Posted on 02-06-2015 07:47 AM
Hey JAMFNation!
We are in our pilot phase for casper and I am wondering what method do you use to set up new macs out of the box? We are enrolled in DEP but it is not working at the moment. MY initial thought is that I would like to use casper imaging with autocasperNBI and boot it off a USB drive. Then I would just have it rename and create the local admin account and then let policies do the rest after reboot. What do you think is the best method?
Posted on 02-06-2015 08:10 AM
We actually have a process we call "Out of Box" Imaging (or OOB). The technician boots the new Mac, creates our standard administrator account, installs Casper from the enroll page, and then runs a Self Service policy (scoped only to the technician groups in AD) which mirrors our bare-metal process and installs/runs our packages and scripts then reboots.
It's pretty quick and easy, and allows us to support new hardware if there is a forked image. We also clone and tweak it for special situations, like BYOD-type scenarios or integrating a new acquisition without wiping their Macs.
Posted on 02-06-2015 08:10 AM
High Level...
Unbox, boot, cruise through setup assistant, decline the offers, run a QuickAdd package to enroll with Casper.
Create a "new machine" policy, triggered by enrollment complete. Load it up with your desired software, settings, scripts or what have you.
Basic Configuration Profiles scoped to ALL for standard managed prefs.
Unless I'm erasing the drive and laying down an OS (imaging), I'm calling this Provisioning now.
Posted on 02-06-2015 08:40 AM
We use thin imaging. Boot new Mac from a USB stick, it boots into Casper Imaging, tell it to run our base image, and it does the rest. The imaging process enrolls it into Casper, puts our admin account on it, sets some security settings, and reboots it to finish the process.
Then when the end user logs into it the first time they get a welcome script, an introduction to Self Service, and some more policies are run in the background.
We would prefer to use netrestore for imaging but we have a very, very large network and by default netboot/netrestore does not work across vlans. That's a project for later this year, we're going to work with our network dept to try to allow netboot/restore across subnets so our depot doesn't have to rely on booting from USB sticks.
Posted on 02-06-2015 09:30 AM
Well you're doing well so far letting the tools do the work for you as much as you can. Everyone's workflow can be different since it depends on your situation
In my camp, we only use laptops so I'm getting DEP rolling this quarter. If you're not already signed up for DEP it may be hard to do it in time for your 30 day trial.
One more thing, you can also consider Self Service a tool for IT as much as for users. Self Service can open an IT section upon first boot to do any other things to the computer that you need.
Posted on 02-06-2015 12:41 PM
I set up Casper so any new machine with get all necessary Applications & Updates & Settings from Casper on restart. Actually, it's really, "Machine in Group A without App B will get App B on trigger X." Occasionally, I do open or create a fresh machine and simply enroll it in Casper and call it a day as it is now ready to deploy to end users. Most mac admins like the method, as it allows a greater level of flexibility. However, I find that out bandwidth gets saturated way too quickly with a few hundred devices and tend to use a monolithic master image 95% of the time.
I take one of the laptops with all the Apps deployed from Casper, unenroll it from Casper (this is key - if you don't sudo jamf removeFrameWork & confirm it's really unenrolled, your Configuration Profiles will be completely screwed up... Not that I learned this the hard way), set up a Deploy Studio Server with this image on an external SSD, and use the external SSD to deploy the image I just created via Firewire (I don't use Casper Imaging at all). Takes about 4-6 minutes per device and usually have 4 running a time. By the time I've typed in my computer's name and clicked next a few times on computer 1, computer 2 from the previous cycle's already finished and ready to move. Deploy Studio renames the device and deploys Quickadd.pkg, so I don't have to do anything to the device once it's finished.
Posted on 02-06-2015 11:52 PM
@RogerUL, I've blogged my workflow: https://macmule.com/2014/12/21/my-casper-imaging-workflow/
Oh & I hope AutoCasperNBI has worked as advertised!
Posted on 02-09-2015 11:43 AM
We set up however many "host" machines as we need, less than ten typically. These machines have Casper Imaging and a Casper Repository replicated to them. We launch Casper Imaging and put it into TMI mode. We unbox the new machines, put them into target disk mode and "thin" image them with our software, scripts, configurations all set to run on boot drive after imaging. After they are finished with TMI and "cooking" we verify settings and enrollment, box them back up and ship them to the work site they are allocated to.
Turn around for TMI is under two minutes, wait time while packages install is typically around the 15-20 minute range. Doing one or two this way isn't very advantageous, but we can crank through a couple thousand in a short week using TMI.
Posted on 02-19-2015 06:45 AM
We're heavily invested in high speed NetBoot imaging. On that end, I've been using AutoCasperNBI for day to day .nbi creation because it's super simple and works rather well in my opinion. For mass imaging I tend to manually create my .NBIs or use "Casper NetInstall Image Creator" in order to get a fast booting .nbi that runs in RAMDisk.
As for the actual imaging it depends heavily on "when" we're imaging. Under normal operations we lay down a modular image via Casper Imaging (I am a huge fan) to elaborate a "modular" image is one in which each .dmg, .pkg AS WELL AS AN OS is installed individually. Thin imaging leaves the existing OS and components. In our case I do provide slightly modified base OS images as well as a recovery partition as needed. This works well but can take between 15-30 min depending on configuration.
For high speed imaging we compile our configurations in order to provide high speed block copy of a given configuration. We also tend to use pre-stage imaging in these events as they automate imaging via Caper Imaging. This means that I can have 50 students in a room, start their computers holding 'n' and have them ALL finished imaging in under 7 min, all logged and inventoried in the JSS.
In your stated case, I would almost have to recommend pre-staged thin imaging given your situation but that's just me. Utilize NetBoot via AutoCasperNBI and Casper Imaging. This would leave the original OS and iLife/iWork apps (taking care of that potential headache) and simply install your additional software and configurations.
In the end, you'd receive computers brand new. Scan their serial numbers into the pre-stage. Plug them into your network, press the power button and hold 'n'. Wash, rinse and repeat.
Posted on 02-19-2015 09:27 AM
We image our devices via Target Disk mode over Thunderbolt. We also use mobile LDAP accounts so this may not be appropriate for your organization. You can use this for both lab and 1:1.
1) Use AutoDMG to create a non-booted image from the latest OS X installer with all updates applied. Make sure to include iLife.
2) In Casper Admin create the following configuration:
- Set a management account in Casper Admin.
- Apply scripts to set location and time services (see JAMF scripts for help). LDAP bind will not happen without these.
- Apply a WiFi setting (profile as package).
- Bind to LDAP (Open Directory in our case).
3) Set up any profiles or policies necessary based on a user or computer smart groups (don't forget to make user accounts mobile). This would include the installation of our Mobile Filter and User Agent.
At first boot, students log in with LDAP credentials (given to them at the beginning of the year). Students walk out with their new machine. No manual enrollments, no mess, no worries.