Good day all,
Our School district has 1200+ devices that need to be collected, and have the newest 10.13.4 OS installed. Some devices are as old as 10.10.2 while others are up to 10.13.3. What I need to do is get all these machines up to 10.13.x and do a clean install to wipe out any student information from them.
The first step we had to do was push out the macOS High Sierra install package to all devices, then I have a script (Thanks JAMF for supplying this) that will upgrade the OS and format the drive to APFS... but the data still remains from the original user.
Is there a method to push out the package, and then wipe the drive and install the OS with only using JAMF? We have tried NetInstall with very poor results and do not want to be spending massive amounts of time trying to figure out how to do it again. We also do not have ARD available to us so that also is not an option. Workflow: Upgrade to 10.13.x, wipe the drive and install 10.13.4, join the network, set up user and wait for all the apps to push out to the devices. Sounds easy, but I cannot figure it out.... so I am turning to all you scripters and JAMF gurus.
Any help is greatly appreciated.,
Yes this is possible.
Here is a simplified version of what I am doing:
1) Push the "Install MacOS High Sierra" installer (gotten from the App store) to the mac
2) Run that installer remotely with a command line in JAMF remote (The installer is the only way to properly set up a computer for High Sierra. It both installs required firmware and detects if the drive needs to be reformatted as an APFS for SSD drives)
3) Now that the target computer is already at MacOS 10.13.x you can image it with any normal imaging tool that supports APFS images. That includes Jamf imaging from both external drive and netboot servers (I prefer to use a netboot server with Jamf imaging).
Two more important points -
If you have any HDD drives to support you are going to need two clean master macos 10.13.x images. One prepared from a MacOS 10.13.x mac with an HDD that will remain an HFS+ and another master image that is from a MacOS 10.13 with an SSD that will be APFS formatted. You then have to use the APFS image on SSD drives and the HFS+ image on HDD drives.
During the re-imaging process use a method to erase the internal hard drive on the macs that you are absolutely certain actually wipes the drive. In the scenario you mentioned in your original post it sounds like your imaging process never wiped/formated the drive. That would have left you with the new image layered on top of whatever was on the drive before you began and, in effect, a mess.
Let me know if you need more details about any of this.
@lynnaj I have never used JAMF Remote. Are there any instructions on its proper usage? I just pushed out the Install macOS High Sierra app and it keeps failing... not sure why either.. was working fine just a few days ago, but now not so much luck.
Also installing the HS app over the internet to the JAMF cloud is proving to be quite taxing on our systems. Maybe an onsite server instance would be better and then I can deploy a server at each of our 3 locations. any direction on how to make this happen?
@georgecm12 I tried that script and it went well on one device, but is having issues with the second device.
will need to get looking at that very soon.
Hey all, I am gonna try to explain best I can in words, but it may be confusing what we need.
Today I spoke to JAMF CSR, and they were awesome, as usual. We set up a CasperShare folder with Read and Read/Write accounts. Jamfcloud was made the secondary repository and the share was made primary. I was told to push out the install package to that instance, but it failed each time. With that said, I am not sure this will work we have three separate sites (different IP ranges and DNS does not resolve between the sites). That mean I need to go to each and every site to upload a package; today I had to create 2 of them one for each of the other schools. This workflow would have had me going to those other schools to upload the package to the file share server, not very efficient. This is not JAMFs fault that is how our networks are set-up. What we would like to use is a caching server only for instances such as this; where the OS upgrade package is huge and will not load to the cloud. I thought maybe we could host this OS install on the share server, at each site, then the rest of the packages could be hosted on the cloud... not sure that is an option though. Does anyone know if this is possible?
Here is what we need, maybe a few of you can help me to decide which way to go:
We need to push the Install macOS High Sierra 10.13.4 to all devices that do not already have 10.13.0 or higher installed; Smart Group created for this already.
We need to upgrade those systems, 800+ devices 10.11.4 - 10.12.6 to 10.13.x.
When that has been completed we will need to send out the package again and perform a remote erasure and install of 10.13.4 OS. Some methods that have been mentioned are Caching servers, NetRestore, NetInstall, ARD, and plain old thumb drives.
I have tried ARD, which keeps failing, I have tried to file share the install OS, and the tried and true 45 minutes/ device Thumb Drive.
I need ideas and methods to get this done automagically.
To push using Jamf you need either a network share that is accessible from all sites that can be scripted or all three sites having fully replicated FSDP's available.
My Master File Share is the Jamf Cloud Distribution Point. Uploading to JCDP is frustrating but I usually get it done in a couple of attempts. If you are going to attempt to upload to the JCDP I recommend using the web interface and Safari only. Jamf Admin is not reliable and Chrome/Firefox have been problematic. If you have to retry due to a failed attempt - rename the file (add or remove a . or -) I have the full installer and the full OS DMG's on my JCDP. it just takes some patience. Then I go through the pain of replicating down to 17 sites. I can usually have all 3 update files and full DMG on my JCDP within 48 hours of release of a new OS version (Not so fast pipe).
