Help

Policies triggered at check-in run with _mbsetupuser, during DEP Enrollment

E051826
New Contributor

Posted on ‎07-24-2020 03:50 AM

Our enrollment workflow is based on DEPNotify. When the user enrolls the Mac with User Initiated Enrollment everything is ok but when the method is DEP we have the following issue:
1 - The FirstSetup policy (DEP Notify) runs triggered by Enrollment complete, and the script wait to Finder to load with user session. Works fine.
2 - If you take a long time to create the user account, another policies triggered by check-in, start to run with the _mbsetupuser user. optional image ALT text](![https://image
We want these policies to wait the Enrollment process is finished.
We try to unload/load the jamf daemon for check-in in the DEPNotify Script but does not work.
"launchctl unload /Library/LaunchDaemons/com.jamfsoftware.task.1.plist" at the beginning,.

"launchctl load /Library/LaunchDaemons/com.jamfsoftware.task.1.plist" at the end.
Any ideas that can help us?

Thanks in advance

Labels:
0 Kudos
3 REPLIES 3

bradtchapman
Valued Contributor II

Posted on ‎07-24-2020 05:07 AM

Try adding another item to your DEPNotify PreStage sequence that temporarily disables the Jamf check-in daemon until DEPNotify actually runs at the desktop...

edit: I can't read. Just noticed that you already tried that.

  • Did you confirm that the LaunchDaemon was successfully unloaded with launchctl list (run as root)?
  • Is there a reason why you think someone would hang out at the user creation screen for more than 15 minutes?
0 Kudos

bradtchapman
Valued Contributor II

Posted on ‎07-24-2020 05:13 AM

I updated my previous comment after re-reading your post.

If you can configure SSH access during PreStage, log in remotely with the pre-generated admin account (that's part of your prestage, right?) and escalate to root, then check everything out.

0 Kudos

E051826
New Contributor

Posted on ‎07-24-2020 05:27 AM

Oh Thank you!!! I am going to try.

0 Kudos