Second local acct after pre-enroll completion not working.

New Contributor III

I have a pre-enroll that that I’m in need of a second local acct created before first boot. 

I’ve created a policy that will create the user and scoped it to the machine group. I set the trigger for enrollment completion. I know the policy works because if I run it in Self Service it creates the user. My scope works for other policies so I know the group works. 

I have created another policy that fixes the secure token issue with the initial admin user. 

Is it only possible to run one policy install with the completion trigger? If not, any suggestions to make this work?