Posted on 05-10-2017 07:59 AM
Had a new deployment of several hundred MacBook Airs last summer ... Delivered from Apple new .. and they were properly wired up in our DEP.
Was able to hand out to users without touching them ... they created their own admin accounts, and the Airs showed up as supervised/managed and enrolled in JAMF. Garageband and iMovie were already in /Applications. Self Service populated with correct Apps.
Nice.
How can I replicate this experience...as the Airs all come back this summer ( K-12 ) and go to new users next year.
Wish list:
Posted on 05-10-2017 10:00 AM
wipe/re-install OS from Recovery.
You'll need to create policies to install GB, iMovie, Pages, Keynote, Numbers. Since Pages, Keynote and Numbers are all now free, you can deploy with VPP.
Since devices are already in DEP, when you re-install the OS, DEP will kick in like it did previously.
That's my thoughts.
Posted on 05-10-2017 11:09 AM
Thanks !
What's the recommended way to wipe/reinstall OS?
I booted a sample Air into Target mode .. wiped it that way.
But variations of Option-R, Option-CMD-R all lead to Internet Recovery after wiping the disk .. takes too long. ( There is not bootable recovery drive any more? )
I did boot into Target in this same device later -- and ran the Install macOS Sierra installer with success -- but on reboot it does not pull down it's proper config file from Apple Activation server .. and does not get enrolled.
I can reenroll after the fact -- but also .. takes too long?
Trying to avoid the whole imaging game as I was led to believe this is the way to go nowadays .
Posted on 05-10-2017 11:39 AM
Wiping can be a few different ways:
1) Boot Directly to Recovery Partition, wipe and then reinstall
2) Create a barebones image and then use Target Disk Mode Imaging
- be sure to run the following commands in single user mode before capturing image
- rm /var/db/.AppleSetupDone
- rm -rf /var/db/ConfigurationProfiles/
- rm /Library/Keychains/apsd.keychain
3) Create multiple USB Installers and wipe and reinstall from those
Posted on 05-10-2017 12:04 PM
Unfortunately, there's no remote "erase all content and settings" command on macOS like there is on iOS... at least, not yet. I wouldn't be surprised to see that added at some point, possibly after an eventual transition from HFS+ to APFS.
Until such time, the best option for (as close to) zero touch is going to be a netboot and restore an image.
Posted on 05-11-2017 06:39 PM
You guys dont use a firmware password to protect your machines? - https://support.apple.com/en-au/HT204455
Posted on 05-12-2017 06:03 AM
Used OFPW on older deployments. Users are now own admins and we are not using firmware password any longer. May move back to that one day.