- Jamf Nation Community
- Products
- Jamf Pro
- Moving College from imaging to ASM Deployment
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Moving College from imaging to ASM Deployment
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-02-2019 07:40 AM
So after much time convincing our Mac users that we should have long moved away from El Captain and given our Mac Fleet a refresh, I am also moving our deployment method away from JAMF Imaging (Since "Imaging is Dead" TM) to using Apple School Manager linking with our JAMF Server and Internet Recovery for OS installs.
After weeks of back and forth with Apple, I finally have the college registered along with all 211 Macs (No Macbooks or iPads to speak of just desktop iMacs) on ASM. My JAMF Server and ASM are acknowledging each others presence without fault so everything as far as that connection is good to go.
Where I am struggling at this time is re-creating the rest of the classic Imaging Configuration (Workflow) so that I can set away an OS Install/Rebuild and then leave it be. I have read many a white paper and watch many a YouTube video of conference talks but still can't figure out specific way of recreating our Mac Build Workflow.
This is what our configuration currently look like:
Naming Mac - Priority of any build/rebuild of all Macs. Our Static/Smart Groups are based around correct naming of machines as well as other network functionality. Also good that we have the chance to confirm name in case of mistake previously or if we have moved Macs to another room.
Erase Hard Drive and OS installs - Internet Recovery command dealing with this now, although wouldn't mind clarification on ensuring it is current OS version being installed. Trying to avoid different OS versions in different rooms. None of our Macs are older than 2013 so they can take Mojave (Albeit some are sluggish but likely replaced with new Macs within a years time).
Core Software installs - User's won't wait for software to install later from Smart Group Policy or use Self Service. They are entering a lesson to login and expect core software to be there already to work. Additional software is already deployed with existing Smart Group Policies and doesn't need to be immediately installed on build time.
Active Directory Binding - We are primarily a Windows network. There are no user accounts to be created or imported to or from ASM. Users will be logging onto the Macs with their AD accounts.
Disable iCloud Sign up Script - We don't want iCloud sign up popup window to appear at first launch or first time login for any of the users. We currently have a script on imaging that disables this although this could possibly be retired with a GUI option in JAMF now?
Post Image Script - The other script that runs on image (specifically after first reboot) covers setting Time Server to internal Domain Controller, setting Locale and Keyboard to UK/GB, enabling SSH but limiting it to Local and Domain Admins, enable VLC, disable IPV6 and disabling WiFi.
Creation of Local Admin Account - Right now this is part of the OS Image that is created. Again, this method can be retired due to JAMF option now right?
I have seen the "PreStage Imaging" and "PreStage Enrolment" options in JAMF but not entirely sure these cover what we are looking to re-create, do I use one or the other or a combination of both? I have read that others have had to use some third party tools to help recreate their old JAMF Configuration methods, is this still the case?
Summer break is coming soon so I have plenty of time to test deployment and then mass blank and refresh our Macs without interruption from staff or students however if I can get the new deployment method locked down before then, that gives me more time to do the refresh.
Appreciate anyone able to offer advice here. Current JAMF Version is 10.11.1 and have no issue updating it if necessary.
Labels:
- Labels:
-
Apple School Manager
-
Imaging
-
Jamf Pro
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-02-2019 08:57 AM
You have a lot to overcome! I recommend that you tackle this a bit at a time and test, test and then test. Start with what is most important and then layer on each requirement, testing at each step.
Assuming ASM (DEP) and Jamf Pro are all configured and you have a pre-stage enrollment configured with iMacs scoped, you should be good to go. I recommend creating the local admin account (hidden) and test out the binding settings to see if they will work in your environment in the pre-stage enrollment.
Upgrade OS or erase and install latest? I tested both methods and settled on the erase and install for a clean slate. Created a policy to download the latest OS. In that policy I added the Files and Processes payload > Execute Command: "/Applications/Install macOS Mojave.app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction
Upon completion of the erase and install, DEP/Prestage-Enrollment takes over.
Using the on enrollment complete trigger to load scripts can solve the naming problem. Check out this link on auto naming computers. You can also trigger other scripts to configure many of the items you have listed at this time or create Configuration Profiles. Here is a great tool that allows you to configure many items that Jamf does not offer - ProfileCreator.
Package up all of the required apps and then decide when they need to be deployed. If you want them to auto install, set the trigger to recurring check-in. I had the best success with this over enrollment complete.
During the testing process you should be able to work out the order of the process to make this successful. There are other products that you can explore such as DEPNotify that will help with post enrollment configurations.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-02-2019 09:45 AM
You very literally just described my Mac environment as of April of last year.
I gave a talk at JNUC 2018 about how we got through it all. https://m.youtube.com/watch?v=jf_Ik3ewCmM
I’m guessing you may have already watched it hough.
The best way I can say it is to tackle every angle of this one by one until you have solved your problems. I am willing to share anything I can to help you through this stuff including scripts for provisioning (I even make myself use the new vocabulary to change my mindsets.) I will also be honest... getting clean operating systems on the machines is one of hardest problems and I don’t like the main methods to do it. I basically used Internet recovery and Netinstall (not imaging) on the old stuff one last time to get it all into the modern era. Netinstall goes away on modern hardware so you are very wise to work away from it in the future. Again, feel free to reach out to me at my jamfnation handle or via email at (same as jamfnation handle)@m a c.c o m
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-02-2019 10:33 AM
I suggest looking at TwoCanoes MDS (MacDeployStick) Check them out at macadmin slack #twocanoes-mds Check this youtube video for introduction to MDS. I use this in our shop and this is the closest thing to "old school imaging" . I enhanced it with DEPNotify and DEPNotifyStarter Script by Jamf as my post imaging setup. If you go to their macadmin slack channel, you'll learn more mds workflow technics other admins are using.
