Skip to main content
Question

Erase, Reenroll Macs in to Jamf.. Zero Touch

  • May 10, 2017
  • 6 replies
  • 57 views
T
Forum|alt.badge.img+3
  • TIC
  • New Contributor

Had a new deployment of several hundred MacBook Airs last summer ... Delivered from Apple new .. and they were properly wired up in our DEP.

Was able to hand out to users without touching them ... they created their own admin accounts, and the Airs showed up as supervised/managed and enrolled in JAMF. Garageband and iMovie were already in /Applications. Self Service populated with correct Apps.

Nice.

How can I replicate this experience...as the Airs all come back this summer ( K-12 ) and go to new users next year.

Wish list:

  1. Device handed out, users start it up and are at the setup screen
  2. Device enrolls itself?
  3. GarageBand,iMovie,Pages,Keynote are in Applications folder

6 replies

DBrowning
Forum|alt.badge.img+25
  • DBrowning
  • Esteemed Contributor
  • May 10, 2017

wipe/re-install OS from Recovery.

You'll need to create policies to install GB, iMovie, Pages, Keynote, Numbers. Since Pages, Keynote and Numbers are all now free, you can deploy with VPP.

Since devices are already in DEP, when you re-install the OS, DEP will kick in like it did previously.

That's my thoughts.

T
Forum|alt.badge.img+3
  • TIC
  • Author
  • New Contributor
  • May 10, 2017

Thanks !
What's the recommended way to wipe/reinstall OS? I booted a sample Air into Target mode .. wiped it that way.

But variations of Option-R, Option-CMD-R all lead to Internet Recovery after wiping the disk .. takes too long. ( There is not bootable recovery drive any more? )

I did boot into Target in this same device later -- and ran the Install macOS Sierra installer with success -- but on reboot it does not pull down it's proper config file from Apple Activation server .. and does not get enrolled.

I can reenroll after the fact -- but also .. takes too long?

Trying to avoid the whole imaging game as I was led to believe this is the way to go nowadays .

DBrowning
Forum|alt.badge.img+25
  • DBrowning
  • Esteemed Contributor
  • May 10, 2017

Wiping can be a few different ways:

1) Boot Directly to Recovery Partition, wipe and then reinstall
2) Create a barebones image and then use Target Disk Mode Imaging - be sure to run the following commands in single user mode before capturing image - rm /var/db/.AppleSetupDone - rm -rf /var/db/ConfigurationProfiles/ - rm /Library/Keychains/apsd.keychain
3) Create multiple USB Installers and wipe and reinstall from those

    georgecm12
    Forum|alt.badge.img+12
    • georgecm12
    • Valued Contributor
    • May 10, 2017

    Unfortunately, there's no remote "erase all content and settings" command on macOS like there is on iOS... at least, not yet. I wouldn't be surprised to see that added at some point, possibly after an eventual transition from HFS+ to APFS.

    Until such time, the best option for (as close to) zero touch is going to be a netboot and restore an image.

    J
    Forum|alt.badge.img+8
    • jimmy-swings
    • Valued Contributor
    • May 12, 2017

    You guys dont use a firmware password to protect your machines? - https://support.apple.com/en-au/HT204455

    T
    Forum|alt.badge.img+3
    • TIC
    • Author
    • New Contributor
    • May 12, 2017

    Used OFPW on older deployments. Users are now own admins and we are not using firmware password any longer. May move back to that one day.

    Terms & ConditionsCookie settingsAccessibility statement