![]() ![]() What you could try to do if you're able to shuffle around ABN/ASM assignment to the on-prem server is to create a specific pre-stage config in the destination server for just these devices that does not create a user account, and then write an off boarding script/plist to be deployed from the old cloud server. If your users are not admins then you might run in to errors with that method as well. I guess if you wanted to be reallllllllly sneaky you could whitelist AppleEvents via a configuration profile, and then make your script simulate the necessary mouse clicks to approve that notification yourself. In theory you could push that out via script in Jamf, but your end users will need to approve the notification that macOS pops up asking to enroll. If all your Macs are DEP/ADM-capable, this should be the easiest approach. Usually I run sudo jamf removeMdmProfile sudo jamf removeFramework beforehand, but I don't think that's strictly necessary. I've used that method to bounce between my prod and test servers on-prem. ![]() I think your plan with profiles renew makes perfect sense. Since Apple requires user approval of MDM certificates now, that is no longer possible. ![]() In the old days this was very simple: you could just push out the new QuickAdd package via policy, bing-bang-boom. Any approach you take will require some amount of manual cooperation from the users. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |