Posted on 01-07-2016 10:47 AM
I'm looking to use Self Service to allow a small, select group of users to do a full wipe and reinstall of their OS. We use DEP for them to enroll their computers, and they can already do OS upgrades via Self Service, but they are also requesting the ability to do a clean install of the OS.
The computers do have the Recovery partition, but also a firmware password that the end users don't know (part of our security policies). Thus, I was thinking to use Self Service to bless the Recovery HD and reboot, so the end user can go through the OS install steps themselves.
However, I'm having trouble making a script that will do this. I've tried both the bless command and the systemsetup -setstartupdisk command, but nether would work. Here's the processes I tried via script:
mount the Recovery HD
bless the volume
restart
this is the bless command I used:
bless --mount /Volumes/"Recovery HD" --setBoot --nextonly
This doesn't give an error, but also doesn't work
And this is the systemsetup command:
systemsetup -setstartupdisk /Volumes/"Recovery HD"
This gives the message
"Not a System Folder : /Volumes/Recovery HD/System/Library/CoreServices"
Any thoughts on the process in general (is there a better way?) or specific help with the scripting would be appreciated!
Posted on 01-07-2016 11:10 AM
It may not be working because of the EFI password....I have a similar Self Service policy that reboots to Target Disk Mode for our techs to image and I know I had to remove the EFI password to get it to work (which is fine because it gets reapplied during imaging)
How we remove the EFI password:
/Library/Application Support/JAMF/bin/setregproptool -d -o "YourEFIPassword"
Posted on 01-07-2016 01:30 PM
That does seem to be part of it - disabling the firmware password got it to try to reboot to the Recovery partition, but it instead just booted to the Folder/Question Mark. I'm going to try a few things out, but at least that's part of the puzzle!
Posted on 01-07-2016 04:38 PM
So, after much trial and error, I figured out that I do not need to disable the Firmware password to get this done. Here's the script that I have that will cause the computer to reboot to the Recovery Partition via Self Service:
#!/bin/bash
drive=`diskutil list | grep "Recovery HD" | rev | cut -d " " -f1 | rev | cut -d " " -f1`
bless --device /dev/$drive -setboot -nextonly
reboot
The key was using the -device modifier for the bless command. I was trying -mount (and I also tried -file/folder).