Help

Prestage Enrollment QA testing with Big Sur

ghart
New Contributor II

Posted on ‎04-01-2021 08:49 PM

Environment:
macOS 11.2.3
JAMF Pro 10.28

I've been working on building our first zero-touch deployment prestage enrollment and testing has become such a pain. I was initially able to use the serial/model changes + snapshots in VMWare Fusion to test, but things got weird when I started testing FileVault and the SecureToken. I switched to using actual hardware, which solved my FV/Token testing issues, but wiping/reinstalling takes a huge chunk of time out of my day. I've tried the method of installing macOS to an external drive so that I can make Time Machine snapshots, but I cannot get it to successfully boot. I install using the Install macOS Big Sur installer to my APFS/GUID Partition Mapping formatted USB drive, set the drive as my startup disk and just get stuck in a kernel panic loop until I give up and boot back to my normal disk.

How in the world are people successfully, and efficiently, testing prestage enrollments?!

Labels:
0 Kudos
Reply
3 REPLIES 3

ghart
New Contributor II

Posted on ‎04-02-2021 07:01 PM

I accidentally ended up answering my own question! Instead of trying to boot from a USB to make a Time Machine snapshot, I just opened the terminal from the Language Chooser with CMD+OPT+CTRL+T. A quick tmutil snapshot and I'm finally testing and restoring in minutes!

EDIT: Nevermind. It seems using the snapshot method causes problems with "ghost" UUIDs being granted the only secure token and preventing the configuration of FileVault. Back to square one, I guess. Any ideas?

0 Kudos
Reply

maurits-pro
New Contributor II

Posted on ‎04-04-2021 06:04 AM

Too bad vfuse is no longer working for macOS 11, the scripted creation of a new VM was my favorite method.
My testing of big sure is done using a VMware Fusion VM, manually edit the serial and make snapshot before first boot.
After enrollment it can be tricky to revert a snapshot due to same UUID and history as known by Jamf. Testing policies works nice in VM snapshots (run recon after reverting snapshot, possibly flush all logs).
I used this link https://travellingtechguy.blog/macos-big-sur-on-vmware-fusion-12/

0 Kudos
Reply

dmitry_gurvits
New Contributor II

Posted on ‎04-04-2021 01:50 PM

I use parallels on my main MacBook pro, a few tricks

  1. spoof serial number
  2. take snapshot of the machine before it boots the first time, and take the snapshot while the machine is off (the ensures that no prestage is cached in your testing) works just fine
  3. obviously this is on Intel only, we cant do this on M1 yet
0 Kudos
Reply