regards,
Posted on ‎04-03-2019 01:20 AM
@mk2000 which version of Jamf Pro are you running?
Posted on ‎04-03-2019 02:55 AM
@allanp81 10.10.1-t1551187745
Posted on ‎04-03-2019 02:59 AM
That should be ok then I think, I don't think that option was available until a certain version.
Posted on ‎04-03-2019 06:30 AM
IIRC You are not seeing time zone as a jamf option because it is not skiable per say. If you remove the check box for Location service and allow the user to enable Express settings (which would turn on location services) then you won't see the time zone screen because the Mac will determine it on its own.
If you skip location services then they are disabled by default and you have to select a time zone. So really you are just trading one screen for another. Depending on your use case and if the Macs travel you may find that you want location services on anyway.
Also you may also have to uncheck App Analytics and one other box. It then combines them all into Express Settings..
Posted on ‎04-03-2019 08:02 AM
Yeah, I don't think Time Zone is skippable unless you let the user choose to enable Location Services. So it's one or the other. No matter what you have to click through around 3-4 screens initially.
So, as for how to automate any of this and make it really truly zero touch, you can't. Welcome to the wonderful world of Apple and DEP (where "Zero touch" doesn't mean what you think it means)
Hopefully Apple will eventually give us some way to automate getting through those last few screens, but I wouldn't hold your breath for it.
Posted on ‎04-03-2019 08:17 AM
Hello @mk2000 and others. In our situation, we have a script I borrowed from Jamf Nation to set the timezone at enrollment.
This policy is run only at enrollment. The policy sets the login window to display a "please wait while we are installing additional applications" message along with setting the timezone, it will run a recon and set the computer name. Finally, this policy will restart the computer so the login window is configured for us.
Like others have said, we have the steps down to 3 steps but not really a zero touch.
Posted on ‎04-03-2019 01:47 PM
Thanks everyone for your responses!
Regards,
Posted on ‎04-03-2019 03:17 PM
@mk2000 >>Making "Zero Touch" Computer Enrollment actually Zero Touch?
Spoiler: you can't.
Posted on ‎04-08-2019 08:55 PM
I am going to guess Timezone is not skip-able to do cert based auth, and that if your time/date is off it will break many SSL types of communications.
I think zero-touch
is more of that IT doesn't have to touch it. Historically you would either mass image, or you would have desktop support techs log in and configure machines. Zero touch is more of the fact IT doesn't have to touch the device and you can ship it to the user. I will agree that the phrase "zero touch," implies many other things and it should be maybe marketed more clearly.