Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. If you like what you see, join us in person at the ninth annual Jamf Nation User Conference (JNUC) this October for three days of learning, laughter and IT love.

Booting a macOS 10.11 or Later Computer to a NetBoot Image Using a Policy or Casper Remote

Overview

Apple's System Integrity Protection feature, introduced in macOS 10.11, requires that you add a trusted NetBoot server to a computer before you can use a policy or Casper Remote to boot that computer to a NetBoot image. If you attempt to boot to a NetBoot image on a macOS 10.11 computer that does not trust the NetBoot server, you will receive the "Could not set boot device property/Can't set EFI" error message and the boot will not be successful. You only need to add a trusted NetBoot Server once per computer.

Note: Whitelisted IP addresses for NetBoot servers are stored in non-volatile random-access memory (NVRAM), and therefore are removed when a NVRAM/PRAM reset is performed. After resetting your computer's NVRAM, you must re-add a trusted NetBoot server if you want to boot to a NetBoot image via a policy or Casper Remote.

Procedure

For detailed instructions on how to add a trusted NetBoot server, see Apple's Prepare for NetBoot, NetInstall, and NetRestore requirements in OS X El Capitan Knowledge Base article.

After you have successfully added a trusted NetBoot server to the target computer, you can boot that computer to a NetBoot image using a policy or Casper Remote. For detailed instructions on how to boot to a NetBoot image, see the "Booting Computers to NetBoot Images" section of the Casper Suite Administrator's Guide.

Like Comment