Posted on 09-25-2018 02:28 PM
During Prestage Enrollment I am successfully running the rename computer script as a policy and it binds to AD.
Is it possible to have it run during the setup assistant or at the login screen?
The issue I face is with our naming convention. I need to rename the Mac and then bind to AD Prior to first login.
Currently it renames and binds but only after I log into a local account created be prestage enrollment.
I need it to prestage enroll, rename the Mac, then join to AD. If it does not rename and bind to AD the user will not be able to login with AD credentials but the script doesn't seem to run until a local user is logged in.
The idea is for this to be an automated process. I cannot give out the local account password to users so that it will finish enrollment policies.
Posted on 09-25-2018 05:31 PM
I don't believe there is any workaround for that. after login, we just unbind, prompt for name, then rebind. not elegant, but it works for us.
Posted on 09-25-2018 05:43 PM
Using Depnotify you can! I'm doing that now
Posted on 09-26-2018 12:04 AM
Posted on 09-26-2018 04:55 AM
I'm using a customised version of this workflow
Posted on 07-24-2019 09:08 AM
@peterwells I'm struggling with the DEPnotify script described in that workflow. DEPnotify launches, but there are no text input areas. Could you give me any pointers? Thanks!!
Posted on 07-24-2019 10:50 AM
I had the same issue and my solution is fairly simple.
You initially bind the computer to the domain using the computer's serial number.
Then create a package that runs a launchdaemon in /library/launchdaemons. This package should run a script which determines if the user who just signed in is the owner of the computer. At which point the script will rename the computer and rebind it to the domain.
We've been using it for awhile and it's pretty slick. It's not fancy and there are no windows that pop up but there's also no need for our techs to rename computers. It creates the computer name by taking pieces of the username who just logged in and some of the serial number.
Posted on 07-24-2019 05:07 PM
I've shared my collection of scripts here:
Hopefully it makes some sense, but feel free to ask questions!
Posted on 07-30-2019 01:29 PM
Thanks, all! My first issue was trying to use the newest DEP binary. My current issue seems to be that the new name is written to Jamf, but the Mac stays generically named and sometimes pushes that name back into Jamf. I've even added scutil commands to the DEP script...
I'll keep banging my head against it!
Posted on 07-31-2019 08:29 PM
So you're using this:
And writing the "hostname" to an EA? can then using that to grab the computer name?
Posted on 08-01-2019 05:48 AM
I was using this:
But that didn't 'stick'. So then I tried naming the system before enrollment by launching system preferences and naming it in sharing before the enrollment profile was applied. That worked, but when I came in this morning it's back to being named iMac locally and in Jamf. So I'm stumped.
Posted on 08-04-2019 05:06 AM
This year I reworked my previous workflow; moving away from DEPNotify to NoMAD Login AD - specifically the Notify and User Input mechanisms from it and NOT the mech that replaces the login window and creates local accounts based on AD credentials. The goal was to do all provisioning, naming, binding etc without the need to log in at all and keep Apple's regular login window so users would get mobile accounts.
Posted on 08-06-2019 08:41 PM
Yeah - all my work is basically stolen from @neil.martin83 so steal from the source. :)
I really want to move to Nolotify but other things keep popping up
Posted on 08-07-2019 07:13 AM
If you're just looking for an easy way to set the computer name during Setup Assistant, take a look at my bash script that uses AppleScript to popup a dialog box to set the computer name. You'll need to attach this script to a policy that runs on the enrollment trigger. Then, when in Setup Assistant, stay at the Time Zone selection screen until you see the computer name dialog pop up (it can take 30 seconds or so).
Also, if you want to bind to AD just add some dsconfigad code to the bottom of script.
Posted on 03-04-2022 11:59 AM
Hey @cbrewer -- New to Jamf myself and was wondering if this can be modified to simply function after the enrollment process thereby affecting the computer name for those that aren't worried about timing or binding to AD?
Posted on 03-04-2022 12:09 PM
Most of our deployments are Zero Touch so I can't guarantee that people will wait on the Time Zone selection for 30-60sec. I have been trying to find a solution where the user will be prompted to enter their name soon after account creation, thereby changing the computer name.
Posted on 12-17-2019 08:13 AM
I am new to Jamf and trying to get this going when you say "Runs on Enrollment Trigger", is that under Policies -> General -> Trigger -> Then check the box for "Enrollment Complete", or do I have to click "Custom" and write something in their? Any guidance would be great!! :)
Posted on 12-17-2019 01:26 PM
Posted on 04-30-2020 08:58 AM
Thank you everyone for your responses.
I did not even realize until today that there were responses to my question.
Wonder why they don't have email notifications?
Posted on 08-27-2020 09:13 AM
Thank you @cbrewer Just tested this and works great. Exactly what we needed so we can name computers before Active Directory Binding policies hit.
Created a quick video of what this looks like.
Posted on 08-27-2020 09:30 AM
@GetCart3r Thanks for creating the video. If you want to get rid of the "jamf wants access to control System Events" popup, you can push out a config profile with a PPPC payload. You'll want to give com.jamf.management.Jamf, /usr/local/jamf/bin/jamfAgent and /usr/local/jamf/bin/jamf access to the following 3 AppleEvents: com.apple.systemevents, com.apple.systemuiserver and com.apple.finder.
Posted on 08-28-2020 08:53 AM
Thanks @cbrewer I did this with the PPPC Utility but when it was in place it was having an issue and looking and the enrolment screen.
Posted on 09-23-2020 10:45 AM
I have a question for cbrewer, I'm testing your script to rename the computers to no avail, the prompt never shows up! I have it as a policy with the Enrollment Complete trigger and set to ongoing. What's missing?
Posted on 09-24-2020 09:54 AM
@csanche3x Is the policy running successfully? What do the policy logs say? Are you waiting at the time zone setup assistant screen?
Do you have "Automatically install a Privacy Preferences Policy Control profile (macOS 10.14 or later)" enabled in Settings > Computer Management > Security?
Posted on 04-20-2022 03:40 PM
@cbrewer Hi, thank you so much for the script and continued support. Apologies, if this is a basic question, but I have been getting the following error when running the script.
|Executing Policy Computer Name|
|Running script Computer Name...|
|Script exit code: 0|
|Script result: Logged in user is not _mbsetupuser. Exiting...|
I've tried searching the error, but I get no relevant information. Any advice or suggestions?
Posted on 09-25-2020 07:15 AM
@cbrewer (I'm deploying 10.15.6) I have the script via configuration profile with the "Enrollment Complete" trigger & Execution Frequency set to "ongoing", I'm waiting at the time zone setup assistant screen but I never get the prompt, I do have the Automatically install a Privacy Preferences Policy Control profile setting enabled, here's a screenshot of the policy.
Are there any script paramenters I need to set?
Thanks for your assistance!
Posted on 01-26-2022 11:44 AM
@cbrewer Thanks for making this script, I've been using it flawlessly for new Big Sur machines but I think it broke with Monterrey, I get the "jamf wants access to control System Events" popup still but no prompt. The jamf.log doesn't have any script exit code so I'm not sure what's going on.
Posted on 01-26-2022 12:05 PM
I don't really use this script in the same way anymore, but I went ahead and made a couple changes. Grab the latest version and try it again. The script no longer activates System Events as I think it is unnecessary.
Posted on 01-31-2022 08:57 AM
This worked! Appreciate the help