Jamf Nation Community

Worse than that, imaging is going bye bye probably with 10.13 or whenever they introduce APFS as the default filesystem to macOS.

Don't just take my word on it. Try Rich Trouton's

I haven't actually had a chance to look into Thin Provisioning ... hope I didn't just waste all that time learning this.

I hope not...I still deal with some student labs on desktop Macs. Thin imaging is ok the first time but we refresh those labs from time to time. While we use a 100% modular imaging workflow (unlike the workflow above). I need some way to provision these workstations with an initial set of apps (both App Store and non-app store) and run "first-run" scripts the first time the OS boots. Thin imaging, policies and self-service does the trick the first time but at a bare minimum, I need to be able to get a clean OS on the computer and get it enrolled to Casper automatically. I'm guessing DEP will help with the second part but not so much the first...I have ideas using NetBoot and SIU how I might be able to handle the first part. I just hope Apple doesn't pull SIU without some way for me to restore the OS to a clean state (without running SneakerNet to all the machines that need reimaging).

As @franton mentioned via his link to Rich's site, pretty soon we will no longer be able to remove the OS (image a machine). I am fairly certain there will be a way to "snapshot" a machine back to factory OS, and I'm hopeful that we will be able to do that via scripts/Casper/etc.

In the meantime, you can get a clean OS on a computer via NetBoot combined with PreStage Imaging for machines not in the JSS, or AutoRun Data for machines already in the JSS. From there you can thin image through Enrollment Complete policies or via a first boot script.

@blackholemac for lab computers, you can assign a configuration via Autorun Data and then use a policy to reboot the machine off of a NetBoot server. As long as your NBI is set to launch Casper Imaging at launch, CI will check with the JSS for Autorun data and if found will image the machine. Of course, you can either put a full configuration in and have CI do the OS and all of the apps, or you can just have CI erase the hard drive and blast an OS onto the machine. On reboot the machine gets enrolled in the JSS and then your policies to install apps/settings/config profiles will get run. Or, again, drop a first boot script into the CI process and the same happens. We worked on this in CCA training back in the 7.x days of Casper and it works great. I used to use this for re-imaging an imaging workstation each night.

We do that successfully now with Casper imaging on an AutoCasperNBI NetInstall. I should have clarified that in my post...Casper imaging config, autorun/prestaging the whole 9 yards.

in my rare "experiment time" to prepare for moving away from imaging altogether I have started developing a workflow that almost works without firing up Casper Imaging based on DEP, policies and custom triggers.

What i can't get around at the moment is either using autodmg to restore the clean vanilla OS (using Casper Imaging to restore it) or a NetInstall boot to the macOS installer to get that OS on cleanly. I hope that APFS will offer some easy way to get to a clean out of box config through snapshots and give admins a way to remote control that.

So whats the best way to reimage a mac these days? If there is a better way, are there good instructions anywhere?

Thank you

@kirahman2 While I still don't have putting a clean OS on without physically being in front of the Mac down pat, everything else follows either the "thin imaging" concept or DEP enrollment methods. To illustrate, basically you take a MacBook with its OS out of the box. If you have it enrolled in DEP, it enrolls to the JSS during the setup assistant...if not you enroll the Mac with an enrollment package. At that point properly scoped and triggered polices takeover installing non VPP apps/settings and VPP managed distribution lays on VPP stuff.

That is the 40,000 foot overview of how I see this working. I've got most of the way to that goal. I just need to fine-tune scoping/triggering and figure out a magic way to get a clean OS reinstalled.

@blackholemac Thanks for that response, that was insightful. I'll take a look at DEP enrollment. Using TMI seems pretty manual in a way. Not as straight forward as I was expecting.

@blackholemac @stevewood

Don't understand all the fuzz.. It doesn't look like imaging will be dead at all. There's already solutions for it. Sure, there are changes. Cloning API, Snapshot API.. But it works, as of now at least. It would not be smart of Apple to give up the possibility and technology behind this. They should keep the technology and let it evolve.

Noone knows exactly what the future holds in terms of management, security, hybrid cloud computing etc. Sure, it's blossoming right now but there's waaaay to much uncertainties. It wouldn't be the first time limits in eg network technologies or decentralization ultimately fails.
Yes, big changes in how devices are managed are taking place everywhere. But not covering all aspects of the game could be a potential showstopper eventually giving competitors a big headstart if the tides are turning.

And having seen so many bad cases of MDM management failures and security issues I personally really hope it evolves into something better.

Is this the best way to create an image?