Jamf Nation Community

Interesting approach. However, folks may be in locations where they do not have a fat connection to facilitate the image coming down over the wire. Ideally, I'd like a snapshot of the image on the USB drive that can just be re-installed totally offline.

I think I'm going to opt for a "limp mode" whereby it's a minimal installation of software but it's enough where they can remote back into the office. We have lots of folks who have VDIs and such to get their work done so just setting up the client piece so that they can connect to something else should suffice.

Perhaps I should compile a very thin configuration and then distribute the USB key that will have:
a) bootable OS
b) script to restore the internal hard drive with the compiled image
c) instructions to call the help desk for login information for that newly applied image.

That should be enough for them to log in remotely and limp along.

I think that would work Jared and I've thought about that some. Of course the problem is that people are going to keep the USB drive in their bag with the laptop that is now stolen... So you net zero. They'll likely never use that USB drive because of its special setup, so they won't keep it on a keychain or somewhere else that they'd have if the laptop bag disappears at airport security or from the back seat of a car. I ended up back at a "support what you can" approach with a Restore partition for when the OS blows up, or that you'd overnight a USB drive if necessary to do what you're talking about.

One thing we're going to be looking at is having a laptop reboot from imaging and getting the user automatically made and to kick off a CrashPlan restore to bring everything back also.

Hey Jared,

I would look at thin imaging solutions. Do you really want your users actually imaging their new Macs (possibly newer untested hardware) over a USB device? I would say a quickadd.PKG to get the JAMF binary on it, then via the postflight script manual trigger policies to download packages over HTTP, bind the client, etc. With HTTP it is resume-able and you can cache, then set an ongoing start up policy to install from cache and make available off line. That way the user can trigger the policy, shut their lid, move about the country, it will still download to cache and then once it is done downloading it will install at that next reboot.

That way you never have to worry about incompatible images, new hardware releases, the end user having to image, and the end user only needs to install a PKG file, and everything else is done for them.

If drive to drive imaging is what you want, 8.5 has some nice, new features for target disk mode imaging. Nick Amundsen did a demo of it last week at JAMF's Everything Managed event. Over thunderbolt and SSD it images pretty darn fast. That would be the slick drive to drive option, in my humble opinion of course. I think the demo video may be on our main site. Nick basically fully imaged a Mac laptop over thunderbolt in under 3 minutes. I do not recall all the specific details of the image, like how big it was, and so forth.

Thanks,
Tom

Yeah that was crazy fast!

keeping it modular (or "thin") is your best bet here. doing so, you can quickly bring an off the shelf machine into compliance without much trouble. your goal in that scenario is probably best limited to giving them just enough to keep going, then handle any further config when they're back in the office.

Yeah that's the model we're going for. Get them into "limp mode" for the time being and then re-image them fully when they're back.