Summer Workflow?

New Contributor III

Good Morning!

This is out first year with JAMF and I just wanted to ask which procedure/workflow everyone followed in terms of a Summer refresh on systems?

We have 300+ Macs within our infrastructure and I just wanted to know how I should approach wiping the systems and reinstating naming conventions/policies ?

If someone could recommend what they are successfully using, I'd appreciate it :)

Have a great day!


Contributor III

@glasgowclyde It all depends on what you are wanting to do in your refresh.

Naming for us is done as Campus-room-ComputerNumber. We have a link between our DHCP server and LDAP, that allows us to script a query in the database for mac address, and pull the computer name set in DHCP. We also put it on a label on the Mac, but students sit there and peel them off. Once named, the computers are picked up by smart groups in JAMF and these groups are then assigned to the policies.
A quick note on assigning to policies. I prefer to use a smart group, even if it is getting only 1 Mac. The reason for this - If you add a single computer to a policy, and then the computer is deleted out of JAMF, the link to the policy is also lost. But with a smart group looking for the Mac, when it is re-enrolled it will pick up the policy again.

If you are on 10.13 or earlier and are staying up to 10.13 then...
We use NetSUS/NetBoot servers to net boot the Macs, and then drop a new OS onto them, re-enroll them into JAMF and drop the configs and Apps onto the Macs. OSX drops in under 10 mins onto the Macs, in our setup. We have to sign in to the admin account and accept the MDM profile. I have a smart group looking for this, and it is set as an exception in all policies. Then I can walk away from them and let the rest of the Apps install themselves, or at least put a copy of the installer onto the Mac where a tech can easily get to it and manually install. We have a few apps that have to be done manually.

If you are on 10.13 and heading to 10.14, then the above will work once, with a caveat. I have found here, and not yet found an easy solution to....
Once the Mac is installed with 10.14 and formatted to APFS, you can netboot it, but for some reason cant actually send an image to it. It will fail, every time, unless... You net boot it and then open terminal and delete the APFS container, then re format it back to HFS+. Then you can send a 10.14 image to it again. Its probably something simple I am missing.

As to going forward 10.14 and beyond. Well that all depends on Apple. NetBooting and TargetDisk mode are on the way out.

My plan here is to add all of our Macs to DEP. This should allow me to use the recovery drive to boot the Mac and erase it, then DEP will kick in and enrol it into JAMF, once it is there my policies and configurations will kick in and everything is as normal.
Is this going to work? I don't know! I doubt it will be this simple, there will probably be loads of replies here telling me how un-simple it will be.

We erase all computers here every summer. We have about the same number as you, although ours are now on campuses up to 80 miles apart. It takes me a couple of weeks to do them all.

One note of caution. Watch out for applications that you had to manually register with the company before they will work, you may need to unregister them before you erase the Mac. Otherwise you will have to go to the company and get them to reset your account. Some of these can take a couple of weeks to be reset. I have a load of these to keep on top of, and they are a real pain.

Hopefully this helps you.

One final thing, whatever you do, test it, and then test it again, and then get someone else to test it. Throw every sloppy method you can think of at testing it. Because once it is out there, someone will try and take shortcuts or forget bits, or try to do them in the wrong order...


New Contributor III

That's extremely detailed Paul - thank you very much for taking the time to do that :)

Contributor III

@glasgowclyde No problem, I hope it is of assistance.