Help

Question about Zero-Touch imaging - What's next after DEP enrollment?

Go to solution
tnielsen
Valued Contributor

Posted on ‎08-08-2018 09:55 AM

I have a computer enrolled into my JSS using DEP. The pre-enrollment ran correctly and all I had to do was select my country and the computer did the rest.

My question is, how do you scope computers to policies that used pre-stage enrollment and not computers that are already enrolled in the JSS?

For example, now I have this computer which I can log into with no packages or settings installed. I want install all my new programs and scripts on it, but I want to ensure I'm not messing with existing computers in my JSS.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
rderewianko
Valued Contributor II

Posted on ‎08-08-2018 10:28 AM

So, after you run through DEP it would get placed into a smart group.
Enrollment Method: Prestage enrolment is: <dep workflow name>
Last Enrollment is Less than X days ago (2)
We also have a EA that we built that just looks for a file called DEPDone.. and we look for that not to be true.

From there, we trigger a script that: Starts DEPNotify, and walks through a bunch of other policies by trigger.

View solution in original post

7 REPLIES 7

Go to solution
rderewianko
Valued Contributor II

Posted on ‎08-08-2018 10:28 AM

So, after you run through DEP it would get placed into a smart group.
Enrollment Method: Prestage enrolment is: <dep workflow name>
Last Enrollment is Less than X days ago (2)
We also have a EA that we built that just looks for a file called DEPDone.. and we look for that not to be true.

From there, we trigger a script that: Starts DEPNotify, and walks through a bunch of other policies by trigger.

Go to solution
tnielsen
Valued Contributor

Posted on ‎08-08-2018 10:42 AM

BOOM DUDE, that was the group I missed! That's awesome. I thought I was going to have to redesign my entire JSS for this. This is perfect.

I think JAMF needs to work on their documentation just a wee bit. This is KEY.

Go to solution
ryan_ball
Valued Contributor

Posted on ‎08-08-2018 02:09 PM

@rderewianko Does this begin to work in some version:
Enrollment Method: Prestage enrollment is: <dep workflow name>

This is blank for me in 9.101

0 Kudos

Go to solution
rderewianko
Valued Contributor II

Posted on ‎08-08-2018 03:18 PM

I'm not sure what it looks like in 9. You'd fill it out with the name of your DEP work flow.

0 Kudos

Go to solution
Look
Valued Contributor III

Posted on ‎08-08-2018 03:30 PM

One thing to note about Prestage Enrollment names: Don't change them if your using them for scoping, unlike other references in criteria which often use the internal ID number for the target, Prestage Enrollment has to string match the name exactly.

0 Kudos

Go to solution
seanjsgallagher
Contributor

Posted on ‎08-09-2018 11:58 AM

@rderewianko Would it be possible for you to share your EA and and workflow for this?

0 Kudos

Go to solution
rderewianko
Valued Contributor II

Posted on ‎08-09-2018 01:03 PM

Sure, this was inspired by what @chriscollins is doing.

In my initial script that triggers off DEPNotify and runs the rest, I have a line at the end 

touch /var/db/.DEP_Done

I then have a EA that looks for that file

#!/bin/sh
if [ -e  /var/db/.DEP_Done  ]
then 
  echo "<result>True</result>"
else
  echo "<result>False</result>"
fi

Based on that, I can search for "Not True" which also would include no value.. It's a small safe guard for me to ensure that DEP never runs again on a machine that's been DEP'ed