Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

Computer Permission Requirements for Jamf Imaging

Disclaimer: This article is no longer being updated. Using Jamf Imaging to image computers with macOS 10.14 or later that have the Apple T2 Security Chip is not recommended by Jamf. Administrators may continue to use Jamf Imaging as an installation method for computers with macOS 10.13 or earlier that do not include the Apple T2 Security Chip. For more information, see Imaging in the Jamf Pro Administrator's Guide.

Overview

This article lists the necessary privileges for Jamf Pro user accounts only used with Jamf Imaging.

If the Jamf Pro user account used with Jamf Imaging has all Jamf Imaging privileges selected, the computer will image as expected, but the computer will not be added to the Jamf Pro server inventory.

Privileges

To image a computer and add it to the Jamf Pro server inventory, the following privileges are required:

Jamf Pro Server Objects

Privileges Operations
Computer Enrollment Invitations Create
Read
Update
Delete
Computers Create
Read
Enrollment Profiles Create
Read
Update
Delete

Jamf Pro Server Actions

The following Jamf Pro Server Action privileges must be enabled:

  • "Allow User to Enroll"
  • "Enroll Computers and Mobile Devices"

Jamf Recon

The following Jamf Recon privilege must be enabled:

"Add Computer Remotely"

Jamf Imaging

The following Jamf Imaging privileges must be enabled:

  • "Customize a Configuration"
  • "Store Autorun Data"
  • "Use Jamf Imaging"
  • "Prestage Imaging and Autorun Imaging"

Security Settings

If the Require login for PreStage Imaging and AutoRun Imaging security setting is disabled, Jamf Pro will check daily to automatically re-enable this setting. Jamf Pro will automatically re-enable this setting if the following conditions are met:

  • No PreStage Imaging configurations are active.
  • No computers with autorun data have administrator credentials and automatically image.

To manage this setting, navigate to Settings > Computer Management > Security.

Additional Information

For more information on PreStage imaging and Autorun imaging, see the Jamf Pro Administrator's Guide.

For more information on Jamf Pro user accounts, see the Jamf Pro Administrator's Guide.

Like Comment
Order by:
SOLVED Posted: by yellow

Does this apply to 9.6? The "Add Hardware" privs aren't there anymore.

Like
SOLVED Posted: by Jasonjia

This is helpful for enterprise management, thanks!!

Like
SOLVED Posted: by ivanlovisi

we needed to activate:
Use Casper Imaging

Like
SOLVED Posted: by benducklow

Looks like this article needs to be updated. Not only to include the verbiage for references from "JSS" and "Casper" to "Jamf Pro" or "Jamf", but also the idea that would at least need to be able to "Use Jamf Imaging"...

Like
SOLVED Posted: by sbeech

Has there been any update to what permissions are required for JAMF Pro Imaging? I have enabled all of the permission mentioned for Casper Imaging, but want to determine if there are additional permissions required.

Like