Jamf Nation Community

I handle it much like jpdyson does, though a shout out to rich here...he gave me some helpful hints a year ago on the subject.

Basically, I login to the machine as admin, change ownership of the user's home folder, back up the home folder to my data share, reimage (or replace) the Mac), copy the new user template down for that user manually, add non-system files from the backup to the (basically everything but the Library folder in my case). Then I add only required stuff to the Library folder from the backup. Usually this is browser bookmarks, mail settings, sometimes keychains or specific program prefs only.

Sounds manual and tedious, but considering that our users are required to backup data over the summer, this whole backup restore of user data (not including the reimage itself) doesn't take very long unless the user has a ton of music or a large iPhoto library.

We lease equipment here, so every 30 to 36 months people get a new machine. I will generally prep the new machine, and when it is ready to give to the user I will transfer their current home folder over to the new machine. I do this over the network using rsync. I will generally run rsync to get the data over while the user is still working on their existing machine.

With 10.7 and up I've discovered ACLs on the /Users folder make it necessary to rsync to the /Users/Shared folder. So I will issue this from the existing machine (ssh'd into it):

rsync -av <userfolder> <adminuser>@1.2.3.4:/Users/Shared

I use the same command again when they are off their machine. I then ssh into the new machine, move the home folder into the /Users folder, change owner to their network user and voilá.

If it is a re-image, I use an external USB drive, rsync off, re-image, rsync back on and test.

We setup all our MACs with a second DATA partition, create a sym link on the Users folder to the DATA partition, then when the Mac HD is reimaged the DATA partation is not touch thus keeping all the users folders there and when they log back on again it all matches up again.

When distributing loaner units to our users we constantly transfer user home directories in the method described by blackholemac. It's not really that tedious but it does require the IT person to have a brain in between their ears. Sometimes this works great and other times it does not. I've been playing with the notion of writing a script to do this out of Self-Service for our remote techs but I haven't gotten around to it.

With that said, remember that you can image a unit without nuking the user home folder or other installed apps. Assuming that your base images and scripts don't do anything destructive, simply avoid clicking the "Erase the boot drive" option in casper imaging. This is the whole "thin" imaging approach in a nutshell. Not that it's without risks but I know a lot of organizations who image in this manner by design.

On our newer machines, we have a separate data partition so that re-imaging never touches the user data. On our older machines, we use Carbon Copy Cloner to backup user data and restore it after imaging or put it on a new machine. It's fast, easy, and works every time. It's not free anymore, but it's not very expensive. It was well worth the money.

We don't use user-data partitions, to avoid issues going forward. I wonder if it would be feasible to create a temporary partition, move local account home directories to it, reimage the boot drive, move the data over to the newly imaged boot partition, and delete the temporary partition. Since these are domain accounts, UID shouldn't change, so shouldn't be a need to futz with ownership/permissions.

(er, space permitting of course...those danged multimedia/graphics folks are data pack rats. LOL)

Don

Rusty Myers at Penn State wrote these scripts for backing up user home folders using DeployStudio:

https://github.com/rustymyers/BackupRestore

I don't know how they would work with Casper, but the scripts may be adaptable.

Chris_Hafner is right about that...it does require the tech have a brain in their head. Right now I am the only tech working on Macs here. While I won't lie and say my brain is 100% functional all the time, I've kind of institutionalized the Terminal commands I use and could probably teach someone...they just have to know to change them to reflect the user account being backed up and change them to reflect the data backup drive being used. I'm certain it could be scripted if I wanted to think about it more, but reading Rich's post, I recall he gave me the advice to use Rusty's scripts. They worked well, but seemed like overkill for just me doing my job and I wanted a bit more control of that user Library folder as some of that stuff is just cruft...especially when upgrading OS versions. I advise folks to look at them though for larger institutional situations.

Finally, a shout out to Don...yes...our art and media design folks her are my biggest data packrats. They are why I don't have home folder syncing setup with AD. One movie of theirs may end up filling their entire AD home folder quota!! I've tried selecting what does and doesn't get backed up, but then they put large crap in what their AD home folder anyway. Any ideas for a student lab such as this in terms of our multimedia folks?

I have been using the user-data partition method for some time now and have found it to work really well. It saves loads of time in backing up users folders and should you wish to create the users account from scratch you can still do that without much effort.

@donmontalvo, you say you don't do this to avoid issues going forward, may i ask what it is that you are weary of?

@richma asked:

@donmontalvo, you say you don't do this to avoid issues going forward, may i ask what it is that you are weary of?

More a concern about support than implementation. ;)

Chris, your solution intrigues me - not erasing the current machine when you apply the new image. One little tweak I might apply is to manually erase everything but /Users on the drive to be imaged, just to make sure /Library and /System get a clean slate. One could consider the same approach for /Applications to spare some re-installs...

Good ideas from others as well. I don't know if we'll implement the /Data partition full-time, but could I create a workflow that creates a separate partition out of the /Users folder just for imaging? Maybe...

I have a script that takes $4 from the command line as a user profile to back up and creates a compressed DMG on our server. Credentials to mount the share are handled by a system keychain entry so no credentials are passed in the script.

The other option to consider is segregating the Users folder off to it's own partition. That would leave the Mac HD boot partition free and still functional if your users fill their folders.

Not sure if it's scriptable, but FWIW...

http://support.apple.com/kb/HT4889

Using migration assistant (possibly with a laptop and some firewire inbetween) to take user profiles from machines and deploy them elsewere is suprisingly good. Sure it cant be too much more of a stretch to have a tool that scoops up all of those on a given machine to an external location and drops them back after a re-image.

In DeployStudio environments I found those backup/restore scripts invaluable.

