Jamf Nation Community

I talking about adding those option inside a config profile payload. The config profile gets applied to the computer and new users that login for the first time don't see those setup assistant screens.

I really don't care about the first time it boots up.

Ok, you're talking about the one or two (maybe three now) screens that come up each time a new account logs in for the first time then? That wasn't entirely clear from your post, so my apologies on jumping to a conclusion.

I believe there are some ways to suppress at least some of those things that come up. Rich Trouton, if I remember correctly, may have some older scripts on his blog that can suppress the iCloud setup assistant screens for example. You might want to search around on his blog page: https://derflounder.wordpress.com
I'm not sure about any others. I honestly don't really worry much about the couple of screens that come up on first login myself, but to each his own.

As for why they aren't Config Profile options, I suppose that's a good question. If there isn't one already, you could always create a new Feature Request for that. OTOH, most things that can be scripted by changing a plist setting can be converted to a Config Profile and pushed out that way.

@mm2270 I created a feature request, link below. I attached a picture to show what DEP can turn off, so hopefully JAMF can do it also with config profile. Like the Apple ID, location services, terms and Conditions etc..

I have a script that does it, but it would be better to have a config profile

https://www.jamf.com/jamf-nation/feature-requests/9208/payload-in-configuration-profile-for-setup-assistant-prompt-bypass

Again though, Jamf is simply facilitating what Apple allows to be turned off during DEP enrollment. Those skip options come from Apple, not Jamf. I don't think Jamf has any control over a non DEP setup as far as all those screens are concerned.
See, this is where I think some confusion is coming in, because you're using the term "Setup Assistant" which most people take to mean during first setup of a device straight out of the box (or after being wiped). I sincerely doubt Jamf will be able to create some way to skip all those options with a config profile outside of the DEP workflow.

I mean when a user logs in they get all those dumb apple prompts to login to Apple id, location services, conditiions, analytics etc.

so if i second, third, fourth user logs in for the first time they get all those prompts. Instead of a script to run after enrollment, hey jamf, have a config profile with those options to be turned off system wide for all new users.

You can do this with a configuration profile. Use a custom payload with the com.apple.SetupAssistant.managed domain with the SkipCloudSetup, SkipSiriSetup, SkipPrivacySetup, SkipiCloudStorageSetup, SkipTrueTone, and/or SkipAppearance key values. Search for Setup Assistant in Apple's Configuration Profile Reference for more details.

@ChrisCox awesome, thanks, i'll check it out.

do you do this? do you have a screen snippet?

I cannot provide a screenshot, but this script should build the plist you need to upload to Jamf Pro to create the custom payload configuration profile.

#!/bin/bash

# buildSetupAssistantConfigurationProfile.sh
# Builds a plist that can be used to create a custom payload configuration
# profile in Jamf Pro to suppress Setup Assistant prompts at time of login

# Enter the full path to the directory to which the
# plist should be saved in between the quotes below
DIRECTORY="<ENTER DIRECTORY PATH HERE>"

# Identify an array of all keys that correspond to Setup Assistant prompts that
# should be suppressed. Keys corresponding to prompts that should not be
# suppressed should not be included in this array.
SUPPRESS_KEYS=("SkipCloudSetup"
    "SkipSiriSetup"
    "SkipPrivacySetup"
    "SkipiCloudStorageSetup"
    "SkipTrueTone"
    "SkipAppearance")

# Identify the full path to the plist
PLIST="${DIRECTORY%/}/com.apple.SetupAssistant.managed.plist"

# Loop through the array of keys and set their values to false
for key in "${SUPPRESS_KEYS[@]}"; do
    /usr/bin/defaults write "$PLIST" "$key" -bool true
done

# Convert the plist to a Jamf-Pro-compatible format
/usr/bin/plutil -convert xml1 "$PLIST"

exit 0

@ChrisCox so all i need to do is enter a diectory location? Like /users/me/desktop and run the file using terminal?
Then use the resulting file for the configuration profile?

This will be used with macOS Catalina, instead of the script i currently use.

Please note, in Jamf Pro some of these preferences seem to be hiding under the Login Window payload under the Options tab

Yes, just enter a directory like your desktop and run in Terminal. Also, make sure the script is executable if you have not already (e.g. /bin/chmod +x /path/to/buildSetupAssistantConfigurationProfile.sh).

And yes, you can use the built-in login window payload if the other settings in that payload happen to fit in with what you are looking for. I tend to prefer custom payloads over built-in payloads when I can. The built-ins can often come with unintended side effects.

@ChrisCox created the .plist and Config Profile. Testing it. Currently i use a script that runs after enrollment.

here is a snippet of that:

for USER_TEMPLATE in "/Library/User Template"/* do /usr/bin/defaults write "${USER_TEMPLATE}"/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE /usr/bin/defaults write "${USER_TEMPLATE}"/English.lproj/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none /usr/bin/defaults write "${USER_TEMPLATE}"/English.lproj/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion "${sw_vers}" /usr/bin/defaults write "${USER_TEMPLATE}"/English.lproj/Library/Preferences/com.apple.SetupAssistant LastSeenBuddyBuildVersion "${sw_build}" /usr/bin/defaults write "${USER_TEMPLATE}"/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeePrivacy -bool TRUE /usr/bin/defaults write "${USER_TEMPLATE}"/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeeTrueTonePrivacy -bool TRUE /usr/bin/defaults write "${USER_TEMPLATE}"/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeeTouchIDSetup -bool TRUE /usr/bin/defaults write "${USER_TEMPLATE}"/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeeSiriSetup -bool TRUE /usr/bin/defaults write "${USER_TEMPLATE}"/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeeActivationLock -bool TRUE /usr/bin/defaults write "${USER_TEMPLATE}"/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeeScreenTime -bool TRUE done

It is probably a good idea to keep that in your post-enrollment provisioning script(s) to supplement the configuration profile in situations where it fails to install, comes in late, etc.

@ChrisCox the config profile would take effect before the script, but you think i should still have the script run?

the script is in a Self Service policy (with other policies that install stuff like Office) so after enrollment i go into self service and kick it off.

i'm gonna test the config profile separately to see if it works though. Do everything normal, run this self service policy, but remove the script from it.

I bet the config profile alone will be enough the vast majority of the time at least. If you had an automated workflow that did not require the trigger through Self Service, the script could potentially occur before, or nearly simultaneously with, the config profile install. If you think it doesn't fit in your context, don't try squeezing it in. It sounds like you have a good test plan.

@ChrisCox hey man, the config profile worked alone. The test laptop was scoped to the config profile, i setup a fresh 10.15 laptop, enrolled it, verified/accepted mdm profile, the config profile took effect (along with others), i logged out of the current account and into the 2nd account and no prompts popped up.!!!

Gonna try on second test laptop with 10.14

@chris_cox I'm using the config profile, but what the ANALYTICS popup appears, what would need to be added for that to not appear.

You can do this with a configuration profile. Use a custom payload with the com.apple.SetupAssistant.managed domain with the SkipCloudSetup, SkipSiriSetup, SkipPrivacySetup, SkipiCloudStorageSetup, SkipTrueTone, and/or SkipAppearance key values.

So, we've got "SkipSiriSetup" configured, but as of MacOS 11.6, we're still getting the Siri prompt after OS update. Anyone know if there's a new Key to disable the Siri setup prompt? All other keys are working exactly as expected.