Guide to Creating Sierra Base Image From A to Z

kirahman2
New Contributor II

If you're struggling to get this going, here is a full guide step for step. I've attached screenshots of my original guide with details and formatting. What a pain in the neck it was to get this going. The guide is pasted in plain text at the bottom.

d16d15708268431b9537b92cd8d92c43
39e39c39211d4f8d84447ba78d9b500f
d3a80a86a3044283823a52f12a321d6f
9f2005aa5df049dfae1f2464717787d1
1c52e6565ce342659f218affa604785a
c400c6f98b76478bb82e7834de19a479
619e1dd57eb04dfa83c768048bc4466b
94b1ecae1c914b5ba684262f454d7b52
55fce0d5c90e4a83832386cd93e8a561
d16d15708268431b9537b92cd8d92c43
39e39c39211d4f8d84447ba78d9b500f
d3a80a86a3044283823a52f12a321d6f
9f2005aa5df049dfae1f2464717787d1
1c52e6565ce342659f218affa604785a
c400c6f98b76478bb82e7834de19a479
619e1dd57eb04dfa83c768048bc4466b
94b1ecae1c914b5ba684262f454d7b52
55fce0d5c90e4a83832386cd93e8a561

Follow the steps found here for configuring the image
https://www.jamf.com/jamf-nation/articles/313/creating-a-minimal-base-os-image
Install the following applications
Adobe Reader
Slack
Office 2016
Konica printer driver
Google Chrome
forticlientsslvpn
Capture image on time machine back up (so you can go through and make updates later as needed)
Additional resources:
http://resources.jamf.com/documents/technical-papers/Imaging-OS-X-Computers-with-the-Casper-Suite.pdf
Follow the steps in the next section to capture the image in Composer.
How to take a snapshot image in Casper Composer
Build the base image on the target computer you want a snapshot of
Connect the target computer to the host computer via Thunderbolt cable
Restart the target computer in Target Disk Mode by holding on T during boot
On the host computer, open Casper Composer Click on Build OS Package and check the boxes next to the target computer's HD and Recovery HD
Click Next, select which building options you want (by default, all of them are selected).
Corporate IT > Casper Imaging Configuration Guide > Screen Shot 2016-10-25 at 11.45.50 AM.png
;Click Next again and name the image to whatever you would like (by pass any additional prompts)
Click Build
Additional resource
http://docs.jamf.com/9.9/casper-suite/administrator-guide/Building_OS_Packages.html
After you've created an OS capture, drag the .dmg file to Casper Admin (casper suite) to "All Files" let the file upload. Corporate IT > Casper Imaging Configuration Guide > image2017-1-26_10-38-16.png Corporate IT > Casper Imaging Configuration Guide > image2017-1-26_10-38-37.png
Create Local Distribution Point
Go to the Macintosh HD root folder > Create a folder called "JamfDistributionLocal" > Drag "JamfDistributionLocal" to the left pane in Casper Admin (casper suite).
Corporate IT > Casper Imaging Configuration Guide > image2017-1-26_10-44-18.png Corporate IT > Casper Imaging Configuration Guide > image2017-1-26_10-45-7.png
Click "JamfDistributionLocal" and click "Sync". If the sync fails, refer to the steps below.
Once the sync completes, in "Casper Admin" click "New Conf" (upper left corner) > fill out the details > hit create
Troubleshooting Base Image Creation Process
OS Composer Capture is Failing (flashing folder on target mac)
If the OS package created in Composer is not imaging properly over to a new mac, try installing Casper Suite on a fresh Mac and start over.
Local Distribution Point Sync is failing
In order to successfully sync to your local distribution point, the following must match.
Casper Admin (casper suite) > "All Items" must match "Packages", found here, JSS > System Settings > Packages
Go to Casper Admin (casper suite) > navigate to "All Items" > check to see if any items are high lighted in red (this indicates a mismatch). Corporate IT > Casper Imaging Configuration Guide > image2017-1-26_10-2-6.png
If an item is in red, track down that file and drag it to "All Items" or simply delete the item in red (I don't recommend this unless your confident that the file is unnecessary).

12 REPLIES 12

donmontalvo
Esteemed Contributor III

Don't mean to be snarky...but what's driving this, over Thin Provisioning? :)

--
https://donmontalvo.com

franton
Valued Contributor III

Worse than that, imaging is going bye bye probably with 10.13 or whenever they introduce APFS as the default filesystem to macOS.