+1 to a more scripted/automated option for Casper environments.

In environments where "techspertise" varies, I've defaulted to a process centered around Migration Assistant. While MA is traditionally used in a direct 1:1 old -> new Mac setup, it can also be used to create an additional backup so you can securely wipe / repurpose old Macs versus waiting around for sign-off from users.

To do this we've simply booted the old Mac from our external HD, sucked the data off using the external as the TO Mac. Then booted up the new Mac with external HD attached and sucked it off as the FROM Mac during the new Macs's initial setup assistant.

On return from the field, techs simply use Accounts pane and delete the user off the external HD, select the option to save as a disk image, the upload that DMG to the server for X day saved data window.

Bit more tedious than the automated/network/rsync approaches, but effective when your pipes are variable and you've got students or interns requiring an easy point-and-click backup/restore process.

Anyone ever used Time Machine in any capacity (not that I am endorsing, just curious).

FYI, I created a process that boots a user's Mac into the Casper Imaging netboot environment, pulls an image, and then reboots them back into their OS. We can then mount the disk image and pull data from it using Migration Assistant. More info here:

https://jamfnation.jamfsoftware.com/discussion.html?id=3926

@Hobbs155
@mbuckner
@richmac

Do you make a symbolic link for the Users folder or just for the individual account home folders. Thanks, just the advice we needed!

@richma asked: @donmontalvo, you say you don't do this to avoid issues going forward, may i ask what it is that you are weary of? More a concern about support than implementation. ;)

I'm thinking FileVault 2 (yes, it can be done, but as Don mentioned, not in a "supported" way)

I have done this for a few clients with a mix of both deploy studio and casper imaging.

The Premise i used was the user/data partition. But only use it during imaging.

We created a preflight script check for size of the start up disk, then measure the size of the users folder. If there is enough space, we continue on a partition the start up disk with a data drive. we then move the users folder to the new partition. If there is not enough space it will bail and restart to normal startup disk.

Then wipe and re-image.

Then put the users folder back and remove the data partition, and expand the start up disk as a post-flight script.

@gbenson
I move the entire /Users folder to another partition and create a symlink at the root of the boot partition called /Users.

ln -s /Volumes/*partition name*/Users /Users

@Chris
I have not had the chance to test with FV2 but so far i have not come across any issues.

I used an fstab entry for /Users in our former setup
since we had some issues using a symlink.
I don't recall exactly what it was about as this was some years ago,
but some packages failed to install with an error like "xyz is not a directory".

In our setup we would have needed something like this
https://github.com/jridgewell/unlock
when encrypting the additional /Users partition.

I was running into the same problem. We need to get everyone bound, so 300+ machines taking 2+ hours is not ideal. Here is what I did:

1. Image the computer without Erasing the HD
2. Enable root and delete the old user
3. Login with a network account
4. Chown the old user account to the new account

This worked really well for me because we needed a new configuration, but, the fact that Casper Imaging is smart enough to keep the /Users folder is pretty cool. I was also considering using a networked backup solution using ssh and rsync, but that will take time as well. Only downside to my plan, is that there is never a backup so kind of a gamble - but I've been ok so far.

I made this simple script in AppleScript that I use to backup user profiles. It works really well. I haven't figured out how to add a barber pole while its backing up or restoring, so there won't be any indicators, but other than that it works great.

property theTitle : "User Migration Tool for Mac v0.01"

set theDialogResults to display dialog "Do you want to BACKUP or RESTORE a user's profile?" with title theTitle buttons {"Backup", "Restore", "Cancel"}
if button returned of theDialogResults is "Backup" then
    backup()
else
    restore()
end if

on backup()
    --  get the path to the user folder to backup 
    set theSource to choose folder with prompt "Select a user folder to backup to a disk image." default location path to users folder

    --  get file name and path where image will be saved
    set theFile to choose file name with prompt "Select the name and location where you want to save the image file." default name "MyBackup.dmg" default location path to desktop

    --  warning
    display dialog "Be patient. The backup may take considerable time. You will be notified upon completion." with title theTitle buttons {"Ok"} default button "Ok" giving up after 5 with icon caution

    --  make disk image
    set theResult to do shell script ("/usr/bin/hdiutil create -fs HFS+ -srcFolder " & POSIX path of theSource & " " & POSIX path of theFile) with administrator privileges
    log theResult

    if theResult contains "created:" then
        display dialog "The backup is complete." with title theTitle buttons {"Ok"} default button "Ok" giving up after 5
        say "Backup is complete"
    end if
end backup

on restore()
    --  get disk image to mount
    set theFile to choose file of type "devi" with prompt "Select a disk image file that contains a copy of a user's profile to restore." default location path to desktop

    --  mount disk image 
    set theMountPath to do shell script ("/usr/bin/hdiutil mount " & POSIX path of theFile & "| grep '/Volumes' | awk '{ print $3 }'")
    log theMountPath

    --  get folder where user's profile will be copied
    set theDestination to choose folder with prompt "Select the user's home folder where the profile will be retored." default location path to users folder

    --  warning
    display dialog "Be patient. The restore may take considerable time. You will be notified upon completion." with title theTitle buttons {"Ok"} default button "Ok" giving up after 5 with icon caution

    --  copy data to user's folder
    set theResult to do shell script ("/usr/bin/ditto " & theMountPath & " " & POSIX path of theDestination) with administrator privileges
    log theResult

    --  unmount disk image
    do shell script ("/usr/bin/hdiutil eject " & theMountPath)

    if theResult is "" then
        display dialog "The restore is complete." with title theTitle buttons {"Ok"} default button "Ok" giving up after 5
        say "Restore is complete"
    end if
end restore