Set up a new user on a preoccupied device.

New Contributor II

Is there a way to streamline getting a new user set up on a Macbook that was previously signed into the computer using remote management on initial set up by a different user? For example, a staff member signs into a clean install of the Macbook on set up via remote management. All the appropriate policies and apps are downloaded for that teacher since they are set up to receive certain ones because they are assigned as a staff member. That teacher leaves and gives the Macbook back, now I want to use that Macbook for a student. How can I go about setting it up for that student without wiping the computer completely and reinstalling the OS? Is there a way?


Esteemed Contributor II

@TheAlmightyRa If the Mac is capable of Automated Device Enrollment, and your Jamf Pro installation is configured to configure a device based on how it's enrolled, then wiping the computer and re-enrolling is probably your best option.

Got it, I was hoping there was a way to change the laptop in the appropriate prestage enrollment for the student (which there is), then just soft wipe the users data from the device to have it set up for the student.

Esteemed Contributor II

@TheAlmightyRa For Macs running Monterey with the T2 chip and no firmware password set, or a Mac with an Apple Silicon processor, which support Erase All Contents and Settings using that command, or sending a Wipe Computer command from the Management tab in Jamf Pro is exactly that - it wipes the user data but leaves the OS in place so it takes <5 minutes from initiating the erase to the Mac showing the Setup Assistant screen.

Thank you that information helps a lot. 

Release Candidate Programs Tester

Short answer?  Yes. Create a new policy with the Local Accounts payload.

Long answer? what @sdagley said.  Unless you are 110% confident that the policies assigned to "teacher" devices are identical to "student" devices, AND you're certain that there is no left over user data from the teachers account.  Personally we never reassign a computer without wiping and re-enrolling.  The risk of misconfiguration or left over cruft is just too high for us.  The only time we ever just swap users on a device is if its a designated loaner device.


Disclosure: we're a higher ed that does not manage student devices, only faculty and staff. Most faculty are biomedical researchers, and simply re-assigning without wipe/rebuild is a security no-no for us.

I see what you mean and how not wiping the computer could be an issue. I was just wondering if there was a way to wipe the users data ONLY and then set the macbook into the proper prestage enrollment for the student.