During Prestage Enrollment I am successfully running the rename computer script as a policy and it binds to AD.
Is it possible to have it run during the setup assistant or at the login screen?
The issue I face is with our naming convention. I need to rename the Mac and then bind to AD Prior to first login.
Currently it renames and binds but only after I log into a local account created be prestage enrollment.
I need it to prestage enroll, rename the Mac, then join to AD. If it does not rename and bind to AD the user will not be able to login with AD credentials but the script doesn't seem to run until a local user is logged in.
The idea is for this to be an automated process. I cannot give out the local account password to users so that it will finish enrollment policies.
I had the same issue and my solution is fairly simple.
You initially bind the computer to the domain using the computer's serial number.
Then create a package that runs a launchdaemon in /library/launchdaemons. This package should run a script which determines if the user who just signed in is the owner of the computer. At which point the script will rename the computer and rebind it to the domain.
We've been using it for awhile and it's pretty slick. It's not fancy and there are no windows that pop up but there's also no need for our techs to rename computers. It creates the computer name by taking pieces of the username who just logged in and some of the serial number.
Thanks, all! My first issue was trying to use the newest DEP binary. My current issue seems to be that the new name is written to Jamf, but the Mac stays generically named and sometimes pushes that name back into Jamf. I've even added scutil commands to the DEP script...
I'll keep banging my head against it!
I was using this:
But that didn't 'stick'. So then I tried naming the system before enrollment by launching system preferences and naming it in sharing before the enrollment profile was applied. That worked, but when I came in this morning it's back to being named iMac locally and in Jamf. So I'm stumped.
This year I reworked my previous workflow; moving away from DEPNotify to NoMAD Login AD - specifically the Notify and User Input mechanisms from it and NOT the mech that replaces the login window and creates local accounts based on AD credentials. The goal was to do all provisioning, naming, binding etc without the need to log in at all and keep Apple's regular login window so users would get mobile accounts.
If you're just looking for an easy way to set the computer name during Setup Assistant, take a look at my bash script that uses AppleScript to popup a dialog box to set the computer name. You'll need to attach this script to a policy that runs on the enrollment trigger. Then, when in Setup Assistant, stay at the Time Zone selection screen until you see the computer name dialog pop up (it can take 30 seconds or so).
Also, if you want to bind to AD just add some dsconfigad code to the bottom of script.
@GetCart3r Thanks for creating the video. If you want to get rid of the "jamf wants access to control System Events" popup, you can push out a config profile with a PPPC payload. You'll want to give com.jamf.management.Jamf, /usr/local/jamf/bin/jamfAgent and /usr/local/jamf/bin/jamf access to the following 3 AppleEvents: com.apple.systemevents, com.apple.systemuiserver and com.apple.finder.
@csanche3x Is the policy running successfully? What do the policy logs say? Are you waiting at the time zone setup assistant screen?
Do you have "Automatically install a Privacy Preferences Policy Control profile (macOS 10.14 or later)" enabled in Settings > Computer Management > Security?
@cbrewer Hi, thank you so much for the script and continued support. Apologies, if this is a basic question, but I have been getting the following error when running the script.
|Executing Policy Computer Name|
|Running script Computer Name...|
|Script exit code: 0|
|Script result: Logged in user is not _mbsetupuser. Exiting...|
I've tried searching the error, but I get no relevant information. Any advice or suggestions?
@cbrewer (I'm deploying 10.15.6) I have the script via configuration profile with the "Enrollment Complete" trigger & Execution Frequency set to "ongoing", I'm waiting at the time zone setup assistant screen but I never get the prompt, I do have the Automatically install a Privacy Preferences Policy Control profile setting enabled, here's a screenshot of the policy.
Are there any script paramenters I need to set?
Thanks for your assistance!
@cbrewer Thanks for making this script, I've been using it flawlessly for new Big Sur machines but I think it broke with Monterrey, I get the "jamf wants access to control System Events" popup still but no prompt. The jamf.log doesn't have any script exit code so I'm not sure what's going on.