Posted on 08-02-2011 08:18 AM
With the new MacBook Airs and Minis not coming with restore media, I'm thinking Thin Imaging might be the way to go. Does anyone have a thin imaging workflow with Casper that they could share?
Thanks
Allen
Posted on 08-02-2011 12:24 AM
Chiming in here late, don't have a lot of time so I did not read every email. This is how I set up imaging. We have Macbooks, Macbook Airs, 2 different models of iMacs, and 2 different models of Mac Minis in our deployments. I create a client image the exact same way (note our new minis have no optical nor do our airs).
So, I create one image, only ever have to maintain one image, then all specific packages are scoped out via smart groups and done after the block copy. This way I never have to maintain more than one image, it works on everything, and it is extremely modular since I can add packages and post image shell scripts to each smart configuration, based off a parent configuration of a compiled image.
-Tom
--missing content--
updates (chained policies) in about 60 minutes. It just depends on how long CS4 wants to take to install.
Imaging methodology definitely depends on the need for speed when imaging. I don't deploy thousands of similar images in a short time span. Instead, I deploy fewer Macs with many configurations. I have the luxury of time at the end.
--
William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492
This message has been sent from the Kansas City, Kansas Public Schools. The information contained in this email and any attachments may be privileged and confidential, and are intended only for the individual or entity identified as the addressee. If you are not the addressee, or if the message has been addressed to you in error, you are not authorized to read, retain, copy, or distribute the message or any attachments. If you have received the message in error, please delete it and any attachments and notify the sender by return e-mail or by telephone. Thank you.
--=Part48673319.0
Content-Type: text/html; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Content-Description: HTML
<html> <head>
</head>
<body style"margin-bottom: 1px; color: rgb(0, 0, 0); margin-right:
4px; margin-left: 4px; font-family: Calibri, sans-serif; margin-top: 4px;
font-size: 14px; font-variant: normal; line-height: normal">
<p style"margin-bottom: 0; margin-top: 0">
<font face"Lucida Grande" size"3">Chiming in here late,
don't have a lot of time so I did not read every email. This is
how I set up imaging. We have Macbooks, Macbook Airs,
2 different models of iMacs, and 2 different models of Mac Minis in
our deployments. I create a client image the exact same way
(note our new minis have no optical nor do our airs).</font>
</p>
<br>
<p style"margin-bottom: 0; margin-top: 0">
<font face"Lucida Grande" size"3">1. Use a retail disk
image and instaDMG with the catalog file updated to the latest OS
updates, and model specific ones</font> </p>
<p style"margin-bottom: 0; margin-top: 0">
<font face"Lucida Grande" size"3">2. Create pristine OS
image, with no users, never been booted, updated with the
latest combo updates</font> </p>
<p style"margin-bottom: 0; margin-top: 0">
<font face"Lucida Grande" size"3">3. drop pristine OS
image in Casper Admin and compile with all standard packages (office
4; ilife, flip4mac, etc)</font> </p>
<p style"margin-bottom: 0; margin-top: 0">
<font face"Lucida Grande" size"3">4. Create a parent
configuration that block copies the image file via asr script (not
with casper imaging)</font> </p>
<p style"margin-bottom: 0; margin-top: 0">
<font face"Lucida Grande" size"3">5. Create smart
configurations based off of parent asr script, add building/department/
user/group specific packages to configuration</font> </p>
<p style"margin-bottom: 0; margin-top: 0">
<font face"Lucida Grande" size"3">6. Repeat step 5 until
all configurations for all clients are complete.</font> </p>
<p style"margin-bottom: 0; margin-top: 0">
<font face"Lucida Grande" size"3">7. Create post image
scripts that create users, set specific settings, and so forth and
add them to configuraiotns</font> </p>
<br>
<p style"margin-bottom: 0; margin-top: 0">
<font face"Lucida Grande" size"3">So, I create one
image, only ever have to maintain one image, then all specific
packages are scoped out via smart groups and done after the block copy.
