Our school board just voted to lease 700 11" MacAirs in order to move to 1:1 in grades 9-12. I am looking best practices, tips, tricks and do's and don'ts. The MacAir's will ship with Lion but may be updated to Mountain Lion. We use the Casper Suite. Thanks for all your input.
Should we image them all or update them? Do you use any type tracking software besides Casper for stolen/lost laptops? Would you share your policies ?
Should we image them all or update them?
I wouldn't, I would just add the software that you need to the machine and wouldn't re-image the whole thing.
Do you use any type tracking software besides Casper for stolen/lost laptops?
Nope, to be honest we just locked down the laptops with a firmware password and the kids don't have administrative access and when a laptop is gone its gone.
Would you share your policies ?
Of course what you need?
Let's call this a matter of opinion. Since you're getting the units new from Apple a pre-stage imaging is generally the fastest and easiest route. While you wouldn't do it in the future (generally) it's a snappy way to sort everything out with as little effort as possible.
P.S. We've allowed all of the students to setup their computers via iCloud. This activates Apple's tracking via iCloud. It's trickier since you are leasing the units. I suppose that may depend on how you've hooked them into your Apple ID's. It's still a tricky area. However, if you have a push server then you should already be able to remotely lock and wipe the units.
We are using CompuTrace from Absolute Software. It is really expensive, however it has never helped us recover a stolen laptop. You will find that many of the machines reported "stolen" are actually misplaced within their schools! I dont think their is one complete solution, a combination of a Casper and Find My Mac and CompuTrace has worked out about as well as one could expect for us.
Welcome to the world of running Macs in a 1 to 1 deployment! It is both fun and a great challenge at times. I would maybe look at Thin Imaging with the Casper Suite. I just did two proof of concepts on this last week at two separate job sites. The idea of a thin image is that you have no need to lay down the OS plus the recovery partition on a new Mac since they come with that out of the box.
Now with the release of 8.6 and web enrollment this is such an easy process. In fact, if this had been available for me last year when I reimaged 6,000 Macbook Airs, I would probably have gone for a thin image over wipe and laying down a pristine image on them. We did a netboot imaging process at my last job before I worked for JAMF. We were able to get 6,000 Macbook Airs unboxed, mass imaged, and then boxed back up and shipped to the schools in about a 5 week period. I used to help run a 1 to 1 deployment in k12 so I am quite familiar with the environment.
You would still need to build an image for break/fix imaging scenarios. Like if a hard drive needs replacing, or if the system just needs to be reimaged due to file system corruption or whatever the case may be. However, during initial deployment you may want to look at a thin imaging solution.
Here, in a nutshell, is the work flow I used at my past two previous job sites as a proof of concept for thin imaging
1) Declare what goes standard on every Mac in the enterprise. All standard apps will be installed via a single policy, scoped to all computers, set to the any trigger. Things like Flash, MS Office, AV/Security software, flip4mac, so on and so forth. Create a single any trigger policy that is scoped to all machines that installs all standard software packages, and will BIND the computer to the proper directory server is applicable.
2) Create web enrollment quickadd that will automatically check for policy when done. Then allow machines to be enrolled via the web by enabling it in the Computer Management Framework.
3) Un-box a brand new Mac, and create the initial local admin account IT will use for their purposes. Name the computer properly, and set any initial settings. Then enroll the device via the web enrollment process. It will download that quickadd package you created, add the management account, and then trigger available policies set to the any trigger.
4) Then anything you need post the Thin Image you can deploy via more policies or Self Service. This can be scoped to smart computer groups, or LDAP groups.
If this won't work for your environment you can always look at target disk mode imaging, local drive imaging, and of course Netboot imaging. All those methods work.
Also, at my old job we used Computrace as well. We had a custom PKG they sent us. I just dropped that PKG into Casper Admin and installed it via post image at reboot.
I hope you find this helpful.