Trigger DEP Enrollment pop-up notification

LukeMason
New Contributor III

Hey all,

I'm looking for a reliable way to trigger the DEP notification (see attached image)788b283fb8ff4cde9e75b54ce6664b73.

Here's the scenario: I work for a school district. We have a fair amount of older macs that were purchased after 2011, but that pre-date our DEP account.

This year, we're planning to add these older computers (via CSV upload) to our DEP instance.

Our current plan is to push out the upgrade to Sierra over the summer .

I've built a LaunchAgent which runs the "jamf mdm -userLevelMdm" command for the local account that we want to make the "MDM Capable User" (lets call this account "teacher").

I was wondering if there was any way to also trigger the DEP notification at the same time.

I recently took the CCA and our instructor at the time told me to try "/usr/libexec/mdmclient dep nag", which works sometimes (Less than 50% of the time).

When I run this command manually, it outputs some information about the "activation record" (which seems to indicate that the MDM recognizes that the computer is supposed to be in DEP), but it often doesn't trigger the notification.

I found this article about disabling the notification: https://apple.stackexchange.com/questions/216890/disable-device-enollment-notification-window

It lists a LaunchAgent and a LaunchDaemon that are somehow related to the process. I tried to trigger these (and also tried manually running some of the commands that I found inside of them), but I'm not especially familiar with launchd and everything I've tried results in a "could not find specified service" error.

The notification seems to be more reliable after a fresh re-image, but I'm not really keen on imaging all of these computers (there's several hundred of them).

I would really appreciate any help or advice you might be able to provide.

3 REPLIES 3

chriscollins
Valued Contributor

@LukeMason

You can manually force that check to run (and will pop up the enrollment notification of it finds an entry for that machine in DEP) by using this command:

sudo /usr/libexec/mdmclient dep nag

LukeMason
New Contributor III

Hi @chriscollins

Thanks for replying.

I have tried this command with limited success (as I mentioned above). Maybe there's something else also going on with my test computers.

I'll keep testing. I'm glad to hear that at least I'm on the right track.

Thanks again for your help.

grahamrpugh
Contributor III

Apparently sudo /usr/libexec/mdmclient dep nag is removed in 10.13.4.
But sudo profiles renew -type enrollment achieves the same thing.