I've recently been given the task of administering all our MACs with Jamf. I'm completely new to Jamf. I'm trying to set up for 2 new Mac Labs. They'd like to create 2 admin accounts, and several user accounts for each mac mini.
Administrator account for IT
Administrator account for the teacher
4 student user accounts on each mac mini (1user account per student block)
I've read that the prestage enrollment account user name must match the user initiated account name. Should that account just be my "administrator" account and then it's my understanding that i should create the other "teacher admin" account using policies. Is this correct? Any help is appreciated.
If you are creating an admin account in your Global User-Initiated Enrollment settings, don't create it again in your PreStage. This can cause enrollment failures.
Creating admin accounts using Jamf policies is fine, but only the account created in your PreStage (e.g. the first end-user) will get a Secure Token. This is important for installing updates on Apple Silicon Macs, among other things.
Creating additional account(s) using System Preferences > Users & Groups while logged in as a user with a Secure Token will automatically grant a Secure Token to new user accounts. Enabling them in FileVault (if created via Policy) will do the same thing, but this may not be practical in your environment.
Can I take the creation of the admin account out of Global User-initiated enrollment settings. I unchecked it but then had an message in my pre-stage enrollment that "cannot add or edit prestage enrollment options without User initiated enrollement checked