Jamf Nation Community

revive · ‎03-27-2022

Hi Everyone,

So I am trying to setup our PreStage Enrollment for my company and I was watching this video https://www.youtube.com/watch?v=rGmlmZCL5gk

However, I noticed there is a section in the accounts pane where there is already an User-Initiated enrollment and the narrator gave us an option to create another local account.

My question is: how is that even setup (the Jamf admin local account in User Enrollment pane)?

My goal is to have one local admin account that is hidden and one viewable account that is a standard account.

Any advice, or links for tutorials will be appreciated thanks.

Hugonaut · ‎03-28-2022

In your Jamf Pro Dashboard, navigate to Settings -> Global Management -> User-Initiated Enrollment

Within the User-Initiated Enrollment settings, navigate to the "Platforms" pane & you can set your management / admin account.

This is where you can make all the changes you are referring too.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________

Virtual MacAdmins Monthly Meetup - First Friday, Every Month

Anonymous · ‎03-29-2022

@revive@sujal1208 Hi, as far, as I know, your described goal cannot be reached.
You can create a local account, but you will not be able to use that account to login into the mac, because your created account is not approved in FileVault.
The first user who is created after the initial setup on a mac is always a local administrator. This user will have to grant your hidden account for FileVault. To grant users to FileVault, the concerned user have to type his password in the "grant mask" on the Mac.

Because of these facts above, for me, it is useless to create a local (and or hidden) account on our macs.

If someone give me a reason to do this nevertheless, I will give it a chance, again, but I cannot see any way to grant that hidden account for FileVault via a policy or a script.