Help

Struggling with PreStage Enrollment

Go to solution
neildavies44
New Contributor

Posted on ‎04-14-2023 01:17 AM

I have my device configured using Apple Business Manager, when I reset the device with my custom PreStage Enrollment, I should be creating a local account during the setup where the user is a non-admin, however every time it runs through my account is an admin.

I've tried creating a new PreStage Enrollment, not working.  The device also becomes managed by the 'administrator' account I pre-configure.  Any help would be appreciated!!

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
dmccluskey
Contributor

‎04-14-2023 01:45 PM - edited ‎04-14-2023 01:52 PM

I have included a screenshot on the prestage settings.

You have to check the box to make a local admin in order to for your logged in user to be set as standard.

All of our macs have been setup this way since day one, none of our users are admin.

2023-04-14_15-42-20.png

 

also your User-initiated enrollment needs have the Username match the prestage admin aaccount and the Create management account unchecked otherwise it fights with the prestage setting. If you do need Create management account then make sure the username created is different then the prestage account.

2023-04-14_15-47-27.png

View solution in original post

5 REPLIES 5

Go to solution
AJPinto
Honored Contributor II

Posted on ‎04-14-2023 07:29 AM

The 1st account on macOS must be an administrator, the account created with PreStage will always be an Admin as its that 1st account. If you are wanting a nonadmin account, it will need to be created with a policy after the enrollment finishes. 

0 Kudos

Go to solution
neildavies44
New Contributor
In response to AJPinto

Posted on ‎04-14-2023 07:40 AM

Is that the case even if we have a 'managed admin' account created as well?

0 Kudos

Go to solution
AJPinto
Honored Contributor II
In response to neildavies44

Posted on ‎04-14-2023 07:52 AM

Hrm, I have never actually tried to create two accounts with PreStage. In theory if you are creating a local admin account (Checking the Create a local administrator account before the Setup Assistant box), then clicking Standard Account for Local User Account Type. It should create any accounts after the account crated as a standard account, keep in mind for the "standard account" option to work, you must have the create a local administrator account before the setup assistant box checked.

 

Computer PreStage Enrollments - Jamf Pro Administrator's Guide | Jamf

0 Kudos

Go to solution
dmccluskey
Contributor

‎04-14-2023 01:45 PM - edited ‎04-14-2023 01:52 PM

I have included a screenshot on the prestage settings.

You have to check the box to make a local admin in order to for your logged in user to be set as standard.

All of our macs have been setup this way since day one, none of our users are admin.

2023-04-14_15-42-20.png

 

also your User-initiated enrollment needs have the Username match the prestage admin aaccount and the Create management account unchecked otherwise it fights with the prestage setting. If you do need Create management account then make sure the username created is different then the prestage account.

2023-04-14_15-47-27.png

Go to solution
neildavies44
New Contributor
In response to dmccluskey

Posted on ‎04-17-2023 09:19 AM

Ah ha, perfect, that seems to have been it.  We have a policy to configure a local managed account with user-enrollment and disabling that, it now works as expected.  Thank you!!

0 Kudos