Is anyone deploying High Sierra using DeployStudio

rdagel
New Contributor II

I ran across this article that says you can create a package that will do all the firmware updates. http://www.amsys.co.uk/2017/09/deploying-firmware-updates-imaging/

I am wondering if this works. If so, could I then create a "master high Sierra image" with DeployStudio and set this package to run on reboot.

Anyone tried this??

Looking for a solution for installing High Sierra a we are not allowed to use Apple Push on our network so imaging with Casper Imaging is not possible.

22 REPLIES 22

JPDyson
Valued Contributor

I did the firmwareupdatepackage as a part of the imaging workflow, and it seemed to work well. However, we elected to go with "poor man's DEP" (fresh build/rebuild, enroll, trigger the "build" via policies).

Chuey
Contributor III

We use DeployStudio and are pushing out High Sierra HFS Images. We used AutoDMG to create the DMG, uploaded to DeployStudio and worked just like any other HFS image I've done in the past. Are the firmware updates relevant to APFS only?

reddrop
New Contributor III

Check out this:
https://www.jamf.com/jamf-nation/discussions/25991/deploying-high-sierra-10-13-with-casper-imaging

I imagine it could be adapted to deploy studio. I assume DS can pass arguments to scripts

warrenmcall
New Contributor III

@reddrop - How long does it take for High Sierra to be installed using Casper Imaging? Right now my Erase and Install of 10.12.6 takes a MAX of 5 minutes. Usually under 2 minutes (after loading up DeployStudio). I would say that from when I select the netboot it USUALLY takes about 5 minutes until I hear the dreaded "To use English as your main language..." blasting in my ears.

The company I work for is about to finalize the upgrade to 10.13. I'm looking for an extremely quick way to re-format a SSD and install 10.13. Do any of you know the quickest way to do this?

csa
New Contributor III

@warrenmc Did you develop a process for deploying High Sierra for your company? We are in a similar position now and have worked out our app compatibility issues. Since deploy studio isnt an option and Casper Imaging requires a USB and for us takes about 20 minutes to image the Mac. Wondering if anyone has better options. Thanks in advance....

mdent
New Contributor II

I have a similar question and fears. Here is my situation: We have a number of labs (Higher Ed institution) with roughly anywhere from 30 to 60 macs each. This is how we did things till last year:
1. Create "master" image on one of the lab macs
2. Create a .dmg using Disk Utility
3. We have an older MacBook Pro (running El Capitan) connected to a dedicated network appliance (windows laptop and a switch)
4. We physically connect all the macs to be imaged to the switch.
5. We image all the macs, usually through multicast, using StudioDeploy

With the changes coming with HSierra and APFS and after doing a lot of reading, I figured this would no longer work. This year we are renewing most of our macs and of course they ship with HSierra. They can't even see my imaging server. I've figured I needed a new laptop with HSierra installed as the old one will not take it. That's one problem solved. But after reading this thread I'm scared this is not going to work for me this year the way we have it set up? IS IT? We will be going to Parallels II and SCCM solution next year, but there is no time to get this set up for this Fall (plus no budget LOL).

I took over imaging macs last year simply because I was available and had probably more practical experience with (using) them than anyone else. But I'm not a hacker. The person who left me this job explained the imaging process as best as he could, the old way we were doing it, and I was comfortable with that but now I'm hitting a knowledge wall. Normally I'd hit google and the web to learn. Problem is, I'm limited on time. Gotta have all this figured out, images made and labs imaged in the first week of August. Any help would be greatly appreciated.

mdent
New Contributor II

@warrenmc, why is Deploy Studio not an option?

mdent
New Contributor II

@warrenmc, why is Deploy Studio not an option?

Dylan_YYC
Contributor III

@JPDyson thats what we do! works very well if you stay on top of firmware updates.

Chuey
Contributor III

@mdent If you are using JAMFs product I would be using the Device Enrollment Program (DEP) This would probably be the best for you.

BUT your process can still work with High Sierra and DeployStudio.

You said you already have a new mac running the latest High Sierra. Install the latest version of DeployStudio and let this become your new master imaging server.

Take one of the newest macs you purchased and create an NBI for DeployStudio -- I preferably like to do it on a mac that was just setup and nothing else done to it -- this way the new macs can boot to deploy.

