DEP & Thin Imaging

Jae
New Contributor III

Hey all,

We just got DEP rolling on our devices. For Macs i'm wondering if running Casper Image out of the box with our thin imaging setup will interfere with the setup assistant once we boot from the drive.

All we have are some software and addition of the local admin account in our workflow.

I'm testing this now but was just wondering if anyone came across this scenario.

Thanks

7 REPLIES 7

davidacland
Honored Contributor II
Honored Contributor II

It depends if the Apple setup assistant is being run after Casper imaging is used.

We've tried DEP a few times. From what we've seen it should be one or ther other. So if we're using DEP, we would have policies triggered once the devices are enrolled.

It's still worth having DEP set to automatically re-enroll if the mac is wiped, but Casper imaging will automatically enroll so it just won't be used in that scenario.

adamcodega
Valued Contributor

I agree with David. You don't need to image if you're using DEP, unless the hard drive is being wiped and a new thin image is being put down, for example, an image created with AutoDMG. The idea would be to let DEP and your JSS do the heavy lifting of creating local admin and installing software.

JPDyson
Valued Contributor

In case it's not clear, there's an "On Enrollment" trigger in Casper 9 (I was very late to the v9 party, so I'm only just discovering this stuff). The idea is that after OOB setup runs, policies triggered by enrollment would do the installs/configs for you.

Jae
New Contributor III

Ah the "On Enrollment" trigger.

How do I separate the policies triggered by enrollment?

Scenario 1: A user self-enrolls their machine
Scenario 2: New out of the box setup
Scenario 3: Bare bone imaging

There are some settings or programs I wouldn't want installed for a user after self enrollment because we are not altering their machines.

Would it be best to just have different sites for each config or is there a way for JSS to know what kind of enrollment workflow has taken place?

adamcodega
Valued Contributor

A policy with an on enrollment trigger still needs to be scoped, so you'd scope it to a particular group not all machines.

davidacland
Honored Contributor II
Honored Contributor II

There is a smart group criteria option:

Enrollment Method: PreStage enrollment

That would show up devices enrolled using DEP so you can separate the policies.

stjohns
New Contributor

I've got a Macbook that was stolen, and it was erased (since they could not log in). I had already setup the computer via DEP and a PreStage Enrollment, but nothing beyond that. The computer is giving some inventory information back and has the MDM Certificate installed, but it shows as "Unmanaged". I have a quickadd package I can use. Is there any way to get the computer do download the quickadd remotely (I have no access to it via Recon or Casper Remote)?

Edit: The computer did re-connect with the JSS after being wiped. I have some inventory information, but no management options under the management tab. I want to take it fully "Managed" somehow.