Command Line to Remove the DEP Setup

rosskivowitz
New Contributor

I've been running into an issue with our DEP computers where when we unbox a brand new computer that is enrolled in DEP, it won't display the DEP/MDM screen during the initial account setup. I was able to determine the issue and have taken the steps to resolve it (if you're interested in the cause and resolution, let me know) but the only way to fix the issue for some of the computers is to run an internet restore (possibly a local restore). Anyway, my question is this...

Once the initial setup of a computer gets completed, a file is written to the drive to bypass the setup screen for all future startups.

/var/db/.AppleSetupDone

Is there a similar file for the DEP/MDM screen that appears in the Account Setup process?

Thanks for any help that can be provided!

Ross

1 ACCEPTED SOLUTION

psliequ
Contributor III

If you want the Mac to run through DEP enrollment again post restore, delete

.AppleSetupDone

and

/Library/Keychains/apsd.keychain
/var/db/ConfigurationProfiles

View solution in original post

9 REPLIES 9

psliequ
Contributor III

If you want the Mac to run through DEP enrollment again post restore, delete

.AppleSetupDone

and

/Library/Keychains/apsd.keychain
/var/db/ConfigurationProfiles

rosskivowitz
New Contributor

@psliequ Thanks for your help! The bottom two commands appear to have done the trick! The .AppleSetupDone didn't exist because we hadn't completed the actual setup process but the other two did the trick. Thanks for your help!

emax
New Contributor III

@rosskivowitz We're interested in the cause and resolution you've uncovered.

We're seeing similar behavior to the problems listed in this issue and are already familiar with the commands to resolve it posted above.

Any insight you can provide would be helpful.

Thanks.

-max

lamador
New Contributor III

@rosskivowitz how are you solving the users not seeing the remote management page at enrollment from a brand new box?

dan-snelson
Valued Contributor II

@lamador The following Terminal command may prove helpful to verify a computer's status:

/usr/bin/profiles show -type enrollment -verbose

sdagley
Esteemed Contributor II

@lamador If you're sure the Macs experiencing the problem where the Remote Management screen isn't being displayed are definitely in a PreStage Enrollment, you may be experiencing a problem Apple is investigating where some machines are failing to connect with the server that triggers the Remote Management process

lamador
New Contributor III

lamador
New Contributor III

@dan-snelson I tried that. It showed that the laptop was enrolled but int never created a profile in jamf

lamador
New Contributor III

if anyone is still having issues the following articles helped me:

  • https://github.com/micromdm/micromdm/wiki/Troubleshooting-MDM
  • https://www.jamf.com/resources/videos/under-the-hood-device-enrollment/
  • https://cultureamp.wistia.com/medias/gaiq4f540s