This way I never have to maintain more than one image, it works
on everything, and it is extremely modular since I can add packages
and post image shell scripts to each smart configuration, based off a
parent configuration of a compiled image.</font> </p>
<br>
<p style"margin-bottom: 0; margin-top: 0">
<font face"Lucida Grande" size"3">-Tom</font><br><br>>>&g
t; "Smith, William" <William.Smith at merrillcorp.com>
8/2/2011 1:55 PM >>><br> </p>
<div>
<p style"margin-bottom: 0; margin-top: 0">
On 8/2/11 12:13 PM, "Steve Wood" <<a href"mailt
o:swood at integer.com">swood at integer.com</a>> wrote: </p>
</div>
<div>
<p style"margin-bottom: 0; margin-top: 0">
<br>
</p>
</div>
<blockquote id"MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" style"padding-
right: 0; margin-bottom: 0; margin-right: 0; margin-left: 5; margin-top:
0; border-left: #b5c4df 5 solid; padding-left: 5; padding-top: 0;
padding-bottom: 0">
<div>
<p style"margin-bottom: 0; margin-top: 0">
The term "thin imaging" is new to me.  I'v
e always referred to it as either modular or monolithic when having
discussions with others.  Now that I know there is an industry
term, I'll use that.  :-) </p>
</div>
</blockquote>
<div>
<p style"margin-bottom: 0; margin-top: 0">
<br>
</p>
</div>
<div>
<p style"margin-bottom: 0; margin-top: 0">
I had an idea about what things meant but apparently not the whole
idea. Those definitions on Microsoft's site make sense and I think
I'll use them too. </p>
</div>
<div>
<p style"margin-bottom: 0; margin-top: 0">
<br>
</p>
</div>
<blockquote id"MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" style"padding-
right: 0; margin-bottom: 0; margin-right: 0; margin-left: 5; margin-top:
0; border-left: #b5c4df 5 solid; padding-left: 5; padding-top: 0;
padding-bottom: 0">
<div>
<p style"margin-bottom: 0; margin-top: 0">
In regards to leaving the OS on the machine that comes from
Apple leaves me with one question:  how do you get past the
intial setup assistant screens on these machines?  Perhaps
I'm being naive or ignorant about this, but there isn't a way
to get past having to enter that information on a machine that comes from
Apple, is there?  That would be the one hangup I have to
this method. </p>
</div>
</blockquote>
<div>
<p style"margin-bottom: 0; margin-top: 0">
<br>
</p>
</div>
<div>
<p style"margin-bottom: 0; margin-top: 0">
I still NetBoot. The only difference is that I 1) don't
erase the hard drive and 2) don't install a base OS. I would
still, however, apply the current combo update and any additional
updates. Casper takes care of the first run stuff. </p>
</div>
<div>
<p style"margin-bottom: 0; margin-top: 0">
<br>
</p>
</div>
<blockquote id"MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" style"padding-
right: 0; margin-bottom: 0; margin-right: 0; margin-left: 5; margin-top:
0; border-left: #b5c4df 5 solid; padding-left: 5; padding-top: 0;
padding-bottom: 0">
<div>
<p style"margin-bottom: 0; margin-top: 0">
And as far as imaging with Casper goes, I always compile my
images, which means I have to use InstaDMG or Composer to create the
OS DMG instead of using the ability to drop a DVD DMG into Casper
Admin.  Using a compiled image means I can image a machine,
with base apps, in about 5 minutes.  From start to finish I
can re-image a machine and install CS4 DP with all updates (chained
policies) in about 60 minutes.  It just depends on how long
CS4 wants to take to install. </p>
</div>
</blockquote>
<div>
<p style"margin-bottom: 0; margin-top: 0">
<br>
</p>
</div>
<div>
<p style"margin-bottom: 0; margin-top: 0">
Imaging methodology definitely depends on the need for speed when
imaging. I don't deploy thousands of similar images in a short time
span. Instead, I deploy fewer Macs with many configurations. I have
the luxury of time at the end. </p>
</div>
<div>
<div>
<div>
<div style"font-size: 12px; font-family: Consolas, monospace">
<div style"font-family: Consolas, monospace"> <p style"margin-bottom: 0; margin-top: 0"> <font face"Calibri"><span style"font-family: Calibri"><br style"font-family: Calibri"> </span></font> </p> </div> <div style"font-family: Consolas, monospace"> <p style"margin-bottom: 0; margin-top: 0"> <font face"Calibri"><span style"font-family: Calibri">-- </span></font> </p> </div> <div style"font-family: Consolas, monospace"> <p style"margin-bottom: 0; margin-top: 0"> <font face"Calibri"><span style"font-family: Calibri"><br style"font-family: Calibri"> </span></font> </p> </div> <div style"font-family: Consolas, monospace"> <p style"margin-bottom: 0; margin-top: 0"> <font face"Calibri"><span style"font-family: Calibri">William Smith</span></font> </p> </div> <div style"font-family: Consolas, monospace"> <p style"margin-bottom: 0; margin-top: 0"> <font face"Calibri"><span style"font-family: Calibri">Technical Analyst</span></font> </p> </div> <div style"font-family: Consolas, monospace"> <p style"margin-bottom: 0; margin-top: 0"> <font face"Calibri"><span style"font-family: Calibri">Merrill Communications LLC</span></font> </p> </div> <div style"font-family: Consolas, monospace"> <p style"margin-bottom: 0; margin-top: 0"> <font face"Calibri"><span style"font-family: Calibri">(651) 632-1492</span></font> </p> </div> </div> </div> </div> </div> <BR>
<div> This message has been sent from the Kansas City, Kansas Public Schools. The information contained in this email and any attachments may be privileged and confidential, and are intended only for the individual or entity identified as the addressee. If you are not the addressee, or if the message has been addressed to you in error, you are not authorized to read, retain, copy, or distribute the message or any attachments. If you have received the message in error, please delete it and any attachments and notify the sender by return e-mail or by telephone.
