Help

Zero Touch Deployment within Windows infrastructure

George-x_chan
New Contributor III

Posted on ‎09-24-2019 03:14 AM

Hi Guys,

I'm looking for a little help in how we can set up Zero touch deployment in our environment.

Just to give a background, we have around 200 macs and over 15k Windows devices. At the minute we are having to manually bind the macs into AD so we can authenticate to the WiFi and DFS.

Should we be looking into creating a script to bind machines during the pre-stage enrolment or using Jamf Connect and integrate with AAD? - although i'm not sure what obstacles we would face with that.

Any insight / assistance would be appreciated.

Thanks
George.

Labels:
0 Kudos
4 REPLIES 4

mark_mahabir
Valued Contributor

Posted on ‎09-24-2019 03:19 AM

RE Wi-Fi and DFS, have a look at the Jamf AD-CS Connector. This is something that we are considering here - at the moment we need to bind to AD as we use device-based certificate authentication from AD-joined machines.

Gascolator
New Contributor III

Posted on ‎09-24-2019 08:24 AM

No need to use a script, just use a profile to bind to AD. This is how our machines flow through our pre-stage enrollment for single user workstations:

A profile that runs a script to name the machines by their serial # triggered @ enrollment complete
That profile triggers another profile to bind the machine to AD
That profile triggers another to set the EFI password
That profile triggers another to install DockUtil
That profile triggers another to install DEPNotify
That profile triggers another profile to run the DEPNotify Script. At login, the DEPNotify script runs and completes all the other setup profiles I have scoped to those machines.

0e6067ff89284f32b8deba47a05be4dc

0 Kudos

George-x_chan
New Contributor III

Posted on ‎10-03-2019 12:47 AM

Thanks @mark.mahabir but unfortunately it seems our security team still insists on having these machines bound the AD! :(

@Gascolator - i will look into replicating this but were you able to create the machine object in AD automatically? - i have to manually create this before i can bind to AD

Thanks
George

0 Kudos

Gascolator
New Contributor III

Posted on ‎10-06-2019 09:54 AM

@George-x.chan if your settings are correct under->settings, computer management, directory bindings, then the policy that calls that binding should run and create/bind the machine in AD. It should behave the same as if you went in and manually bound the machine in MacOS.

0 Kudos