- Jamf Nation Community
- Products
- Jamf Pro
- Remotely re-enroll computers
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Remotely re-enroll computers
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-19-2022 08:44 AM
We have a problem where our computers have been losing their profiles over time- we have a solution, running the command "profiles renew -type enrollment", but this requires us to get every single computer into our office one by one to manually run it. I attempted to automate this solution and have run into two new problems:
1. In spite of the -forced flag, which Apple claims will skip over confirmation, it still asks the user to confirm the profile. Which our students would absolutely not do, if they even click on the notification.
2. Even though the user should already be tied to the computer in JAMF, it asks us to put in their AD information again. Our students don't know* this information and we can only take a guess at this remotely, but we can't put it into that box as is.
Is there any way to automate or skip over these issues somehow, or is there a better solution?
Additional notes:
- Renew MDM profile in management fails on these computers- it returns a device signature error.
- They seem to still be checking in even though they have no profiles. I have yet to test whether they actually run policies, but they appear to.
- We're mostly using Big Sur and slowly converting to Monterey.
- "JAMF enroll -prompt" was allowing students to remove the MDM profiles themselves and as far as we know isn't an option.
- *The students do know their AD information, obviously, but they see an unfamiliar box pop up and tend to freak out and not know what to do, so I can't rely on them being able to enter it in.
- We have to be as unintrusive as humanly possible as we have no idea whether the student is or isn't using their computer or is testing or anything of that nature. We may get away with a popup warning, but no user input or interruption is preferable.
- We have 125 computers currently in this state so a mass push would be nice to have to get the problem under control, though we'll have them all in the office shortly no matter what. We'd still like to have this so there's not another thing we need to keep watching and they'll fix themselves.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-19-2022 09:26 AM
In 10.36 we introduced a new API endpoint that would allow for the redeployment of the Jamf framework as long as a machine was still able to receive MDM commands.
How-to: Reinstall the Jamf Framework through the API
You should be able to utilize that and not require any prompting or passwords.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-19-2022 10:22 AM
That sounds promising- I'll ask and see if we have access to PowerAutomate or any of the other tools mentioned and hopefully we'll be able to test this as a solution soon.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-19-2022 10:39 AM
Just to make sure- This would be a way to reinstall the Jamf MDM profiles, correct? We're not 100% on whether or not reinstalling the framework would also re-add the profiles we already have. Especially since the solution is very complex and written for software we don't have/can't afford (so we'd need to figure out how to do it somewhere else). We just want to be sure this will do what we need it to before we jump in and we aren't applying a complicated solution to a different problem.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-19-2022 12:52 PM
This will not reinstall MDM profiles. This is for reinstalling the Jamf Binary. This is assuming that your MDM profiles on the machine are valid and live, but, that your jamf binary has stopped functioning for whatever reason, it can be re-installed.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-19-2022 01:01 PM
The MDM profiles on the machines are gone completely. That's the problem we're trying to solve. As far as I can tell the Jamf Binary is fine because the computers are still checking in, they just don't have any profiles.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-27-2023 10:51 AM
We have the same problems. Our machines are checking-in and can see last check-in but cannot push policies or profiles, it stays pending and cannot do anything. Any solutions found?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-27-2023 11:10 AM
Not... really.
We've had too many projects for me to sit down and play with this (I should ask the other techs how it's working) but we've got this right now. It sounds promising enough, but the computers need to be receiving and processing MDM commands.
