Jamf Nation Community

I've just upgraded to 9.2.

I just dropped the "Install OS X Mavericks" package (which was actually named "Install OS X Mavericks.InstallESD.dmg" within Casper Admin and uploaded it.

I then created a simple Self-Service policy to distribute it. We're actively testing it now and I'll report back with success or failures.

This of course is just for an upgrade, not for imaging an existing system, or enrolling them.

Thank you.
At the moment we are still on 8.x as we plan anyway to move to a different setup.

Thanks.

@pickerin: where did you get that file from? mine contains install.esd only... or did you drop the whole installer into C.Admin?

I dropped the whole installer. The exact file that is downloaded from the App Store.

The removal of the sub 500 users (the jamf admin account specifically) is a big problem for us. Any idea how to get around that? I've also go the Mavericks.InstallESD.dmg in Casper admin on v9.2. I haven't tested it yet, but i'm guessing it will delete the jamf account.

Here is a previous post which I made regarding the sub-500 users during a mountain lion upgrade. This should help you:

The way I handle this is as follows:

1. Create a static group of machines to upgrade.
2. Cache the 10.8 installer package with a pop-up directing users to Self Service when the package is successfully cached targeted to the static upgrade group.
3. Have a Self Service initiated policy that elevates the UID of our two hidden admin accounts to above 500, and kicks off the 10.8 install, which the users walk through to complete.
4. Once the machine recons in as being upgraded to 10.8, a script runs to correct the elevated UIDs for our hidden admin accounts. This is based on a smart group with the following criteria: OS is 10.8, Packages Installed by Casper has "Install OS X Mountain Lion.dmg".
5. I have an additional policy which will routinely bug users who have no initiated the upgrade via a pop-up. This is based on a Smart Group with the following criteria: OS is not 10.8, Packages Installed by Casper has "Install OS X Mountain Lion.dmg".

This works like a charm for me.

UID elevation/10.8 install kickoff script:

#!/bin/sh

### Change BPS Admin accounts UID ###
dscl . -change /Users/admin UniqueID 499 504
dscl . -change /Users/helpdeskard UniqueID 498 505

### Install Mtn Lion ###
/Users/Shared/Install OS X Mountain Lion.app/Contents/MacOS/Install OS X Mountain Lion&

UID fix script:

#!/bin/sh

### Change BPS Admin accounts UID ###
dscl . -change /Users/admin UniqueID 504 499
dscl . -change /Users/helpdeskard UniqueID 505 498

Wait... does installing 10.9 at all remove the sub 500 users or just when being pushed through Casper?

The standard install process will stomp all over sub-500 users if you do not script around it. I elevate the sub-500 users to over 500 before the upgrade, and reset their UIDs via script after the upgrade. This is what the scripts which I posted above do.

I had a few users upgrade themselves to Mavericks overnight. When I checked by SSH'ing into their boxes, I was pleasantly surprised to see that my hidden Casper admin account survived the upgrade process.

That would be GREAT news! I'll have to test it!

@rtrouton, thanks for posting that. There seem to be conflicting reports on this issue, but lately I'm hearing that the accounts are surviving, which is great if that's the case.

We'll be testing that process soon so we'll have our own confirmation, but good to hear so far that they aren't being blown away.

@dgreening : is there a simple way to wildcard the UID grab?

I have a feeling ours are pretty random, and it would be a pita to find each one and list them out.

I can confirm that my sub-500 admin account was maintained on my personal system upgraded to Mavericks.
I'll confirm after our first Self Service upgrade if it's true there as well (but I suspect it will be).

Appears Mavericks does NOT remove sub-500 accounts.

Hmmm well, I create our admin accounts via packages in our packaged imaging workflow, so they are always the same for me. I'll see what I can figure out regarding wildcarding it. Are your accounts always named the same?

@jwojda, look at ,my post on this thread for an example script I posted that pulls the existing management account UID and then dynamically assigns a new UID above 501 that isn't already in use.

https://jamfnation.jamfsoftware.com/discussion.html?id=8741

You would just need to reassign either the old UID back to the account afterwards, or just use another dynamically assigned UID.
Or, you can try out the upgrade and see it it doesn't blow away the hidden account the way people are saying. If its true then this is all moot anyway. Personally that's what I'm hoping for.