Thank you. </div> </BODY></HTML>
--=Part48673319.0=--
Posted on 08-02-2011 08:27 AM
How do you want to lay the apps down?
I run a compiled modular image. Has my OS, Office, Certificates, Perian, Flip4Mac, Updates, and some post flight scripts.
Takes about 4-5 minutes to lay down.
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
Posted on 08-02-2011 08:33 AM
How are you creating an OS for the new MacBook Airs? Composer? Otherwise there is no way to get the OS (no media). That's why I'm thinking about moving away from Modular for these machines.
Allen
Posted on 08-02-2011 08:34 AM
Been doing this for a couple of years now. I have a custom QuickAdd pkg on a web server (download link in the 3-page setup document) which prompts the end user for info (name, email address, phone, work location). This data is added to the On Aug 2, 2011, at 10:18 AM, GolbigA at mskcc.org wrote:
The QuickAdd installs the jamf binary and recons the machine. The postflight script runs a custom setup trigger (i.e. jamf policy -trigger setup).
I have 26 setup policies which do things like:
sets the computer name to company standards, installs root CA, creates hidden management account, turns on ARD for that management account, installs a VPN profile and proxy server, sets a local password policy, sets screen saver options, installs some other security software, enables the firewall with a default set of preferences, installs McAfee Security, adds some intranet sites to their Dock, installs Citrix Receiver, MS Office 2011, CrashPlan Pro, Ricoh printer drivers, updated Flash/Silverlight/Flip4Mac browser plugins, turns on the update checking for Microsoft, Adobe, and Software Update (plus nags the user if they're not up to a 10.6.8 or 10.7 OS), installs a FileVault master password (applies to 10.6, doesn't apply to 10.7), and installs Java if they're on 10.7.
Most of this is done with scripts, a lot of them from the Resource Kit.
You'd be surprised how well this works and how painless it is. Setup time is 30-45 minutes (bandwidth-dependent), end-user initiated (this is a "Bring Your Own Computer"/self-supported stipend problem where the end users "own" their laptops, both physically and from a management perspective. I did have to do significant script tweaking for Lion, but have never had to worry about rebuilding images or NetBoot or worrying about versions of the OS supporting specific hardware...
Posted on 08-02-2011 08:36 AM
Yes I am using Composer. This was the same way I got around the 10.6.8 issue before the Combo was released and it turned out to be universal!
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
Posted on 08-02-2011 09:11 AM
End users are responsible for reinstalling their own OS. If they don't have their CD's, they are instructed to go to the Genius Bar at an Apple Store (these are mostly mobile (i.e. don't show up in a specific office every single workday - maybe use hoteling) users in any number of US/European locations). On Aug 2, 2011, at 10:44 AM, GolbigA at mskcc.org wrote:
Once an OS is on the machine, they simply repeat the initial configuration steps. They can restore data from CrashPlan or Time Machine or whatever backup methodology they use...
--Robert
Posted on 08-02-2011 09:26 AM
I may be showing my ignorance here, so please forgive me.
On 8/2/11 10:18 AM, "GolbigA at mskcc.org" <GolbigA at mskcc.org> wrote:
My definition of "thin imaging" and how I've seen it defined is
essentially "modular imaging" but with your common apps built into your
base OS image. That gets installed as a block copy and then applications
are installed on top of that. Some folks don't seem to even define thin
imaging to include the common apps.
