Hey all,
A quick question – why does the sudo profiles renew -type enrollment
command enrolls the device as a new device in Hexnode?
N.B: The device is already enrolled in Hexnode with Apple DEP
Hey all,
A quick question – why does the sudo profiles renew -type enrollment
command enrolls the device as a new device in Hexnode?
N.B: The device is already enrolled in Hexnode with Apple DEP
Why do you have to run this command when the device is already enrolled in Hexnode? I doubt.
We have provisioned a few Mac devices months back. But, don’t know what happened. This one is unable to check in with Hexnode for a while.
I saw a few posts on resetting the dep cache using the sudo profiles renew -type enrollment
command. So I tried it. Yet, it initiated the enrollment as a new device instead of re-enrolling it in the portal.
That’s however not a big deal! What frustrates me the most is, I had the filevault policy associated with the device earlier. As such, the decryption key was obtainable from the portal. Since the device is now enrolled as a new one, I cant find any decryption key shown in its device summary.
Okay. As far as I know, this command is used for initiating DEP enrollment from the terminal. It automatically installs the profile for the mdm server associated with it in the ABM account. If the device already has a profile installed on it I’m not sure if you can re-enroll the device using it.
@johana Sorry about that! That’s how I did it! I am pretty sure the profile was still there on the device when I ran it.
Does anyone know a way of generating the decryption key for my device?
Hi @luuk:
I suppose, before re-enrolling a device, you may have to re-check the Re-enrollment Options applied to it.
When Enroll as a new device is enabled, an already enrolled device gets re-enrolled as a new one.
The command sudo profiles renew -type enrollment
triggers enrollment on a device added to your organization’s DEP account. But, if the above option remains selected on Hexnode, it is disenrolled and is added as a newly enrolled device. Resultantly, the older FileVault configurations for the device do not reflect on the portal.
Currently, there will be two enrollment instances for the device, one as a disenrolled and the other as enrolled. You may fetch the FileVault Personal Recovery key for the disenrolled instance from the Reports tab. Among the Disenrolled devices (Reports > Device Reports > Disenrolled devices), search the device using its Serial Number. Click on the edit column icon to include the FileVault Personal Recovery Key. And, you can view it from there.
Catherine George
Hexnode UEM
A bit doubtful about that. @luuk had a FileVault policy associated with the device from Hexnode. What if I have a device already encrypted manually and not via Hexnode. What do I do with personal recovery key, if the device is enrolled first and foremost in Hexnode? Will that be displayed on the portal?
@catherine-george Does that mean I cannot have the decryption key displayed on the new device summary page?
Coincidentally, @luuk @anaya both your queries lead to the same answer.
Here’s is a workaround that will help you fetch the personal recovery key on the Device Summary for a device either encrypted before enrolling it or re-enrolled as a new one in Hexnode.
sudo fdesetup changerecovery –personal
Good luck,
Catherine George
Hexnode UEM
Don't have an account? Sign up