Keep Local APFS Snapshots for Restore - Snapshots Don't Persist?

apizz
Valued Contributor

After rolling out High Sierra to our Faculty this summer, we were using tmutil to take a local snapshot as way to rollback the machine to a known good state in the event this was ever needed. We intentionally don't use Time Machine for backing up our Macs. However, for VIPs we were planning on using regular local snapshots to keep an I.C.E backup.

However, it appears that despite manually taking local snapshots on machines via tmutil localsnapshot that these snapshots don't persist.

Does anyone know why this is, and if there's a way to achieve our desired result so that we can more easily rollback machines to their "just after deployment" state?

16 REPLIES 16

rickgmac
Contributor

As far as I am aware. Local snapshots are removed after the following
Local time machine backup via USB
OS X update - so every time Apple updates 10.13.4 > 10.13.5 you would need to take a snapshot again

apizz
Valued Contributor

@rickgmac that's not been my experience after recently testing. I took a snapshot on a MacBook Air yesterday and confirmed it existed after taking it. Today I run tmutil listlocalsnapshots / and no snapshots are present.

Nix4Life
Valued Contributor

@aporlebeke

in my initial testing earlier this year with HI-C, the snapshots on lasted for 24hrs. I was toying with an idea to touch the file every hour to see if it would persist, but never followed through.

boberito
Valued Contributor

I've heard Apple has a way to make them persist. Like gigantically large orders of thousands of machines, you can request a snapshot to easily roll back.

They just don't share that information. Which sucks for us.

apizz
Valued Contributor

I reached out to Apple Enterprise Support in the hopes of getting more info.

Jerneheim
New Contributor III

Hi all,

There is a support article from Apple that talks about this.
About Time Machine local snapshots

Regards
Patrik

takayuki
New Contributor III

I believe that a local snapshot taken by the 'tmutil' command manually lasts 24 hours only.

AHolmdahl
New Contributor III

FYI
If you are running macOS 10.14 Mojave the tmutil command is not functional until you make changes in System Preferences/Security&Privacy - Privacy tab / Accessibility - add Terminal to applications allowed to control the computer.

sturnbull
New Contributor

We'd like to do something similar, keep one local snapshot as a way to revert short term loaner computers back to their initial state. So far as I can tell, there doesn't seem to be a way to keep a local snapshot longer than 24 hours. Was anyone successful in finding a way to preserve the local snapshot?

apizz
Valued Contributor

@sturnbull et all, I haven't found a way to do this. Calls to Apple Enterprise Support got me nowhere. They "understand" the need and why we want it, but this currently isn't implemented and from what I can tell, they have no plans of changing this.

drew_ferors
New Contributor

Its a pity to see everyone's response and that Apple hasn't found a solution for a simple rollback. I'm very much in the same boat as @sturnbull (short term loaner machines being rolled back to a clean state).
I have partitioned the APFS hard drive and time machined the drive from one partition to another. This allows us to easily clean off the loaner machines with a few clicks each time but its so slow. The recovery of snapshot within 24 hours is so super fast, has anyone toyed with the terminal commands to force the system to retain the snapshot?
Is this the first steps of apple not wanting to be apart of enterprise? Forced MFA on the appstore is also an indicator of this for us.

takayuki
New Contributor III

Just note that Secure Tokens are not assigned to any users by design if you restore a local snapshot.

sdagley
Esteemed Contributor II

@takayuki Thanks for that tidbit. That probably explains why when trying to edit the Startup Security settings on my T2 test Mac (which is often restored from a tmutil snapshot) I ran into the error that I didn't have an account with the required access. Luckily going through a cycle of disabling and re-enabling FileVault seems to have resolved the problem as after I did that my account was allowed to edit the Startup Security settings.

apizz
Valued Contributor

Thanks for that. Is there any documentation for taking an APFS snapshot on one machine and transferring it to another? I'm imagining a scenario where a user is migrating laptops and we can't simply open the machine up and swap SSDs.

boberito
Valued Contributor

Zero.

apizz
Valued Contributor

great ... can't wait to talk to "enterprise" support again about this ...