How are you Re-Deploying & Provisioning your T2 Macs?

Hugonaut
Valued Contributor II

Hello,

My DEP Provisioning workflow is predicated upon an OEM Apple Image as if it were right out of the box.

Currently we internet recovery the T2 Mac back to an OEM Apple Image, at first boot DEP hits and it's back enrolled to our system, first script runs and removes the policy history of that machine & then it is Re-Provisioned.

How are you "Re-Imaging" the machine back to an OEM Apple Image as if it were out of the box? What do you do besides Internet Recovery? I know it can be expedited (I hope & at least faster than internet recovery)

Thanks!

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month
1 ACCEPTED SOLUTION

sshort
Valued Contributor

If the Mac is still responsive (and you have admin access to an account) I've found the simplest method is to use a self-service policy that places the macOS installer in a directory of your choice, and then run

/path/to/macOS Installer/Contents/Resources/startosinstall --agreetolicense --eraseinstall --newvolumename "Macintosh HD"

You can even add a --installpackage flag if you need some base config pkg before DEP picks up and you re-enroll. Here's a good example.

View solution in original post

4 REPLIES 4

ega
Contributor III

@Hugonaut We have nearly the same workflow but I would love to know how your first run script "removes the policy history of that machine" ??

Hugonaut
Valued Contributor II

@ega I use depnotify to pull all the "heavy" stuff down, all of our enrollment policies are set to ongoing for t2 dep machines, with the first being the policy wipe which is

jamf flushPolicyHistory

then, everything else for enrollment trigger is pulled, then once we login (all the logins are set to once per user, per computer) the login triggers start & depnotify kicks off, and brings everything else down.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

sshort
Valued Contributor

If the Mac is still responsive (and you have admin access to an account) I've found the simplest method is to use a self-service policy that places the macOS installer in a directory of your choice, and then run

/path/to/macOS Installer/Contents/Resources/startosinstall --agreetolicense --eraseinstall --newvolumename "Macintosh HD"

You can even add a --installpackage flag if you need some base config pkg before DEP picks up and you re-enroll. Here's a good example.

Hugonaut
Valued Contributor II

thank you @sshort

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month