Thin imaging is a means of reducing the amount of time spent imaging a
machine but means you spend longer preparing the image and setup. Not
getting media with new machines shouldn't have anything to do with your
imaging strategy.
Rather than creating a temporary base OS image for new machines with
machine-specific OS builds, I simply use the OS as it's installed from the
factory and lay down my policies and packages on top of that. This works
fine for me because I use Casper's InstaDMG-like method for installing my
OS in the first place. I'll later update my configuration in Casper to use
the 10.x.0 installer followed by the next combo update.
This may not seem like a "pure" install since I'm using the
factory-installed OS but the amount of headaches I save by doing this
until the next combo is released is worth it.
--
William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492
Posted on 08-02-2011 09:36 AM
Thin Imaging to me is
Base OS
Modular Package Based Components
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
Posted on 08-02-2011 09:39 AM
Actually, from what I've seen, "thin imaging" is pretty much defined as taking an out-of-the-box OS and overlaying your packages/scripts onto it, rather than laying down any kind of image via NetInstall/Casper Image Creator/DeployStudio/InstaDMG et. al.
Posted on 08-02-2011 09:48 AM
And with the new MacBook Air and Mac Mini not coming with Restore Media, Thin Imaging makes the most sense. At least with the Air and Minis (and with newer Lion only Macs), if you need to re-image, the user boots to the recovery hd and reinstalls the OS. Then just flush the policy for that machine and start over.
Allen
Posted on 08-02-2011 09:50 AM
This is my understanding of it as well. We used to do this but moved back to Casper Imaging once a few boxes that needed ticking with Casper were met.
j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Posted on 08-02-2011 09:51 AM
Looks like we all have different ideas. The best definitions I've found
are these on Microsoft's site:
http://technet.microsoft.com/en-us/library/ee956904(WS.10).aspx.aspx)
Thick Image = Monolithic image
Think Image = Modular image
Hybrid Image = Base OS with base apps followed by layering apps and
settings on top
--
William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492
Posted on 08-02-2011 09:53 AM
Robert's definition is the same one I've been using when discussing thin imaging. The general idea is that you don't wipe the OS on a new machine from Apple. Instead, you install packages and scripts onto that OS to make it look and act like your standard image.
On Aug 2, 2011, at 12:39 PM, Robert Hammen wrote:
Thanks,
Rich
---
Rich Trouton
troutonr at janelia.hhmi.org
JFRC Help Desk
phone: x4030
email: helpdesk at janelia.hhmi.org
The best way to get in touch with me is through email.
Posted on 08-02-2011 10:01 AM
That honestly would be a hybrid model because its reliance is more on Software Deployment Post imaging than the actual Imaging itself. Thin has always in the Microsoft world = Modular Thick = Monolithic.
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
Posted on 08-02-2011 10:13 AM
The term "thin imaging" is new to me. I've always referred to it as either
On Tue, Aug 2, 2011 at 12:53 PM, Trouton, Rich R <troutonr at janelia.hhmi.org>wrote:
modular or monolithic when having discussions with others. Now that I know
there is an industry term, I'll use that. :-)
I've always been a fan of thin imaging over thick. That way any
changes/updates that need to be made do not require the re-creation of the
entire image, just the application/OS in question. I use more of a hybrid
approach, baking in some default apps like Firefox and Chrome (I know this
goes against the thin imaging motto), but it keeps me from having to do a
bunch of post imaging installs.
In regards to leaving the OS on the machine that comes from Apple leaves me
with one question: how do you get past the intial setup assistant screens
on these machines? Perhaps I'm being naive or ignorant about this, but
there isn't a way to get past having to enter that information on a machine
that comes from Apple, is there? That would be the one hangup I have to
this method.
As for the new hardware not coming with restore media, I know the idea was
floated on this list that this hardware will use the 10.7 installer as it is
now and not require hardware specific media. That's not to say that a new
MP or MBP or any other new hardware from this point on will not have restore
media. Just that the two in question, the MBA and MacMini, do not require
restore media because the hardware specific drivers (for lack of a better
term) are already baked into the retail version of Lion that is out there.
Just my hunch. And if that is the case, then a Lion imaging workflow for
these machines can be put in place today using the tried and true thick,
thin, or hybrid solutions.
And as far as imaging with Casper goes, I always compile my images, which
means I have to use InstaDMG or Composer to create the OS DMG instead of
using the ability to drop a DVD DMG into Casper Admin. Using a compiled
image means I can image a machine, with base apps, in about 5 minutes. From
start to finish I can re-image a machine and install CS4 DP with all updates
(chained policies) in about 60 minutes. It just depends on how long CS4
wants to take to install.