Regarding the first reply given, you can upgrade directly to 10.13.4 and then use recovery/disk util to convert to apfs or do so using the command line switch during upgrade using --converttoapfs yes. Then you could run the script in the first reply to basically do a factory reset.
Is internet restore an option? Option-Command-R will upgrade to the latest macOS that is compatible with your Mac.**
Is FileVault in play? Filevault & APFS and High Sierra = Secure Token Nightmare
I have successfully upgraded from El Cap to 10.13.4 using this script here.
https://github.com/kc9wwh/macOSUpgrade/blob/master/macOSUpgrade.sh (would have to be modified for APFS)
You can deploy using 3 policies, caching, direct download if cache fails and install. Run install at login, does require user interaction
I re-provision (image) when ever possible for this scenario..
I personally am statying away from APFS - but my workflow once I get it to the OS Files to JCDPis basic
Since you are upgrading older devices you have to extract the firmware and add it as a package during imaging. You do not have to upgrade then wipe to get firmware. Graham Gilberts script is available here: https://github.com/grahamgilbert/imagr/wiki/High-Sierra-Notes
I am rambling and it i s late at night but I hope some of these tidbits are useful.
@daniel.hayden Man do you sleep? Looking at your post and it is kind of what we want to do, at least the upgrade to 10.13.x. What we need to do is get the repository for the OS install to make it to Applications for now anyway, then push that out to all the devices.
When you say Safari and Web Interface, not ADMIN, how are you doing that? Theour logging onto your JSS instance and loading the package directly?
It would be great to just tell each device: Hey if you do not have the Install macOS High Sierra in the Applications folder, then go to Apple and get the darned thing. Once it is there I have a working script from JAMF that will upgrade/Install
We need to wipe the drives to repurpose them to other users, but anything below 10.13.x does not seem to work for us to do this.
Thanks for your help, I will try it.
@rhooper Stripping out the firmware pkg isn't apple supported so we weren't comfortable with that.
We have thousands of machines at 10.12, but maybe more staff than you. We're wiping them all via USB bootable installer which will autoconvert SSDs to APFS & then letting DEP workflow take over. It'll take a few weeks over the summer.
Once the machines are on 10.13 (and APFS), we have a policy that technicians can use in self service that copies the "Install macOS High Sierra" installer to /Applications and runs following command in the execute command option of the policy to wipe/reload macOS on that machine (and presumably to update it in the future). If a machine can't boot or is a hardware repair, techs will need to use the USB drive installer.
/Applications/Install macOS High Sierra.app/Contents/Resources/startosinstall --applicationpath /Applications/Install macOS High Sierra.app --eraseinstall --nointeraction
I hope to never touch jamf imaging or netinstall again. If only apple could get their install times down, it wouldn't be a bad solution. It's certainly less complicated if you're dealing with a lot of techs, or techs that are less tech savvy.
@CasperSally We currently have about 6 thumb drives that will boot and image up, like you said though, the times are so freaking high it is like watch paint dry a thousand times over. More of my time could be used doing other things around our school in the summer.
What I need to do is try to get the loader to install to the Applications folder, from there it is an easy script push, like the one mentioned in your post.
If I ask 12 people what they would do, I would get 25 answers of how to do it, which is good as I can pick and choose which method would work better for us.
Thanks for the post and ideas.
Uploading through the interface is simple go to Settings -->Computer Management-->Packages-->New and drag you file to the Filename button. Then if it is large hope it goes through on first attempt.
@rhooper Good luck! We have 20 USB3 drives per tech. Process takes 45-65 minutes to load macOS and all of our software on top of that (labs and such where self service doesn't make sense), which is about double of our imaging times previously. Is what it is. It was the cleanest way I found to get to APFS and 10.13 consistently.
If you want to take advantage of APFS in the future, make sure whatever method you choose is consistently converting to APFS. Various other methods I tested sometimes left SSDs at HFS+.
If you want some information, I have a DeployStudio workflow that works perfectly for reformatting as APFS and deploying 10.13. Of course, you'll need a netboot or some easy way to deploy it rather than plugging in external drives otherwise you're back to square one.
FWIW, anybody using the USB installer method (assuming you're installing to SSD-based Macs) it REALLY pays to get high speed USB sticks. We're using SanDisk Extreme Pro USB 3.1 sticks and they are SO much faster than your "average" USB stick. Worth the $$ in my experience!
@rhooper It would probably take quite a while to get a DeployStudio environment along with a NetInstall environment up and running... more than the time it would actually save in this particular instance. Still, if interested, go over to http://deploystudio.com and take a look at their documentation. If you get something set up I can give some guidance on imaging with APFS.
I realize this is an old post, but if you are still willing to share your Deploy Studio work flow for APFS imaging, I'd appreciate it. Last year, I got things to work with chewing gum and chicken wire because our equipment order arrived very late in the summer. Now I'm getting ready for the summer workload and have to get Deploy Studio workflows configured and the master images created.