"Clean Slate" a computer without deleting it so it is "Unscoped" from everything

joethedsa
Contributor II

I'm wondering if anyone has a process they follow for reallocating computers. For example, person A leaves the institution (HighEd) so their computer gets wiped and then put back into inventory so it can be allocated to person B. The computer may have policies, configuration profiles, etc scoped to it but may not pertain to person B because they are in a different role, department, etc. I know the computer can be "clean slated" by deleting the record from Jamf, but I'd like to avoid doing that if at all possible. There are policies that are triggered at check in which means after an internet restore, the computer may get them- thats what I don't want to happen.

For what it's worth, I scope some things based on the computer and some on using the "User and Location" attributes like building, room, etc.

5 REPLIES 5

Tangentism
Contributor III

Surely if you delete it from the JSS then rebuild it, when the new users logs in and creates its scopings, it will pick up all the new policies then?

If you have a lot of scopes based on the user & location then have a script that blanks that info so the scopings will be dropped but why would you want to give a user a machine with another users cruft on it?

joethedsa
Contributor II

@Tangentism , The computer is wiped before reallocating it. None of the previous user's data is on it. Yes, If you delete a computer from Jamf, because I'm setup with Apple School Manager, it will go through DEP after an internet OS restore and enroll again as if it were never in Jamf to begin with. Deleting the record every time a computer is reallocated just seems extreme in my view which is why I am trying to avoid it.

larry_barrett
Valued Contributor

I wipe and reallocate around 100 Macbook Airs per year. I always delete the record.

Why? If I've wiped the computer, do I really care Lightspeed was installed the last time this device was issued? Does it matter that the last user chose to install something from Self Service? The truth is, none of it matters. Fresh wipe, fresh Jamf entry.

When you delete the record, you will also delete and policies or configurations that are scoped to that computer name. For example, if you have Google Chrome scoped to MacbookAir 1234 and delete MacbookAir1234 from JAMF, after the wipe Chrome won't install.

One thing I've tried to avoid is scoping ANYTHING to a device name. I scope to prestage enrollment and Smart/Static Groups. Take your reallocation workflow and tweak it to make it easier on yourself. Not deleting the record (for me) is more work than it's worth. YMMV.

Tribruin
Valued Contributor II

Have you checked everything in Settings -> Global Management -> Re-enrollment?

That will clear all policy logs (among everything else) so all policies will re-run upon re-enrollment. 50e86899baeb4fabab8a0769b4e885d0

That being said, I would tend to the delete the record to get a completely clean slate.

tnielsen
Valued Contributor

@RBlount has the best solution, we don't delete machines before re-enrollment.