Help...I FUBAR'd...

New Contributor III

This is what I get for not paying attention to the memos.

Long story short, our users are getting...vocally adamant about upgrading to High Sierra. Couple that with the new hardware coming in, we're kind of on the verge of a log jam.

That being said, I've updated to JAMF Pro 10.1.1. For the most part that's been pretty painless. My concern is with managing High Sierra upgrades and new hardware pre-loaded with High Sierra. I know Apple is trying to push everyone to DEP, MDM, and VPP, which is all fine and dandy but we're not there yet. I'd appreciate any input. I need to figure out what I don't know.

Thanks in advance.


Valued Contributor

First: start planning for DEP and MDM, you're going to need it sooner than later.

Second: you have asked a tough question without detailing what your current JAMF workflows are for deployments and upgrades.

That being said you can most likely continue to use your current workflows with High Sierra. NetBoot still works on everything except the iMac Pro, and High Sierra fully supports JHFS+ volumes, so you can continue to use Casper Imaging. However, High Sierra may be the end of the line for both technologies. High Sierra upgrades are easier (in my opinion) as Apple has improved the reliability of their command install tool that's built into the Install High Sierra app.

If you do some searching on the JAMF Nation forums over the last few months there's much more information, and probably more answers for the questions you have specific to your environment.

New Contributor II

I haven't been able to get Casper imaging to work via Netboot since sometime around 10.12.5 I think - it died and when I asked JAMF about it they advised that they were aware that it wasn't working real well anymore and that the only way forward was to just embrace DEP - which actually suited me OK.
In spite of this, I still managed to almost brick 3-or-so Macbooks, investigating to work out whether I could get imaging to work because it'd be nice to not have to change our process over-night... They all had to go back to the Apple store for reimaging because I couldn't even get the Internet imaging to work - why they're different and why Netboot worked for Apple, I don't know... I caved at that point.

Anyways - the reason for typing all of that out, was just to show my foundation for saying that - assuming that you have a corporate account, through which you're doing your purchases currently, the DEP switch is nowhere near as scary as it feels, looking at it in a panic frenzy. The whole thing went impressively seamlessly for us at least. We started slowly, setting up the pre-stage enrolment configs then enrolling Macs to DEP as they came in for re-builds anyway, once we started feeling confident, I ran the report in JAMF, to get the serials, exported it to CSV and imported the lot into DEP - apart from a couple of basic hiccups, it has actually had the build process humming along ever since.

As for the High Sierra upgrades, I'm doing battle with that one myself right now - install script from here is causing me some trouble but we'll get there I'm sure.

Good luck!

New Contributor III

Hi Guys,

Use this for imaging High Sierra

Run don't walk to DEP. Our environment is not suited for DEP either but we are shoehorning it in as its going to be the only way especially with iMac Pro's and new hardware with T2 chips.

New Contributor III

I appreciate the input from each of you.
So after doing some thinking and soundboarding off some fellow geeks, I think I know where I want to be, I'm just trying to put together the proper path.
Our current setup is a single JAMF server and single SUS. Up until High Sierra, it was simply a case of building images and software packages that our hardware teams imaged to new stuff as it came in. Nothing fancy. We use Self Service primarily for Adobe and a few other packages. 2 years back we began to allow users to upgrade in place rather than have their machines erased and reimaged. That cut the workload down substantially for both our Help Desk and Hardware teams.
So now with the onset of High Sierra we're trying to figure out the best path to take with our users.
Most of them will simply upgrade in place. As for new hardware and users who require "reimaging", if I understand everything I've read in the last 24 hours, the "simplest" path looks to be an internet restore (Command-Option-R), Recon, and then JAMF policy controlled and initiated software installs. I think that's what's "intimidating".
Does that make sense?