laptop rollout best practices question

we are about to replace all of our elementary teacher’s MacBooks with macbook airs. in a perfect wold we would be handing the teachers their new never opened, still-in-the-box, MacBooks and using DEP to join AD and enroll in JSS and assign the device to AD user. the the JSS handles installing required software / printers.

best ideas to accomplish this in our current less-then-perfect world?


I don't know. I tend to chance idealism. If you see your opportunity to swap to DEP with a sound (presently functional) AD integration I say go for it! otherwise, I'm always happy to talk about the pitfalls I've seen. What is your environment like?

@jchurch - I agree with @Chris_Hafner. You may want to post a little more detail on what your "current less-than-perfect world" looks like. I assume from your post that DEP is out of the question, but you don't make it clear if its because you can't sign up for one reason or another, or you just don't like the model.
What are your requirements for getting these laptops rolled out? Do they need to be 100% fully configured when they get into the hands of the teachers? Because they are not technical users? Or, can you let Casper do a light touch initial setup, then let the teachers install additional software, or just let policies kick in after they get it to "provision" the software?
There are many ways this can be handled and I'm sure you'll get posts from people who have done this in a variety of ways. But knowing what is a requirement for your environment would help direct the conversation.

And since you're going from MacBooks to MacBook Airs, how are you going to handle the User data migration?

Since all of our users backup to an external HD with Time Machine, it is easy for us to then have them migrate their data from the TM backup to a new machine we hand to them. We ask that they only migrate their user and not applications, and then they are responsible for re-installing any apps that are not part of our standard build. We did 1000+ laptops like this a year a half ago, and it worked perfectly. Is was such an easy transition, I remains shocked. We stretched the migration process out over 6 weeks, but conceivably could have done it in 2 weeks.

as for migration... we are a google apps for education account so all of our users have unlimited storage in google drive. we have a standing policy that backups are their responsibility.

we don't allow users to have local accounts and use active directory for authentication.

currently with DEP when a device is setup it enrolls in casper fine, but you can't do LDAP authentication like you can on an iPad. there is no way to stop the end user having to create the initial local admin account. (as far as i know)

the devices don't have to 100% configured at all. i have policies configure the devices and install software.

right now the only thing i can think of is to let DEP auto enroll in casper and have the user go through the initial user account creation then have casper bind the machine to AD, create our local admin accounts, delete the one the user just created, reboot and have them login with their AD account.

my mother is more computer savvy then most of the teachers in this district. this process would make their heads explode.