Posted on 12-23-2015 09:30 AM
Recently, my IT team started offering our old, refereshed Macs (4+ years old) to members.
During the Referesh cycle, each Mac is wiped and re-imaged with a standard "factory" Mac OS X image (usually the most recent OS X build - assuming its comapataible with the hardware, etc)
In the past, I used DeployStudio for this. I simply pushed-out an OEM Apple image, shut 'er down and that's it. Done. "Enjoy your new (old) Mac. Don't call us if it breaks."
As I migrate from DS to Casper Imaging in 2016, is it posible to image/deploy a Mac as described above, but prevent it from enrolling into the JSS (i.e. do not install the JAMF QuickAdd pacakge?) I dont see an option to do this.
Does anyone have a similar situation in which they dont want the QuickAdd to be installed on a newly-imaged Mac?
Posted on 12-23-2015 09:39 AM
You can use System Image Utility to create a NetIntall image that just formats the drive and installs a "factory" os.
Then just bless the machine to NetInstall from that image from casper.
Posted on 12-23-2015 09:46 AM
Or you could use Imagr
Posted on 12-23-2015 09:55 AM
Any of the above suggestions work (as does, continuing to use DeployStudio). Is there any reason one can't include something like
jamf removeFramework in a first boot script? Just wondering, I've never tried it so... In any event, you can also script the removal of units from the JSS as well (Or just give them a standard Prefix and delete them all in one go). There seem to be many ways to skin this cat.
Posted on 12-23-2015 10:02 AM
I considered jamf removeFramework too, but fingured why install stuff and then yank it later if I can avoid installing it to begin with. "Occam's razor", etc.
Good suggestions. I will ponder all of them. Never used Imagr before. Not a fan of Apple's System Image Utility, but will take a look again.
Posted on 12-23-2015 10:10 AM
I create a DMG of the machine and then use Disk Utility from an external drive to image the hardware I am returning to our leasing company. Takes a few minutes to apply that never booted image onto a machine.
Posted on 12-23-2015 10:14 AM
@dstranathan the way we get old equipment ready for resale is to use DBAN to zero-data erase the hard drive. Then we NetBoot the computer to our normal NetBoot set and use a script to partition the drive and use the command line asr to restore a base OS that was built with AutoDMG. It's a relatively efficient process. I just wish I could get DBAN to boot from a USB flash drive on the Mac.
Posted on 12-23-2015 10:44 AM
@Chris_Hafner I'm testing this scenario this afternoon. It may technically work.
I created a Static Group called "2016 Refresh Macs". I dont want is group to be dynamic - to avoid "automagical" human error on my part. Smart Groups make me nrevous when things like "removeFramework" are in the mix!
I made sure all my usual first-run Policies have an exclusion for the Refresh static group.
I have a corresponding Refresh Policy that looks for only Macs in the 2016 Refresh Macs static group. It is triggered at Startup and it only runs once per computer. It has a single payload that runs "removeFramework" and thenreboots/shuts down.
2 thoughts:
1) Won't the Mac still have the JAMF hidden local admin/service account on the Mac? Or will ithe account get nuked during "removeFramework"? I dont want a creepy backdoor on my user's (personal) Macs.
2) Does a computer record stay in the JSS for historical purposes?
Posted on 12-23-2015 11:18 AM
the removeFramework command will clear out everything. If you're not adding an account it wont have one anyways! Just make sure that you either use an unbooted image or check the "Show OS X Setup Assistant" under "Advanced" custom options. A computer record will be created by default. Take them or leave them. Having a script remove them is simple enough if you don't want any records.
Posted on 12-23-2015 01:38 PM
Couldn't you just image the computer using just base OS and not use an image configuration?
Posted on 12-23-2015 01:44 PM
@jimlee Casper Imaging will ensure that the jamf binary is installed, pretty much no matter what so far as I know. The unit will also be entered into the JSS inventory, though unmanaged since there wouldn't be an admin account. @dstranathan wishes to make sure the units are clean of any non-Apple stuff before they leave.
Posted on 12-23-2015 01:54 PM
In my situtaion, these are Macs that were previously imaged and deployed into production (for ~4 years). They will be replaced/updgraded and the "retired" Macs will be wiped and have an Apple factory image slapped on them and sent out the door to employees who want one (a lottery system)
We used to simply wipe the computers and send them to the recyling farm. Ahh - The good ole days.
I cant find a way to image/deploy via Casper and NOT inject the Mac with the JAMF agent.
I'd prefer not to keep DeployStudio around if the only thing it does is push-out an Apple base image once a year. I dont want to confuse my Desktop Techs too much by having multiple imaging solutions in parallel.
Id love a no-brainer, dead simple dedicated NBI that did the entire process automatically. Hit the "Go" button and be done. There's nothing to configure on these particular Macs at all, other than making sure they get securely wiped before getting sent off to a civilian life.
Its been years since I played with Apple System Image Utility.