- Jamf Nation Community
- Products
- Jamf Pro
- Ditching the Monolithic Image - Need help getting ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Ditching the Monolithic Image - Need help getting there.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2014 08:42 AM
Hello All,
I am attempting to ditch my monolithic imaging ways and move to a procedure where we rename the machine, install Casper and the magic begins. Unfortunately I am struggling with how exactly to get there with my current set-up. I am hoping people can give me some insight into how I can take my current workflow and script it.
- How I currently set-up my Monolithic Image a. Install latest and greatest OS with all patches on fairly current hardware b. Create default "admin" account. c. Turn off Wifi, Mute Volume, Remove Time Machine from top bar. d. Edit Finder Prefs to show hard disks, edit sidebar to hide Back to my Mac, Bonjour. e. Copy com.apple.finder.plist and com.apple.sidebarlists.plist to User Templates f. Modify Energy Saver Settings g. Set Auto Login for Admin account h. Disable Software Updates (have a script that runs these) i. Modify dock default.plist and overwrite Dock.app default.plist file to remove everything from the dock. j. Add "admin" account for remote access in Sys Preferences so Casper Remote has rights to access
That is a summary of what I do. I believe it would be possible to use Composer to capture most of the System Preferences, and apply once per computer after the machine has Casper Installed. The other items have been problematic though when I attempt to have a script replace the various files with templates that I created to clear out the Dock, finder settings, etc. I am wondering if anyone else has tried to do these various things and how exactly it has worked out for them. I would like to get away from creating a Monolithic image if possible, and instead upload the latest 10.9.X installer and let it install to the system.
Any guidance on how I can get there would be appreciated.
Joe
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2014 11:07 AM
Totally do-able...
I'd suggest writing out on paper every individual configuration change you have to make on a new machine install, and then figure out if you can make those changes with MCX, Configuration Profiles, default writes, or some other effort and packaged. A lot of what you mention can be accommodated in one of those ways.
The more you can manage with MCX or profiles, the less work you have to do in the long run- it will just happen by way of the machine being enrolled and falling into scope.
CreateUserPkg and AutoDMG are useful for creating account packages and creating restorable base images from retail OS (need a solution for re-imaging). https://github.com/MagerValp/
You might want to also reconsider managing things that aren't actually necessary. Like the sidebar, or drive icons on the desktop. Is it mandatory for some reason, or do you just think it looks nicer? The less you have to manage......
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2014 12:46 PM
In my shop we take the approach that once the machine is in Casper, we can configure pretty much everything you discussed above.
Our workflow for imaging looks something like this:
If its a new Mac, we use the Apple loaded OS that comes with the box. we net boot and our "imaging" consists of a very minimal configuration.
If we have to reload it, we net boot and load the OS fresh as step 1 of 2 to get us back to a neutral state. But from there its the same as above.
You can create an admin account with a script (less safe since you would hard code the default password in the script), or use CreateUserPkg to create your Admin account.
Add your Quickadd to enroll in Casper
Create a first boot script to set up things like your network settings (@rtrouton][/url has a great first boot script that he has made available which you may find helpful)
The rest? That can be done with Profiles and Policies. Once the mac is enrolled, it will pick up these items from Casper and policies will run for the most part in the background.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-04-2014 07:13 AM
We recently did a webinar about Mac deployment workflows and talked about about bare-metal imaging, thin imaging, and no-imaging. Check out the recorded video and related Q&A transcript here:
http://www.jamfsoftware.com/resources/webinar/mac-deployment-and-imaging/
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-04-2014 07:51 AM
I'll read through @Tad's post above, but one thing that's eluded me thus far is the "out of the box" setup. Do you guys ask your techs to just make sure they create a certain account for this, or manage deleting non-standard accounts? Do you circumvent the OOB setup altogether (how)?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-04-2014 08:10 AM
You can create a configuration with just the applications, scripts etc. you need (no OS). Then use something like CreateUserPkg to put a standard user on there if needed, setting localization, time & zone, touching .AppleSetupDone can all be done in various ways. You could use a QuickAdd.pkg in the configuration that adds the management user for Casper.
We have done this for new machines for years. Changed for the new teacher machines this year just to take advantage of the speed offered by Thunderbolt.
- open box
- netboot
- image
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-04-2014 08:30 AM
We can't currently netboot, but I would assume this workflow should work just the same replacing step 2 with "boot to an imaging drive" (as that's basically what netboot is). I seem to recall issues with this in the past, but I'll pick it back up.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-04-2014 08:53 AM
Leveraging NetBoot with a thin configuration (no OS image), and just applying scripts and packages at first boot is great, but what I'd ultimately love to get to is what @JPDyson is asking about: Out of Box.
I sat in on a presentation the folks at Pixar did back at WWDC 2007 (or was it 2006) where they showed off their deployment system. I believe it was called "Metro". Basically, the machine would be scanned into their asset mgmt system, delivered to the end user, and the end user simply NetBooted the machine, entered their network credentials, and an hour later (or however long it took) their new machine had all of the software & settings they needed, and their home folder had been copied over from their last machine.
I'd love to get to something similar to that where:
- Machine is ordered from Apple
- Added to DEP
- Placed on user's desk
- User opens box and turns on machine
- 60 minutes later the machine is ready for end user
The part of that process I do not like, or perhaps do not know how to work around, is the need for the end user to run through Apple's Setup Assistant to put the first user on the machine. I guess I could put a generic user in, have a script that then removes that user and lays down the admin user upon "Enrollment Complete".
Anyway, for now, since I am a one man shop, I'll keep with the workflow that @rmanly mentioned above which has worked well for me for several years (pre-stage imaging workflow).
