After rolling out High Sierra to our Faculty this summer, we were using
tmutil to take a local snapshot as way to rollback the machine to a known good state in the event this was ever needed. We intentionally don't use Time Machine for backing up our Macs. However, for VIPs we were planning on using regular local snapshots to keep an I.C.E backup.
However, it appears that despite manually taking local snapshots on machines via
tmutil localsnapshot that these snapshots don't persist.
Does anyone know why this is, and if there's a way to achieve our desired result so that we can more easily rollback machines to their "just after deployment" state?
We'd like to do something similar, keep one local snapshot as a way to revert short term loaner computers back to their initial state. So far as I can tell, there doesn't seem to be a way to keep a local snapshot longer than 24 hours. Was anyone successful in finding a way to preserve the local snapshot?
Its a pity to see everyone's response and that Apple hasn't found a solution for a simple rollback. I'm very much in the same boat as @sturnbull (short term loaner machines being rolled back to a clean state).
I have partitioned the APFS hard drive and time machined the drive from one partition to another. This allows us to easily clean off the loaner machines with a few clicks each time but its so slow. The recovery of snapshot within 24 hours is so super fast, has anyone toyed with the terminal commands to force the system to retain the snapshot?
Is this the first steps of apple not wanting to be apart of enterprise? Forced MFA on the appstore is also an indicator of this for us.
@takayuki Thanks for that tidbit. That probably explains why when trying to edit the Startup Security settings on my T2 test Mac (which is often restored from a tmutil snapshot) I ran into the error that I didn't have an account with the required access. Luckily going through a cycle of disabling and re-enabling FileVault seems to have resolved the problem as after I did that my account was allowed to edit the Startup Security settings.