Adding a script into casper imaging desktop to wipe a filevault 2 encrypted drive

gerald_fernando
New Contributor

Hi guys

I need some help in inserting a script into our netboot image so that i can double click it and format the drive before i image the machine. i've been looking around but haven't found anything on this. Currently our process is to boot into the recovery partition and format the drive using disk utility then netboot into casper, which is fine but i like to make things a bit more simple. I already found an applescript to format the drive but i have no idea how to get the script on to the netboot image. I am guessing the script has to be packaged up via composer and added to autocasperNBI, but i am not too sure how to create the package exactly so that it would appear on the desktop when i added it to autocasperNBI. Any help would be grateful.

9 REPLIES 9

Chris
Valued Contributor

My suggestion would be to save your Applescript as an application and install it to the /Applications folder using a pkg (-> Composer if you like it).
Then you can create another package for the Dock you would like to use in the NetBoot environment,
containing the app you built and maybe some other useful tools.
Package that up as well (the file you need is /private/var/root/Library/Preferences/com.apple.dock.plist) and add it to your AutoCasperNBI config.

DBrowning
Valued Contributor II

we deal with encrypted drives and re-imaging all the time. We just click the cancel button when prompted for the password. Open Imaging and make sure to check the box for "Erase target Drive". This hasn't given us any issues.

gachowski
Valued Contributor II

Older versions of Casper Imaging and disk Utility, had issues with encrypted drives. Good to know that it's changed.

C

SeanA
Contributor III

This JAMF knowledge base article, and the comments underneath the KB, also answers the question: Imaging Computers Encrypted with FileVault 2

bmarks
Contributor II

So, I had a sneaking suspicion that Casper Imaging still had issues related to the Recovery HD and potentially ending up with extra partitions, so I just ran a quick test using only the "Erase target drive" checkbox instead of our AppleScript applet that we have been using. It turns out I was correct. On the Mac I just imaged, it has a 500GB volume named "Untitled" listed via the "diskutil list" command. On a Mac that follows our normal workflow, this isn't the case. So, while you can use only the "Erase target drive" checkbox, I'd recommend the following that's also listed in the first post by Chris.

I created an small AppleScript applet that gets installed in the NetBoot Dock via AutoCasperNBI. It displays a popup to delete the volume and all its partitions and it then auto-launches Casper Imaging when it's finished. This keeps the workflow basically the same as before and minimizes the clicks you have to make to initiate the imaging process.

bmarks
Contributor II

As a side note, here is the AppleScript that we use that's saved as an app in Script Editor:

set question to display alert "Would you like to erase the drive before continuing to Casper Imaging?

(NOTE: This will also erase encrypted partitions)" buttons {"Erase", "No"} default button 1
set answer to button returned of question

if answer is equal to "Erase" then
    set question to display dialog "Are you sure you want to erase ALL volumes and data from the drive?" buttons {"Yes", "No"} default button 1
    set answer to button returned of question
    if answer is equal to "Yes" then
        do shell script "diskutil eraseDisk "Journaled HFS+" "Macintosh HD" /dev/disk0"
        display dialog "Disk erased. Starting Casper Imaging…" giving up after 2
        tell application "Casper Imaging" to activate
    end if
else
    display alert "Drive was untouched.

Casper Imaging will now open." giving up after 2
    tell application "Casper Imaging" to activate
end if

gerald_fernando
New Contributor

Thanks for all your replies.

bmarks how do you normally add the apple script to the dock, would it be the same method Chris described above? i would like to know the procedure or a step by step guide.

Thanks

DBrowning
Valued Contributor II

Thanks @bmarks

The script above keeps erring out when ever i try and run it. If I say to erase I get a "Couldn't Open Device" error and if I click "No" it will open casper but then errors with: "Connection is invalid. Casper Imaging got an error: Connection is invalid. (-609)

bmarks
Contributor II

I don't think anything got lost in translation during the copy/text. Here's what works for us.

Open ScriptEditor, create a new document, paste the above script into the window and then save as an Application. If you want, give it a custom icon and name it something clever. Next, open Composer, create a new package. This package will do a few things. First, it will put your new AppleScript app in the Applications folder. Second, it will delete the launchagent that is installed by default by AutoCasperNBI that normally auto-launches Casper Imaging (we don't want this anymore.) Third, it installs a new Dock plist file in root's Preferences folder so that it now shows this new app. Once Composer has made this into a package, add the package to your AutoCasperNBI workflow so that everything gets installed on your new NetBoot image.

One important thing to remember, after you have NetBooted to this image, you will see a Finder popup asking you to unlock the drive. Always click "Cancel" here and then proceed by clicking on your new app in the Dock. If you do not click "Cancel," you will need to re-NetBoot.