It is possible to configure macOS local user info via Meraki and/or Apple DEP resources? If so, how?
We are set up with Apple DEP and linked with Meraki SM. The last new mac we ordered was registered with DEP, so I was able to assign some profiles and configure settings on that device before even opening the box. I can't figure out how to setup a local user profile on a new device through DEP. I don't see any options for that under MDM Profiles in SM, and now with the new Apple Business Manager, I do not see any options for configuring local users there.
Solved! Go to solution.
From my knowledge there is not one however I would love this feature. For now the only way I can see getting it done is via pushing out a script, however you would still need to create a manual account first when you first setup the new computer.
From my knowledge there is not one however I would love this feature. For now the only way I can see getting it done is via pushing out a script, however you would still need to create a manual account first when you first setup the new computer.
You could use create user PKG, but I would be very careful and make sure SM recognizes it as installed!
Thanks to both of you! I figured this might be the cases since it wasn't easy and straightforward with the basic options.
Is it relatively "normal" for admins to assign profiles, etc through DEP, but let the end user set up their own local user on the device? I realize everything important is still managed and controlled through profiles and the agent, but I hoped there was a way to make local user profiles remotely.
We don't have a large amount of Macs. But this is our procedure. The device is assigned to the user with there AD credentials (during DEP) and the appropriate profiles and apps come down. During setup, the local account is an admin account (we call it "techlocal") is created. After verifying that the AD bind was successful (configuration profile) and the login page profile came down, we hand it over to the user - they login with there AD credentials and a mobile account is created. Anytime they are on the corporate network, we rsync via a script at login all there local data (Files on the Desktop, Documents, Photos, Videos) onto there network home (stored in an SMB share). The network home acts as a backup for there data. We played with the idea of ditching AD and using something like NoMAD to "lose the bind", but keep the benefits of AD (kerebos), but decided against it as we have no problem with AD.
Thanks, jared_f. Great explanation, as far as I can tell!
We are not running AD, so maybe that will hold me back from doing what I want to, but I suppose it's not the end of the world to just allow the end user to create their own local user, etc if I really want the ease of not touching the devices before they're given out.
We usually create our admin local user and then run our own script to install custom tools and for creating the user’s profile before handing the device to the user.
caribou