Lots of confirmations:

1) On Casper Admin 9.2 (and corresponding JSS) you can just drop the "Install Mac OS X Mavericks" installer into Casper Admin and upload the whole thing (this is the same executable you download from the Mac App Store, no going into the Contents or anything like that). You can then create a Policy in Self Service to deploy that Package. It works flawlessly for an upgrade of an existing client.
2) The Upgrade DOES NOT remove sub-500 accounts. My hidden admin account is still there, still works, and I'm currently logged into my client's Maverick's system running recon using it.

No need to use prior scripts to pull sub-500 accounts and reassign, they just stay put.

Good news for everyone!

@pickerin, thanks for the confirmation. Indeed this is good news for everyone!

@pickerin That's great! Thanks for testing. So, once the upgrade completes, does it still walk the user thru setup or does it skip setup all together?

Thanks for the confirmation guys! This is fantastic! Glad the Apple Engineers responded to the piles of feedback we have submitted on this issue!

Upgrade via Self Service worked like a charm for us. The only change I had to make was to set the policy to restart automatically rather than if a package required. All sub-500 accounts were preserved.

It appears to skip setup all together. My user was only prompted to setup iCloud Keychain.

@dgreening: i just ran it on a test box, took about an hour. Preserved accounts, however it did prompt for iCloud setup.

Anybody know of a quick and dirty way to block that?

See if Rich's method still works-
http://derflounder.wordpress.com/2011/10/16/disabling-the-icloud-sign-in-pop-up-message/

You can also see this other post:
https://jamfnation.jamfsoftware.com/discussion.html?id=7413

You'll want to get the SetupAssistant that you're modifying off of a Mavericks system, I believe there are new keys.

My method needs updating, as it doesn't take care of all the iCloud screens anymore. Still looking at it, hopefully a solution presents itself.

Did anyone sit in on the session John Miller and Nick Amundsen did on migration OS's in your sleep? Drop the downloaded installer app into casper admin, create a target smart group for those machines to upgrade, cache the policy and have a trigger policy to run the upgrade against those machines who have cached the installer app. This is a feature of 9.2 they mentioned and will work w/ 8.73 for 10.8 or 10.9 as well, just a few things are handled a bit differently.

@mahughe. I was in that.

I've been trying with 8.73 but whilst I can get the installer to launch it's acting oddly when launched via Casper.

I think tins as it's launching as root as works otherwise.

Will be investigating later & will report back.

@mahughe

No I was not in the session, so I don't have the benefit of that learning.
The sessions are also not online that I can find (yet or otherwise), so perhaps you'd be so kind to provide detailed instructions for the folks that did not attend.

That said, I was able to do it via Self Service as I've documented earlier, I would like to do it unattended as you seem to imply it can be done.

Using the same method as pickerin

I've just upgraded to 9.2.

I just dropped the "Install OS X Mavericks" package (which was actually named "Install OS X Mavericks.InstallESD.dmg" within Casper Admin and uploaded it.

I then created a simple Self-Service policy to distribute it. We're actively testing it now and I'll report back with success or failures.

This of course is just for an upgrade, not for imaging an existing system, or enrolling them.

Worked perfectly. Great feature on 9.2

We do not use sub 500 accounts so that is not a concern here.

I've been running the self service for about 20 minutes so far and i'm not getting much feedback from the install. It just says Running Policy "Upgrade OS X to Mavericks" in the progress area with the "barber pole" style progress bar. I'm still able to use the Mac. Would have thought it would have logged out. I'll give it some more time and see what happens.

Edit: I walked away for a bit and when i came back it had restarted and began running the actual install. Took about 40 minutes from there. When it finished, i logged in with my standard user and it did prompt me with the iCloud screen. After skipping that, it completed the setup automatically and logged in. Very cool! I would have liked to have seen what it did before it restarted the first time. I have it set to restart immediately, so i'm guessing there was no warning. So, i'll probably play around with the notifications and warn people be ready for restart.

Edit 2: I checked the log and saw that it had downloaded the the installer package instead of installing from cache. Checked the policy and sure enough, it was set to "Install" instead of "Install from Cache". Oops.

I have tried to use https://jamfnation.jamfsoftware.com/article.html?id=173 as a guideline as we are still not on 9.2 or 8.73.