I'm not sure if you've heard of AutoDMG but this is what I would use to build your "master" image file. If you're not familiar with it -- let me know and I can link some of the best resources that have helped me -- from general info to scripts that are invaluable.

AutoDMG can create APFS images and be deployed with DeployStudio. There's a lot on these boards to help with it. I'm not familiar with doing Firmware updates but I'm also not running many High Sierra computers at all and the ones I do have are either DEP or staggered in place upgrades.

How do you enroll these devices into the JSS? Do you use QuickAdd PKG, DEP or what? Either way a lot has changed with MDM Approval and this is something you will have to take into consideration. If you use the QuickAdd PKG then you will have to go to System Preferences > Profiles > and manually approve the MDM Profile from the JSS.

I would need some more information to help you out so just let me know.

csa
New Contributor III

Can you share what you did to have DeployStudio work and image High Sierra machines? High Sierra machines no longer do netboot and we haven't been able to get them to start the imaging process. We are rolling the OS back to Sierra (thank god this still works) via Deploy Studio which has been working very well so far. JAMF imaging does not provide the speed we currently have to prep the machine and DEP requires chasing vendors to ensure they add the machines to our DEP portal (why they don't automatically is a mystery to Apple too). Would love to have DS image High Sierra machine if this is doable.

Chuey
Contributor III

@csa I'm guess your machines are brand new? I must admit the process I use is for Macs ranging from 2010 - 2015 only. I am not familiar with any new macs shipped with High Sierra. What do you mean High sierra image no longer do netboot? Are you saying they totally removed the functionality?

csa
New Contributor III

Yes our machine are the new ones. See https://www.addigy.com/apple-wwdc-completely-changes-managing-macs-apfs-prepared/ and https://derflounder.wordpress.com/2017/01/10/imaging-will-be-dead-soon-ish/
we have not been successful at getting 10.13.3 and 10.13.4 machines to netboot and connect to the DS server.

Chuey
Contributor III

@csa UGH -- is DEP not an option for you or @mdent ??

csa
New Contributor III

@Chuey Yes DEP is an option but Apple does not allow us to add our own machines to DEP portal just yet. So we have to chase the vars we buy from to ensure they add it to the DEP portal. To be honest CDW has been the only one that does this reliably. We have 14+ vendors globally and chasing them to do this means breaking out the prep-h.

Chuey
Contributor III

@csa vendors -_- totally understand -- UGH -- we have no option but to conform. At this point they have totally eliminated our workflow as an option.

carlo_anselmi
Contributor III

To my knowledge DS NetBoot set has to be created with up to 10.13.3 (over NFS) but can restore AutoDMG images created with 10.13.5 (ASR broken?)
Also DS cannot directly create working master AFPS images as it used to be
You’ll find plenty of information on DS forums though
Problems are related to Securetoken for local users created with DS workflows and firmware Start with a minimal workflow and add additional steps in your workflow so that you can verify where problems arise if they do
Hope it helps

warrenmc
New Contributor II

@mdent I was just looking for other more streamlined ways to do it. So I could stick with everything Jamf.

Side question: I'm having issues with getting HS imaged. This is what happens when i try to do that over a machine that is 10.12.6 (or erased). I'm sure it's just one quick thing I am missing......I'm a n00bie with this stuff. Please let me know if you have any thoughts on how to fix this...725b50eec31a45148d67f6c23fc612e2

geebee
New Contributor II

Package-based installers are the way of the future. We stopped using imaging eight years ago.

It's easy enough to just script "startosinstall", however, we're using a slightly different method, and it's working fine.

We've been using the fork of createOSXinstallPkg (see: https://github.com/RedClawx/createOSXinstallPkg) with the full installer of High Sierra from the App Store. Copy that up to the packages directory in DeployStudio and make a workflow from that. Book-end the workflow with a partition and the JAMF QuickAdd package.

So far so good.

carlo_anselmi
Contributor III

@geebee
how do you create the first local admin with the securetoken at the end of your workflow in DS with High Sierra/APFS?

To my knowledge, the only working way is to use the setup assistant (as a quickadd pkg or an admin created with DeployStudio option would not work). Unless I miss something (very likely)
Many thanks!
Carlo

chmp1
New Contributor II

@carlo.anselmi secure token should be given to the first user created, regardless of how it was created.

alexmcclements
Contributor

I created a bunch of USB sticks to install HS and then a hacked version of bootstrappr and First-Boot-Package-Install to enroll with JAMF.