Zero Touch Deployment Hurdles

New Contributor III

Hello All,

Two questions I have about overcoming some hurdles with zero-touch deployment.

  1. I am a Mac admin for a higher-ed institution, and we use a Bradford network sentry to register devices on our network. This creates a problem, because devices can't just connect to our Wi-Fi in order to get internet, but need an additional step of registration on the network. This is usually done by the user entering their domain creds into a pop-up on the Mac. Of course, they can't get that pop-up without first installing the client, which I want to push from Jamf via DEP enrollment. Wondering if any of you have come up with some creative ideas for solving this.

  2. Sort of a similar problem, we require new employees to change their password immediately upon receiving their new account letter. This means they can't really sign in using their domain credentials during DEP enrollment, however I'd like jamf to associate the device with them so it gets their department and AD info. Not sure if there is a clever way to get around this. I had thought maybe we could have the users come in to the service desk to get their password changed ahead of time, that might be a workaround.

Any ideas would be greatly appreciated.


Valued Contributor III

The username one should be able to be solved by leveraging.

jamf recon -endUsername "$A_USERNAME"

Maybe as a Self Service policy or something, if you have Self Service authenticated you might even just be able to have it pass $3.

The Wi-Fi sounds like far more of a conundrum, you basically need a way to allow an internet connection that can either be manually authenticated or just works to at least the required Apple locations.