The Mavericks Installer popped up and sadly it asked for the admin password to run. Even if run from Self Service as a Command (and not as suggested as a Script).

Anything that I can change to make the progress better?

Using the same method of pickerin

Running Casper 9.2, Self Service is 9.2

"I just dropped the "Install OS X Mavericks" package (which was actually named "Install OS X Mavericks.InstallESD.dmg" within Casper Admin and uploaded it."

Ditto

I then created a simple Self-Service policy to distribute it. "Ditto"

Errors:

[STEP 1 of 2]
Mounting rodgort to /Volumes/CasperShare...
[STEP 2 of 2]
Installing Install OS X Mavericks.InstallESD.dmg...
Error: The package "Install OS X Mavericks.InstallESD.dmg" could not be mounted (no mountable file systems).
"i saw the Casper Folder mount on Desktop of test Mac.
Retrying using distribution point VLAN 75 Netboot...
Mounting VLAN 75 Netboot to /Volumes/CasperShare 1...
Installing Install OS X Mavericks.InstallESD.dmg...
Error: The package "Install OS X Mavericks.InstallESD.dmg" could not be mounted (no mountable file systems).

@corbin3ci

I do distribute via HTTP/S, not AFP. Not sure that makes a difference. Did you try caching the installer instead of running it directly over AFP? I'm not sure you can mount the installer from the distribution point and have it be successful.

Also, you can try mounting your distribution point directly, then copy the installer down, and see if you can run it correctly. Perhaps it got corrupted?

We cache the package via AFP and only when connected to ethernet.

The last attempt, I cached the Mavericks installer manually to the test Mac via Remote. The log shows it was successful -

Sending Wake On LAN command...
Opening SSH Connection to 10.14.70.171...
Authenticating...
Successfully authenticated.
Verifying Computer's Identity...
The MAC Address has been verified.
Checking Operating System Version...
Running Mac OS X 10.8.4 (12E55)
Verifying /usr/sbin/jamf...
/usr/sbin/jamf is current (9.2)
Verifying /Library/Preferences/com.jamfsoftware.jamf.plist...
Preparing Policy...
Executing Policy 2013-10-24 at 1:31 PM | charris | 2 Computers...
Mounting rodgort to /Volumes/CasperShare...
Caching package...
Submitting log to https://rodgort.bct.3cinteractive.com:8443/
Finished.

I then created a new policy for Self Service with the installer package set to "install cached".

This is the resulting error -
Executing Policy OS X 10.9 "Mavericks" Self Service...
[STEP 1 of 1]
Error: The package (Install OS X Mavericks.InstallESD.dmg) could not be found.
Blessing in-place OS upgrade directory...
Creating Reboot Script…

So, after the installer caches, and the Self Service policy should start the Mavericks install from the cached installer or am I missing something?

Thanks! Corbin

Re: iCloud prompt. I still don't know the exact location/key to disable this so on the reference machine I installed 10.9 on I logged in as a standard user and when prompted for iCloud account I selected to skip. Once logged in I restarted, logged in as Root and grabbed the Preferences directory for the user I had skipped iCloud for and used replaced the Preferences that were currently in my User Template. Now when I image another machine using that build no user gets the prompt.

just saw this come across twitter from Jamf

http://www.jamfsoftware.com/sites/default/files/Deploying-OS-X-v10.7-or-Later-with-the-Casper-Suite.pdf

So I've been playing with the Setup Assistant settings, and I think I have the right defaults settings now to have it not show the iCloud Setup screen at login after the upgrade. In testing, these 4 items written to the com.apple.SetupAssistant.plist file in the User Template's Preferences folder seems to do the trick

defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.SetupAssistant.plist DidSeeCloudSetup -bool true
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.SetupAssistant.plist LastSeenCloudProductVersion 10.9
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.SetupAssistant.plist LastPreLoginTasksPerformedVersion 10.9
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.SetupAssistant.plist LastPreLoginTasksPerformedBuild 13A603

Its possible the last 2 aren't really necessary. I might need to do some more testing to see. But I do know that writing those 4 items in to the plist turns off the iCloud Setup screen upon logging in to a new or existing account.

Note of course I'm only doing this to English.lproj. I suppose you could script looping through all localization directories and writing the settings into each one if that matters to you.

It would be great to get some additional verification if someone else wants to try these out.