Posted on 06-02-2014 11:40 AM
Hello Everyone,
Our school is about to deploy macbook air's to all incoming students. I am looking at during our distribution to be able to just hand the device unopened to the students and allow them to setup the device during a "bootcamp" session we have planned for them. All of the devices will be pre-registered with DEP which will push out the MDM.
I would to be able to have it when the student turns on the laptop, it hits Apple's OOB setup. Is there a way to have it limit the name of the machine at this point? I also want it configured to be bound to Active directory and only allow them to log in with their credentials. Would I need to pre-image these and forget trying to do an Out of Box experience type deployment?
Thank you all for any help or suggestions you may bring.
Posted on 06-03-2014 05:03 AM
You wouldn't necessarily need to "image" the machine but I do think you are going to lose the Apple Setup assistant because to bind to AD you would need an admin account on the machine to then perform the join. Also if they complete the setup assistant they would be prompted to create an account which is admin by default. With the requirements you have I don't think you will be able to do a zero touch setup at this time.
What you can do is create a configuration in Casper Admin and use Casper Imaging to deploy it. You could then bind and name the machine and install any larger software packages you wanted (Office, etc). If you use target mode imaging but don't actually erase the drive or copy an entire image, this process would be really quick. Then the machine will have a 5-10 minute setup when it is first booted. You would want to make sure the machine can connect to your network (either with a thunderbolt ethernet adapter or import a wifi profile).
Note: I have not played with DEP for Mac at this point, so there may be some additional features that I am missing that would allow this type of setup but the last time I glanced at it, you received the MDM enrollment but still did not have the Casper binary. Hopefully someone can correct me.
Posted on 06-03-2014 06:29 AM
To expand on this idea... you could put a local admin account down on the Mac and name it a pre-designated name during the target mode imaging, and leave apples setup assistant intact. That way the students then get the Apple OOB setup experience. They'll be creating an account that has admin rights, and naming the Mac whatever they want... but that's why you create a Casper policy that runs on the "any" trigger that removes admin rights from any account it finds in the /Users folder that is not the expected admin account, and renames the Mac to whatever Casper says the name should be. Enable the policy AFTER the boot camp session, and everything should be hunky dory.
But you're not going to escape having to unbox them and do this setup first before handing it to them... sorry :(
Posted on 07-14-2014 02:55 PM
Just to clear this old discussion.
Overall the way I wish to have is not exactly able to work. Oveall I have to open them up, provision them with the enrollment and do one boot up as a local admin to bind to AD. Once that is done, the system can be ready at a login screen which will prompt the user for their Apple ID. This seems to be the best choice for my scenario.
Posted on 07-16-2014 07:45 AM
This is what pre-staging is for! Imagine those suckers or sign up for Apples DEP program. Here we have all of the students show up and image them via pre-stage on day one. It only takes about 5-8 min a unit, over a gig network connection and a 22+ gig image.
If you're purchasing the systems new (perhaps you are?) then you can work with JAMF and Apple on the DEP solution they have so they're setup even before they arrive.