Jamf Nation Community

First: This is not Apple approved. I know that, you know that, do it at your own risk. I do, this works fine.
UPDATE: I have added my imager for download to the bottom of this post with instructions

This is not a discussion about why or opinions :). Some of us have this need, this is a solution!

Thought I would share as I have seen a number of folks looking for these answers. Some of you are just looking for a certain piece of this, and thats great. Some of you are looking for a way to make an imager and that is here too. If you want to take the whole thing and make a fully automated USB Imager than that is also here :). If you don't like imaging, don't want to use this, or don't like it. That is okay! We each have our own thoughts and way of doing things, this isn't for you :).

If you are interested, dabble in this, or have other thoughts/ways to make it better PLEASE post and share below!

APFS / High Sierra Imaging: (Steps 1 and 3 are assuming your machines have never been on 10.13 and are missing the new firmware. If they are already upgraded you can skip Step 1 and 3)

STEP 1: Make a Firmware update Package for/from the device you want to deploy:

From the type of device you want to deploy to, have full High Sierra install App in application folder and run: (doesn't have to be from a 10.13 machine)

#!/bin/sh
# Based on investigations and work by Pepijn Bruienne
# Expects a single /Applications/Install macOS High Sierra*.app on disk

IDENTIFIER="com.foo.FirmwareUpdateStandalone"
VERSION=1.0

# find the Install macOS High Sierra.app and mount the embedded InstallESD disk image
echo "Mounting High Sierra ESD disk image..."
/usr/bin/hdiutil mount /Applications/Install macOS High Sierra*.app/Contents/SharedSupport/InstallESD.dmg

# expand the FirmwareUpdate.pkg so we can copy resources from it
echo "Expanding FirmwareUpdate.pkg"
/usr/sbin/pkgutil --expand /Volumes/InstallESD/Packages/FirmwareUpdate.pkg /tmp/FirmwareUpdate

# we don't need the disk image any more
echo "Ejecting disk image..."
/usr/bin/hdiutil eject /Volumes/InstallESD

# make a place to stage our pkg resources
/bin/mkdir -p /tmp/FirmwareUpdateStandalone/scripts

# copy the needed resources
echo "Copying package resources..."
/bin/cp /tmp/FirmwareUpdate/Scripts/postinstall_actions/update /tmp/FirmwareUpdateStandalone/scripts/postinstall
# add an exit 0 at the end of the script
echo "" >> /tmp/FirmwareUpdateStandalone/scripts/postinstall
echo "" >> /tmp/FirmwareUpdateStandalone/scripts/postinstall
echo "exit 0" >> /tmp/FirmwareUpdateStandalone/scripts/postinstall
/bin/cp -R /tmp/FirmwareUpdate/Scripts/Tools /tmp/FirmwareUpdateStandalone/scripts/

# build the package
echo "Building standalone package..."
/usr/bin/pkgbuild --nopayload --scripts /tmp/FirmwareUpdateStandalone/scripts --identifier "$IDENTIFIER" --version "$VERSION" /tmp/FirmwareUpdateStandalone/FirmwareUpdateStandalone.pkg

# clean up
/bin/rm -r /tmp/FirmwareUpdate
/bin/rm -r /tmp/FirmwareUpdateStandalone/scripts

Firmware package will be located at:

/tmp/FirmwareUpdateStandalone/FirmwareUpdateStandalone.pkg

AGAIN THAT IS DEVICE SPECIFIC
(supposedly, I haven't tested it and don't plan to for obvious reasons)

Step 2: Making an AFPS Image:
Have a good 10.13 master machine. in Disk utility resize partition to smallest size if you want to have an image that isn't the entire size of the hard drive (It will expand on restore)

Apple has made this no longer work. Instead use terminal to resize the Container.
diskutil apfs resize Container disk2s2 30g
(change disk2s2 to the partition of the container you want to shrink and 30g to whatever size you can shrink to)

Target disk Master to another machine or use USB drive.

In Disk Utility (must be High Sierra UPDATE: Must be 10.13.3 or Lower. Apple botched something in 10.13.4+ for capturing a container image) - View - Show all devices

Unmount APFS Volume under Container of drive you want to make image

File - New image - from Container (DO NOT COMPRESS)

Don't forget to scan image for restore

Other Random Details:

You Will not see any volumes when Alt-Booting etc.. until Firmware is updated, APFS volumes will not show at all.

After running Firmware package, firmware updates on next boot (Typical apple loading slider), then reboots into startup disk

You can update firmware on a 10.12 machine and 10.12 will still boot fine.

STEP 3: Making an Imager USB without APFS: (super important if you want to boot to your "imager" on a machine that does not yet have the firmware!)

Need a machine with SIP Disabled
(boot to recovery / MacOS install USB and in terminal: "csrutil disable" , then reboot)

Boot to good OS of SIP Disabled machine (doesn't have to be 10.13) and download High Sierra installer App / copy from USB to Applications folder.

From terminal Run:

/Applications/Install macOS High Sierra.app/Contents/Resources/startosinstall --converttoapfs NO --volume /Volumes/DestinationDriveName

STEP 4: IMAGING!

