Jamf Nation Community

APFS=RIP imaging?:

http://www.addigy.com/apple-wwdc-completely-changes-managing-macs-apfs-prepared/

@bentoms Now you are just showing off man...I am very eager to see what you have to say in this regard in more detail! Specifically what you have to say because my existing imaging workflow is useless without your product specifically.

P.S. yes, this post was meant to egg you on explicitly because somehow I want to see what you have come up with but I know to some degree you can't show off because of NDA issues.

heh.. yep NDA.. also.. who knows what will happen come 10.13 release?

well...I'll put it to you this way...I am also an Apple Developer so if you wish to point me to login-walled links I'm all for it. Also if you specifically were to "wax philosophic" on the death of imaging perhaps in a post and include some waxing on the greatness of Mac-based DEP, I'm certain I could read into that how I needed to. I already am near fully DEP on the iOS side, but we never did image there.

I am already trying to get us migrated to a full DEP workflow on Macs as well. We had some pesky licensing issues with some of our Mac software that made such a migration ugly. We have since resolved that mostly, but due to summer scheduling, a migration to the new workflow isn't happening this summer. My target for full migration is June-July of 2018. I guess at that point imaging will die to us, but again that's where I like hearing from you and other creators of our imaging workflow where possible. I pride myself on keeping on open mind on such weighty matters.

@blackholemac See this

With that working, AutoCasperNBi just worked...

After some further research...it appears that imaging lives....just perhaps in an updated form.... :)

Sorry was posting on the wrong discussion.

And JAMF even admitted in yesterday's webinar "Why DEP is Replacing Imaging (and Why it's a Good Thing)". Not sure if it's posted on the site yet. The three methods they mention are: DEP, Recovery and Total Nuke and Pave.

While I am still in the process of packaging this new DMG using AutoDMG, I am super excited that I found and bookmarked this post a while back. Kudos to everyone!

UPDATE: It worked, naturally. It's also worth noting that it's imperative to include the newly created DMG with the 16F2073 build in Casper Admin as the DMG used during imaging if you're wiping the macOS device first.

@sepiemoini keep in mind that if you erase the drive on a 2017 MacBook and image with that build then the recovery partition won't be compatible (boots to prohibit when trying to access the Recovery Partition)

@mapurcel have you found a way to get a compatible recovery partition installed with the 2073 build or included with the autoDMG image?
It's interesting that FileVault works even though booting to recovery does not . . .I wonder if that means the only problem is that the board ID for the 2017 MBP's is not included since the 2073 build comes from the 2017 iMac update.
I'm doing an internet recovery on a 2017 13" right now, then going to try to build a recovery partition installer from the installESD that comes down- if that works, then that can be deployed to any 2017 MBPs that get imaged before 10.12.6 comes out and unifies everything again.

@nkalister I did not, we moved to thin imaging, leaving the OS untouched out of the box, until 10.12.6 comes out, good luck

double post!

1. use internet recovery on a 13" or 15" 2017 MBP. Grab the installESD.
2. Download the current Sierra installer from the App Store. Replace the InstallESD.dmg inside with the one from your IR download.
3. Run Mager Valp's create recovery partition installer with the frankenstein'd Sierra app.

That produces a package that can be included in imaging or deployed and will install a recovery HD that will boot all models including the 2017 MBP's.

///

@grepoli that will result in a build with a recovery HD that will not boot the 2017 MBP's like @mapurcel said above. It'll boot to the OS and enable FileVault, but attempting to boot to recovery gives the prohibit sign.

What I had to do was:

• Use Disk Utility to Capture a 10.12.5 image from the never been booted 2017 MacBook Pro (no recovery partition)

• Use AutoCasperNBI to create a bootable USB stick image

• Boot to the USB

• Copy System Image Utility from a 10.12.5 machine to the USB

• Run System Image utility to create a NetRestore Image of the never-been booted Macintosh HD of the 2017 MacBook Pro (16F2073 image that includes the recovery partition) so that any other machines that are imaged can also be encrypted.

• Then take that image and create Netboot and AutoDMG images.

@sepiemoini How were you able to get build 16F2073. I did this and still got the same build 16F73 and it doesn't work with MBP 2017. Any guess?

[link text](link URL)
@sepiemoini How were you able to get build 16F2073. I did this and still got the same build 16F73 and it doesn't work with MBP 2017. Any guess?

@jeandelgadoc I grabbed the 10.12.5 from here and completed the above steps using AutoDMG. The result of that DMG was a 10.12.5 DMG with the 16F2073 build. Only difference is that I did not opt for the "apply updates" section in AutoDMG but I can't imagine that having an impact on the DMG itself.