Don't just take my word on it. Try Rich Trouton's

kirahman2
New Contributor II

I haven't actually had a chance to look into Thin Provisioning ... hope I didn't just waste all that time learning this.

blackholemac
Valued Contributor III

I hope not...I still deal with some student labs on desktop Macs. Thin imaging is ok the first time but we refresh those labs from time to time. While we use a 100% modular imaging workflow (unlike the workflow above). I need some way to provision these workstations with an initial set of apps (both App Store and non-app store) and run "first-run" scripts the first time the OS boots. Thin imaging, policies and self-service does the trick the first time but at a bare minimum, I need to be able to get a clean OS on the computer and get it enrolled to Casper automatically. I'm guessing DEP will help with the second part but not so much the first...I have ideas using NetBoot and SIU how I might be able to handle the first part. I just hope Apple doesn't pull SIU without some way for me to restore the OS to a clean state (without running SneakerNet to all the machines that need reimaging).

stevewood
Honored Contributor II
Honored Contributor II

As @franton mentioned via his link to Rich's site, pretty soon we will no longer be able to remove the OS (image a machine). I am fairly certain there will be a way to "snapshot" a machine back to factory OS, and I'm hopeful that we will be able to do that via scripts/Casper/etc.

In the meantime, you can get a clean OS on a computer via NetBoot combined with PreStage Imaging for machines not in the JSS, or AutoRun Data for machines already in the JSS. From there you can thin image through Enrollment Complete policies or via a first boot script.

@blackholemac for lab computers, you can assign a configuration via Autorun Data and then use a policy to reboot the machine off of a NetBoot server. As long as your NBI is set to launch Casper Imaging at launch, CI will check with the JSS for Autorun data and if found will image the machine. Of course, you can either put a full configuration in and have CI do the OS and all of the apps, or you can just have CI erase the hard drive and blast an OS onto the machine. On reboot the machine gets enrolled in the JSS and then your policies to install apps/settings/config profiles will get run. Or, again, drop a first boot script into the CI process and the same happens. We worked on this in CCA training back in the 7.x days of Casper and it works great. I used to use this for re-imaging an imaging workstation each night.

blackholemac
Valued Contributor III

We do that successfully now with Casper imaging on an AutoCasperNBI NetInstall. I should have clarified that in my post...Casper imaging config, autorun/prestaging the whole 9 yards.

in my rare "experiment time" to prepare for moving away from imaging altogether I have started developing a workflow that almost works without firing up Casper Imaging based on DEP, policies and custom triggers.

What i can't get around at the moment is either using autodmg to restore the clean vanilla OS (using Casper Imaging to restore it) or a NetInstall boot to the macOS installer to get that OS on cleanly. I hope that APFS will offer some easy way to get to a clean out of box config through snapshots and give admins a way to remote control that.

kirahman2
New Contributor II

So whats the best way to reimage a mac these days? If there is a better way, are there good instructions anywhere?

Thank you

blackholemac
Valued Contributor III

@kirahman2 While I still don't have putting a clean OS on without physically being in front of the Mac down pat, everything else follows either the "thin imaging" concept or DEP enrollment methods. To illustrate, basically you take a MacBook with its OS out of the box. If you have it enrolled in DEP, it enrolls to the JSS during the setup assistant...if not you enroll the Mac with an enrollment package. At that point properly scoped and triggered polices takeover installing non VPP apps/settings and VPP managed distribution lays on VPP stuff.

That is the 40,000 foot overview of how I see this working. I've got most of the way to that goal. I just need to fine-tune scoping/triggering and figure out a magic way to get a clean OS reinstalled.

kirahman2
New Contributor II

@blackholemac Thanks for that response, that was insightful. I'll take a look at DEP enrollment. Using TMI seems pretty manual in a way. Not as straight forward as I was expecting.

donmontalvo
Esteemed Contributor III

@blackholemac @stevewood

0925a19787984f0c9cdf023375eef5e8

--
https://donmontalvo.com

jh_lee
New Contributor

Don't understand all the fuzz.. It doesn't look like imaging will be dead at all. There's already solutions for it. Sure, there are changes. Cloning API, Snapshot API.. But it works, as of now at least. It would not be smart of Apple to give up the possibility and technology behind this. They should keep the technology and let it evolve.

Noone knows exactly what the future holds in terms of management, security, hybrid cloud computing etc. Sure, it's blossoming right now but there's waaaay to much uncertainties. It wouldn't be the first time limits in eg network technologies or decentralization ultimately fails.
Yes, big changes in how devices are managed are taking place everywhere. But not covering all aspects of the game could be a potential showstopper eventually giving competitors a big headstart if the tides are turning.

And having seen so many bad cases of MDM management failures and security issues I personally really hope it evolves into something better.

angelofilho33
New Contributor II

Is this the best way to create an image?