@gregneagle , Target Disk Mode utilizes Apple Configurator 2, right?

Not 100% sure but I think that supported target mode installs stopped working in Sierra...

C

Will this work on the new T2 MacBook Pros?

@gregneagle , Target Disk Mode utilizes Apple Configurator 2, right?

No. It's just like Target Disk Mode has always worked on macOS -- the Mac in TDM is now an external drive. Install to it, wipe it, back it up, copy things to it; etc.

Hi all, sorry for the dumb question... have not had the chance to see a 2018 Mac yet...
Other than USB boot... will Netboot/Netrestore be still an option once Secure boot is disabled on a T2 machine?
Thinking of “old style” System Image utility bootable standard OS installer or stand alone bootable net volume to avoid target disk mode
Thank you!

@carlo.anselmi Apple has depreciated NetBoot as well. Yes it can still run on current versions of macOS Server, or some of the open source equivalents, but its no longer supported by Apple, so don't expect the hardware to fully support the feature either.

I'm pretty sure NetBoot is "dead" for anything that ships with a T2 on-board.

Just not sure how much time and resources you want to put into a service that Apple has stated they are no longer supporting starting Fall 2018 when Mojave and it's equivalent Server.app is released.

~Ted

As @mortopc4 mentioned you need an admin account to turn off the boot utility....so got me thinking - can you create a admin account in terminal in the recovery partition? Would that even work? Haven't had time to poke and test it...but it probably would be the quickest way to disable the boot options on a new machine if it worked.

We are still having big time issues with this. We just received the new T2 MB Pro for testing that one of our service techs had been called on. We disabled the secure boot and selected "No Security" and also selected "Allow boot from external media" When we try to option boot we get prohibitory symbol.

@dubprocess I suspect you would need the latest version of the OS that works on these T2 machines to boot from. You could go to internet recovery and update the OS on your bootstick with one that works.

Still having issues with FileVault disk password not working. Current work around is to go into recovery partition, wipe drive as encrypted, re-install OS, then image machine. But the re-installing OS part can take anywhere from 20-2 hours depending on how machine machines we have in our lab at the time.

Stil waiting to hear back from Apple..they said I should have something by Monday.

@roiegat Yep updated the drive to the latest Mac OS version 10.13.6 still getting the prohibitory symbol.

Ah I think we found the issue. The OS version 10.13.6 build for the new 2018 MB Pro with T2 chip is not available through the app store. Going to attempt to update to the latest Mojave beta on the drive to see if it resolves the issue. I will report back.

Netboot is no longer supported on T2. Going full DEP enrollment management. IF there's a problem, the OS will need to be wiped using internet recovery.

@tnielsen I am not Netbooting though not sure who that was directed towards?

So installing Mojave did not fix the issue. I am unable to download the latest build of 10.13.6 even on the latest T2 MacBook Pro via the App Store. I was able to install the latest build (10.13.6 build 17g2208) via Internet Recovery but now I need to get this version somehow to my boot drive.

When you did recovery, did you do command+r or option+command+r?

@dubprocess Welcome to the club, been stuck at the same spot for over a week. Two bricks at my desk.
@nvandam Netiher recovery works for us, assuming Apple hasn't made the latest build available.

Okay. Mine kept failing when I'd try just command+R. But when I did option+command+R to install the latest compatible macOS it worked right away. ¯_(ツ)_/¯

Was able to contact an Apple Engineer via our Apple Enterprise support and they basically told us to kick rocks getting a hold of the latest High Sierra 10.13.6 build 17g2208

@nvandam There’s no problem restoring 2018 Mac with command+r. The problem is with building a bootable SSD with the new hardware support in it. For that we need the mac installer build that is not available

@dubprocess , try this on a machine that has the build. installinstallmacos.py

@nvandam Awesome thanks for the link. Curious if its possible to create an installer file and not just install macOS on a disk.

@dubprocess , It is. Once you run it you'll get the macOS Installer.app, but the contents will all be that of the newest build on the T2 MBP. I have a Self Service policy that download the macOS Installer.app to /Applications then uses the -eraseinstall command to wipe and reinstall macOS. It wasn't working on the T2 Mac, but once I got this script and got the newer installer it worked.

@nvandam Awesome We will give it a shot..Once I saw Greg Neagle's name I knew it had to be the work of a true ninja. haha

Since the T2 chips don't support netboot, is there a way to turn an existing NetRestore .nbi into a bootable USB?

Thanks for your time!

Myself and another tech spent a day trying to boot to a USB stick with varying OSes. We completely disabled security in the "Secure Setup Utility." We kept getting messages to "update," then had to click to connect to the internet. It went through some process, but still failed to boot to ANY USB drive. I went as far as upgrading the USB stick OS to 10.13.6, the same OS that was on the 2018 MBP, and still could not boot to it. We followed ALL of Apple's instructions for booting to USB and all failed. We use TechTools for diagnostic and creating bootable OS USB drives, and no drive w/ their configuration would boot. I consulted Micromat who really had no answer....remove external devices, ensure your admin account is good, etc. We could not boot a 2018 MBP or iMac Pro to a USB device.

It's certainly nice that Apple has locked the Macs down so tightly, but that's left admins in the dark for all we've been doing for a long time. And with everything in the cloud....what real point was there in locking out everyone on the endpoint? Hack the data at rest....there are more holes in the cloud storage than most local devices anyway.