Help

Best practice for "Clean Imaging" End-of-lease devices

Caleb_Anderson
New Contributor III

Posted on ‎11-20-2017 09:21 PM

I have been reimaging our end-of-lease devices with a blank image captured from a new machine, on a casper imaging USB.

Am I safe to assume that the newly imaged computer WON'T check in to the JSS without any framework, or a quickadd package sent to it during the imaging process?

We had a parent return a computer that had been imaged and her account had been changed from Admin to Managed, yet it had no self service on the machine. I'm hoping this is just an anomaly, perhaps not being imaged correctly to begin with.

Basically I just need confirmation that I've done the right thing and I'm not going to have 100 laptops returned connected to the JSS haha.

Thanks!

Labels:
0 Kudos
4 REPLIES 4

bradtchapman
Valued Contributor II

Posted on ‎11-20-2017 11:30 PM

When you say 'casper imaging' USB, is it the kind that connects to your JSS and runs a 'Pre-Stage Enrollment' workflow? Does your imaging workflow normally include a separate enrollment step? Start one of these 'freshly-imaged' computers in Single User Mode (Cmd-S) and look in the /usr/local/bin folder. Do you see 'jamf' ? Check /Library/LaunchAgents and /Library/LaunchDaemons.

0 Kudos

Caleb_Anderson
New Contributor III

Posted on ‎11-21-2017 04:10 PM

We don't have a "Pre-Stage Enrollment" workflow set up through the JSS, I set them up with the intention of being offline imaging USBs by removing all packages from our secondary server except the actual dmg for the image, and then replicating that to the USB. When I boot to the USB though, casper imaging asks for a JSS login and won't continue without it, so I think I have messed something up there as last year's imaging usbs were fine without it and just gave a warning that no login was given so it won't connect to the JSS.

That being said, after checking one of the machines I do see 'jamf' in the /usr/local/bin, and a jamf first run enroll plist in the Launch Daemons folder.

0 Kudos

Look
Valued Contributor III

Posted on ‎11-21-2017 04:42 PM

Internet Restore and an Apple caching server would be my pick.
Otherwise a NetInstall server.

0 Kudos

Nix4Life
Valued Contributor

Posted on ‎11-21-2017 05:26 PM

2nd what @Look said. I even go a step further and use iMagr to do a clean install and keep it away from our JAMF setup. Netboot, enter password click a button done. Easy to move over to 1st level or PC support if you need additional hands

0 Kudos