Either make sure you run the Firmware package on the machine before you image it (you can install at in 10.12 before you image it), or use a USB drive to boot to a good OS (again doesn't have to be 10.13) and run the firmware package you made originally .

First Manually:

From Disk Utility on 10.13 machine/usb - erase drive to APFS
Unmount Volume Under Container
Click on Container and choose restore and Choose image made originally

SCRIPT:
Here is the script I use from a USB Drive. Fully automated. Drive does not have to be prepped in any way script will erase the entire drive and make it APFS with correct containers from Image and upgrade the firmware, as well as set startup disk. It also copies a FirstBoot script to enroll using QuickAdd. (Uses Applescript to set startup disk VIA System Preferences. No longer able to set startup disk via Bless or systemsetup due to SIP)

If you want it to be truly automated, you need to run the script as the root user. Otherwise there is user interaction. (To Enable Root: Directory Utility - unlock button - Edit in menu - Enable Root). With High Sierra you can no longer set Root as auto login in OSX. If, like me, you want the USB fully automated you can set root as auto login with the following:

sudo defaults write /Library/Preferences/com.apple.loginwindow autoLoginUser root  
sudo defaults write /Library/Preferences/com.apple.loginwindow autoLoginUserUID 0 

Script assumes that A.) you have the image you want to use in /Configurations B.) The Firmware is in /Packages C.) In order for startup disk via Applescript to work you must put Terminal in Security - Privacy - Accessibility on your "imager", and you must be Root user (otherwise you would have to unlock the preference pane) - OPTIONAL D.) If you want to have it enroll on firstboot you must put quickadd.pkg in /Data

#!/bin/bash
sleep 2
#   Restore AFPS Image to internal container from /Configurations
asr restore -s /Configurations/*.dmg -t /dev/disk0s2 -erase -noverify -noprompt

#   Install Firmware package from /Packages IF needed
current_efi_version=$(/usr/libexec/efiupdater | grep "Raw" | cut -d ':' -f2 | sed 's/ //') 
echo "current_efi_version $current_efi_version"
latest_efi_version=$(ls -La /usr/libexec/firmwarecheckers/eficheck/EFIAllowListShipping.bundle/allowlists/ | grep "$current_efi_version")
echo "latest_efi_version $latest_efi_version"
if [ "$latest_efi_version" == "" ]; then
echo "EFI Outdated"
installer -pkg /Packages/*.pkg -target / -allowUntrusted
else echo "EFI Current"
fi

#mount Volume - MUST CHANGE VOLUME NAME TO NAME OF YOUR IMAGE
Diskutil mount "VOLUMENAME"
Sleep 2

#Copy Firstboot Files so that machine Automatically Enrolls on First Boot - MUST CHANGE VOLUME NAME TO VOLUME NAME OF YOUR IMAGE
cp /Volumes/Imager18/Data/com.imager.firstboot.plist /Volumes/VOLUMENAME/Library/LaunchDaemons/
mkdir /Volumes/VOLUMENAME/usr/local/data
cp /Volumes/Imager18/Data/firstboot.sh /Volumes/VOLUMENAME/usr/local/data/
cp /Volumes/Imager18/Data/quickadd.pkg /Volumes/VOLUMENAME/usr/local/data/
chmod 644 /Volumes/VOLUMENAME/Library/LaunchDaemons/com.imager.firstboot.plist
chmod 777 /Volumes/VOLUMENAME/usr/local/data/firstboot.sh
chmod +x /Volumes/VOLUMENAME/usr/local/data/firstboot.sh

#Set Startup disk using AppleScript
#Requires Terminal in Security - Privacy - Accessibility
#DO NOT TOUCH MACHINE WHILE THIS IS HAPPENING

osascript -e 'tell app "System Preferences" to Activate'
Sleep 2
osascript -e 'tell app "System Preferences" to set current pane to pane id "com.apple.preference.startupdisk"'
Sleep 3
osascript -e 'tell app "System Events" to tell process "System Preferences" to click radio button 2 of radio group 1 of scroll area 1 of group 1 of splitter group 1 of window 1'
osascript -e 'tell application "System Events" to tell process "System Preferences" to click button 1 of window "Startup Disk"'
Sleep 1
osascript -e 'tell app "System Events" to tell process "System Preferences" to set frontmost to true'
Sleep 2
osascript -e 'tell app "System Events" to keystroke return'
exit 0

Fully Automated Checklist:
1.) USB Drive with HFS+ High Sierra Installed (NOT APFS)
2.) Root Enabled
3.) Root set to Autologin
4.) Script set to run on Login (Easiest way is just drag it in to login items)
5.) APFS Image in /Configurations
6.) Firmware Package in /Packages
7.) Optional: quickadd.pkg in /Data

Congratulations you have a USB that you will boot to and 4-5 minutes later when it is done you will have a freshly imaged machine on 10.13 with the correct Firmware and APFS!

MY IMAGER: https://tinyurl.com/APFSimager
LINK FIXED

To use: Download DMG and restore to USB Thumb drive.
Place Firmware package in /Packages
Place quickadd.pkg in /Data
Place APFS Container image in /Configurations

If you do not want to use Quickadd portion of imager simply delete the /Data folder.