Help

Wipe and reconfigure

mthoma
New Contributor III

Posted on ‎02-28-2019 01:51 PM

I haven't been able to find any info on this scenario:

We have a Mac that was fully enrolled and had policies and config profiles applied to it. Eg. Office installed, SEP installed, Filevault enabled, etc.

Then what we did was:

1) Wiped the Mac with Internet Recovery and reinstalled the macOS (10.14 in our case)
2) When the Mac started up again in Setup Assistant re-enrolled it in Jamf

However it doesn't seem to have started to reinstall all of the profiles and policies. Should it without our intervention? We did have to rename the computer in Jamf and force a computer rename on the iMac. Named it back to the original name it had before.

Labels:
0 Kudos
Reply
10 REPLIES 10

hjcao
Contributor

Posted on ‎02-28-2019 01:52 PM

make sure your policies aren't scoped to once per machine...

Reply

mthoma
New Contributor III

Posted on ‎02-28-2019 02:09 PM

Thanks, so what is the recommended frequency? How much of a server performance hit is "ongoing"? Or do we base the frequency on the type of policy based on how important it is to have something installed?

0 Kudos
Reply

hjcao
Contributor

Posted on ‎02-28-2019 02:25 PM

It all depends on how your policies are set up.

here's a good way to do it:

https://github.com/talkingmoose/Jamf-Management-Templates/wiki

0 Kudos
Reply

gachowski
Valued Contributor II

Posted on ‎02-28-2019 02:32 PM

Sounds like the it is set up machine based .. all you have do/remember when you wipe a machine you have to delete from the Jamf server...

you can automate that with scripts ...

https://www.jamf.com/blog/reinstall-a-clean-macos-with-one-button/

https://www.jamf.com/jamf-nation/discussions/14330/jss-api-delete-command

C

0 Kudos
Reply

ryan_ball
Valued Contributor

Posted on ‎02-28-2019 02:52 PM

@mthoma How do you have your "Settings > Global Management > Re-enrollment" settings configured in Jamf Pro? Have you configured that section?

0 Kudos
Reply

mthoma
New Contributor III

Posted on ‎02-28-2019 03:25 PM

No, we have not yet configured the Re-enrollment settings. Do you have any guidance on what to set? Or is there a document we can follow that gives some more info.

0 Kudos
Reply

Lotusshaney
Contributor II

Posted on ‎03-01-2019 05:36 AM

Use the Jamf binary to jamf flushPolicyHistory somewhere early in your build.

That way it’s like a new machine and does not matter on policy frequency as it’s all flushed.

0 Kudos
Reply

ryan_ball
Valued Contributor

Posted on ‎03-01-2019 07:04 AM

@mthoma At the very least I would check the "Clear policy logs on computers" and "Clear extension attribute values on computers and mobile devices".

However, I have them all checked and also have the bottom dropdown set to "Clear completed, failed, and pending commands".

Reply

mm2270
Legendary Contributor III

Posted on ‎03-01-2019 07:43 AM

As @ryan.ball stated, you need to adjust the settings in the Re-enrollment section in your JSS. I have them essentially set the same way as he stated, except for the Extension Attribute item.

81b2622a6a454664a3b02c083b590685

This has seemed to work well for me.

Reply

mthoma
New Contributor III

Posted on ‎03-01-2019 09:10 AM

Thanks everyone, I'll check off those settings and see how it goes. :)

0 Kudos
Reply