Child pages
  • MacOS Enrollment Triggered Policies
Skip to end of metadata
Go to start of metadata

Once a device has been enrolled, whether by Apple/JAMF prestage enrollment, by the user initiated website, or by an enrollment package created by EUT, a collection of policies are configured to ensure the device is set up with EUT's standard build.  Below you will find a list of the policies applied to all computers and triggered by enrollment.  Keep in mind this was designed to suit the need for macOS High Sierra setup, but works for all versions of macOS from 10.10.5 and up.

How the computer gets set up


  1. Once a device has been enrolled into the JAMF mac management server, a few applications and policies become available to execute automatically on the computer.
    1. These policies were designed to assist the ITSS group with installing all standard software in an easy automated fashion.
    2. This differs greatly from imaging in a way that we no longer need to build a golden master and keep it updated with all the software packages.
    3. It will work for all machines regardless of their OS version.  Just install the version that Apple ships it with or upgrade to the latest via the App store.  If a computer is being repurposed, simple reinstall the OS from recovery or by a usb boot disk created by EUT and re-enroll.  All the applications will be reinstalled.
    4. Imaging will still work for now with device that shipped with 10.12.6 and older, however, EUT is recommending we move towards computer deployments over computer master imaging.
  2. Policies executed:
    1. ActivePolicy NameFrequencyTriggerScopeDetailsSite ConstraintNotes

      ACTIVE

      DEP_001_DeployDEPNotify

      OngoingEnrollmentAll computersInstalls a small, lightweight app in background to display current operation, and installation progress. Cleaned up after configuring.All Sites


      ACTIVE

      DEP_002_SetComputerName

      OngoingEnrollmentAll computersSets the computer name to serial number.All Sites


      ACTIVE

      DEP_003_SetNetworkTimeServer

      OngoingEnrollmentAll computersSets the computers time server from time.apple.com to ntp-pool.net.maine.edu and configures the timezone to 'America/New_York'All Sites


      ACTIVE

      DEP_010_InstallOffice2016

      OngoingEnrollmentAll computersInstall Office 2016, includes patches and updates.All Sites


      ACTIVE

      DEP_020_InstallBrowsers

      OngoingEnrollmentAll computersInstalls latest Firefox ESR and Google ChromeAll Sites


      ACTIVE

      DEP_022_InstallMSCEP

      OngoingEnrollmentAll computersInstalls Microsoft Security Endpoint Protection. AntivirusAll Sites


      ACTIVE

      DEP_025_CanonDrivers

      OngoingEnrollmentAll computersInstalls latest Canon postscript drivers, negates users' need for admin privileges to install printers later.All Sites


      INACTIVE

      DEP_050_FileVaultSetup

      OngoingEnrollmentAll computersEnables filevault for all users logging in and forwards encryption key to JAMF for later use. User policy in Mac Software Center enables users to regenerate their key at will, and will forward the new key to JAMF as well.All SitesDisabled until can determine scopable method for limiting to laptops only.Can be turned on manually after configuration.

      ACTIVE

      DEP_099_InstallSoftwareUpdates

      OngoingEnrollmentAll computersChecks Apple Update Server and installs all updates.All Sites


      ACTIVE

      DEP_999_CleanupDEPNotify

      OngoingEnrollmentAll computersCleans up DEP Notify app, it is not needed after configuration.All SitesCan be left if we want to create a progress window for users installing software from Mac Software Center.

    2. Additional policies can be added and scoped to individual sites so that all or a collection of devices at a campus get additional software.  


These policies will need to have exclusions applied by groups only if restricting installation of some or all standard software. Furthermore, all lab machines enrolled will get the same software unless devices are assigned to a group and then excluded from the policy. But all software is standard and can be installed on all lab machines.

There is no content with the specified labels