Jamf Nation Community

Jenncat · ‎06-05-2023

I've recently been given the task of administering all our MACs with Jamf. I'm completely new to Jamf. I'm trying to set up for 2 new Mac Labs. They'd like to create 2 admin accounts, and several user accounts for each mac mini.

Administrator account for IT

Administrator account for the teacher

4 student user accounts on each mac mini (1user account per student block)

I've read that the prestage enrollment account user name must match the user initiated account name. Should that account just be my "administrator" account and then it's my understanding that i should create the other "teacher admin" account using policies. Is this correct? Any help is appreciated.

jtrant · ‎06-05-2023

If you are creating an admin account in your Global User-Initiated Enrollment settings, don't create it again in your PreStage. This can cause enrollment failures.

Creating admin accounts using Jamf policies is fine, but only the account created in your PreStage (e.g. the first end-user) will get a Secure Token. This is important for installing updates on Apple Silicon Macs, among other things.

Creating additional account(s) using System Preferences > Users & Groups while logged in as a user with a Secure Token will automatically grant a Secure Token to new user accounts. Enabling them in FileVault (if created via Policy) will do the same thing, but this may not be practical in your environment.

Jenncat · ‎06-05-2023

Can I take the creation of the admin account out of Global User-initiated enrollment settings. I unchecked it but then had an message in my pre-stage enrollment that "cannot add or edit prestage enrollment options without User initiated enrollement checked

jtrant · ‎06-06-2023

Leave it in Global UIE, but take it out of your PreStage.

Jamf Nation Community

setting up admin accounts with pre-stage enrollement