Steve Wood
Director of IT
swood at integer.com
The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475
Posted on 08-02-2011 11:55 AM
The term "thin imaging" is new to me. I've always referred to it as either modular or monolithic when having discussions with others. Now that I know there is an industry term, I'll use that. :-)
On 8/2/11 12:13 PM, "Steve Wood" <swood at integer.com<mailto:swood at integer.com>> wrote:
I had an idea about what things meant but apparently not the whole idea. Those definitions on Microsoft's site make sense and I think I'll use them too.
In regards to leaving the OS on the machine that comes from Apple leaves me with one question: how do you get past the intial setup assistant screens on these machines? Perhaps I'm being naive or ignorant about this, but there isn't a way to get past having to enter that information on a machine that comes from Apple, is there? That would be the one hangup I have to this method.
I still NetBoot. The only difference is that I 1) don't erase the hard drive and 2) don't install a base OS. I would still, however, apply the current combo update and any additional updates. Casper takes care of the first run stuff.
And as far as imaging with Casper goes, I always compile my images, which means I have to use InstaDMG or Composer to create the OS DMG instead of using the ability to drop a DVD DMG into Casper Admin. Using a compiled image means I can image a machine, with base apps, in about 5 minutes. From start to finish I can re-image a machine and install CS4 DP with all updates (chained policies) in about 60 minutes. It just depends on how long CS4 wants to take to install.
Imaging methodology definitely depends on the need for speed when imaging. I don't deploy thousands of similar images in a short time span. Instead, I deploy fewer Macs with many configurations. I have the luxury of time at the end.
--
William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492
Posted on 02-05-2014 09:06 AM
@stevewood Hi Steve,
you or anyone here knows of a recomended method of stripping the OS to the bare minimum needed? I would like to remove applications like app store, calendar, languages, etc from a netboot image to reduce my boot times, and space on server. Any recommendations on what how I can go about removing these files safely from system? there used to be a custom install but in 10.9 I do not see it. Thanks for your help
Posted on 02-05-2014 09:19 AM
RobertHammen:
You said "Been doing this for a couple of years now. I have a custom QuickAdd pkg on a web server (download link in the 3-page setup document) which prompts the end user for info (name, email address, phone, work location). This data is added to the
On Aug 2, 2011, at 10:18 AM, GolbigA at mskcc.org wrote:"
How do you go about getting a QuickAdd which prompts users to enter information which is then wrapped up in the QuickAdd and populated into the JSS? I have been trying to figure out how to accomplish this due to lack of certain types of information (building, department) in our Active Directory. Any help is much appreciated.
Posted on 02-05-2014 09:29 AM
@wmateo if you poke through the thread listed below, you'll see a post I made that spells out each step I take to create my NetBoot image. Part of that process is going through and deleting (manually) each app that I do not want on the final NBI:
https://jamfnation.jamfsoftware.com/discussion.html?id=9306#respond
There's also good information in the following links on how to slim down the image:
https://jamfnation.jamfsoftware.com/discussion.html?id=7091
https://jamfnation.jamfsoftware.com/discussion.html?id=847
If you have already created the NBI, you could set the DMG file in the NBI folder to read/write, mount the image, delete the files you want to delete, then set back to read only.
Hope that helps.
Posted on 02-05-2014 09:34 AM
@stevewood Thanks Steve, will read through it.
Posted on 06-02-2015 09:00 AM
Thanks for all of your posts on this. It's been very helpful. I'm very interested in this workflow. I think the only thing that is holding me back is enabling Remote Management under Sharing for my admin user for that image I grabbed from AutoDMG.
I don't know of any way to enable that other than to image a machine, enable it, and suck that image back up using Disk Utility. It's not that many steps, but I REALLY like the simple workflow. Are there any scripts/configs I can use that will enable Remote Management?
Thanks!
Posted on 06-02-2015 09:07 AM
@cohawkeye you can enable Remote Management with the kickstart command:
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users <adminuser> -privs -all -restart -agent -menu
So perhaps a policy set to "On Enrollment" that simply pushes that command via the "Execute Command" on the "Files and Processes" tab of a policy.
Posted on 06-02-2015 09:35 AM
You can also use the Apple Remote Desktop Admin app to help you generate your kickstart command. I have a post on how to do that available from here:
Posted on 06-02-2015 11:15 AM
Thanks!