@sepiemoini This worked I was able to get 16F2073 build, THANKS! The problem now is that 10.11.4 didn't work on MBP 2017 from Casper Admin. I was able to install that configuration to old MBPs but not new ones. I have the Prohibited Symbol. Any tips on how to install macOS Sierra on Casper Admin?

@jeandelgadoc @sepiemoini If you started with the 16F73 installer, your 2017 MBP's will not boot into the recovery partition with that autoDMG procedure. The recovery HD is not updated and will still be 16F73.

So we just got one new 2017 iMac. What are the best steps to take to grab a working image so I can deploy to the rest of my iMacs when they arrive?

Thanks,
R.

@rqomsiya I had to deal with my first 2017 iMac yesterday...

1. Boot the iMac to Internet Recovery.
2. Connect an external drive (HFS+ formatted).
3. Choose the Reinstall macOS option.
4. After the license agreement, select the external drive as the install destination.
5. When the first stage of installation completes (before the Mac restarts), switch the Mac off and disconnect your external drive.
6. On the external drive, there's a folder - macOS Install Data - and inside that is a file, InstallESD.dmg - drag InstallESD.dmg onto AutoDMG like you would with the macOS installer application.
7. Profit with your pristine never-booted image - feed it to AutoCasperNBI to get your NetBoot set and use it as a base to image new Macs.

N.B. 16F2073 boots on older Macs too, not just the 2017 iMacs - BUT Apple do tell you not to use forked builds with Macs other than those they're created for. 10.12.6 will be with us soon and this mess will hopefully be over. :-)

@sepiemoini Nice work! Your method worked for me.

We dont use Casper imaging here. We use DEP. But instead of using internet recovery to get a laptop back to the stock image, we use deploy studio. Casper imaging enrolls the device which we dont want. DEP will handle enrollment.
Deploy studio images it back to the out of the box condition.

Adding the 16F73 sierra + macosupd10.12.5 to autoDMG worked perfectly. --- Note: AutoDMG does not rename it... if you add it back to autodmg, you will see the correct build after its created.

I used DeployStudio assistant on the 2017 macbook to create the updated Netboot image.

@ant89 Woo-hoo! Glad that it worked for you. Now for a 10.12.6 update :)

10.12.6 came out today.
Also, @ant89 , your build's recovery partition will not boot 2017 MBP's. Don't use it.

I am now using an AutoDMG build of 10.12.6 for my NetBoot and OS Image. NetBoots the 2017 MacBook Pros' just fine. However after imaging and booting into the adobeinstall user for post-imaging tasks, it is not recognizing the ethernet interface. Hence, no enrollment and it skips all my triggers, dummy receipts, etc. I have tried it with the Belkin USB-C adapter as well as the Thunderbolt 2 to 3 plugged into an ethernet adapter.

I am on 9.98 FYI. Anyone else having this issue?

Believe we are seeing the same issue here . ASR image of 10.12.6 gets applied, quickadd should install at reboot. Instead the system comes up to the login window and the quickadd doesn't seem to apply as there is no SSH access and the cooresponding policy doesn't kick off.

Believe we are seeing the same issue here . ASR image of 10.12.6 gets applied, quickadd should install at reboot. Instead the system comes up to the login window and the quickadd doesn't seem to apply as there is no SSH access and the corresponding policy doesn't kick off.

Im also seeing this using the 10.12.6 OS on my new Macbook Pro's and iMac.

Got this to work in our environment by specifying paths more fully in our imaging script. Noticed that the quickadd installation needed the full path to internal HDD.

No luck here. NetSUS 4.1.0, macOS 10.12.6 in both the AutoCasperNBI and the AutoDMG-created OS package. All created fresh, recreated, and recreated again, multiple times.
Pick the NetBoot image from the Startup Manager (Option key), it thinks for a while, then gives up and boots back to the internal drive. No crossed-out circle, no spinny globe, no (visible) kernel panic.
Works on other Macs -- except the Touch Bar MBPs.
However, it does work if I attach a "USB-C to USB-A"+"USB-A to Ethernet" piggybacked adapter. Not only can it be NetBooted, but fully imaged and 100% setup successfully. But obviously, that's completely infeasible across 350 lab Macs that we want to zero-touch refresh.

Just circling back to this.. should have a 10.13 AutoCasperNBI release our in the next couple of days... but with some outstanding issues:

1. NetBooting take 8-9 mins to complete
2. Auto-login fails the majority of the time.

1) is an Apple thing & not much I can change.

2) seems worse in GM than B9.. to see if I can fix, but again a bug open with Apple.