Does anyone have any workflow suggestions for how to run stuff on enrollment complete for a new/clean machine as opposed to re-enrolling a machine.
With DEP we have only a few enrollment complete policies, but we don't want them to run if a machine needs to be re-enrolled for some reason.
Right now only scripts that aren't going to break anything if they're run a second time are executed on enrollment complete (enable ARD for our support account for example). It'd suck to try and re-run a CreateUserPKG script a second time (yikes the horrors), or reinstall gigabytes of data a second time just because the motherboard was replaced on a machine and it had to be re-enrolled.
The only way I've found, and it mostly defeats the entire purpose of the trigger, is a script that checks a few things and then will call on other policies by ID if it's safe to run them. So if the name is like X or Y, then the script exits. Otherwise it kicks off several policies itself.
Anyone else have something better?
