Jamf Nation Community

We are a private 1 to 1 school with 500 student laptops and another 200 for teachers and labs for the little ones.

We lease our equipment on a 3 year lease so every 3 years we collect all of the computers and deploy new ones.

We use Casper imaging to setup the new laptops (boot from a USB drive that also contains the Casper image), which allows us to image each laptop in less than 5 minutes. We hire a bunch of our "AppleCore" kids to help with the grunt work.

We do not use DEP as we can make our work flow go much faster locally. Last year we had our first transition from old laptops to new and we had them bring us their Time Machine backup drives and migrated their home folder to the new laptop. The new kids got a laptop with a new account.

We name laptops with the user name and the year it is deployed (John Smith 16). The lab machines are called Library Lab 01 15, Library Lab 02 15, etc.

The tech department uses ARD, but we have a program called LanSchool that we use for the teachers to monitor their classes.

I am glad to answer any other questions!

I am going to pull @Chris_Hafner into this as he successfully manages Apple stuff for a private academy and may have tackled some of what you might have run into working in the world of private schools.

@ttyler1999 So you manually naming and assigning them? Also, LanSchool question; We own it but stopped using it because of its terrible time with Subnets. Are you using it in a complex network with subnets, if so, I would like to ask you further questions outside of this via email if possible.

I have read some places in which they have ARD connected into a directory system to pull down the groups. Anyone work with that?

My overall goal is to get a deployment down to very little hands on. We own the devices and give them to the students once they are graduated. So their device is theirs to keep which lessens our paperwork and backend workload (plus a good marketing idea).

@mccaskill Yes, we manually name the laptops when we image them. It sound like you want something more automated so DEP will work for you.

Our LanSchool network is not heavily segmented so I don't think I can help there either...

I'm going to toot my own horn here - I just presented at the JNUC on 1-to-1 deployment https://www.jamf.com/resources/you-too-can-support-a-500-device-1-to-1-program-by-yourself/

We put an asset tag on the computer that has on the label something like BA123 and name the computer at imaging SBA1234 (S prefix for student laptops). We've thought about DEP but we've come to the conclusion that we'd lose that ability to specifically name a computer to the sticker. There's no way to automate that. Though we've thought about having students just put the sticker on the laptop themselves when we hand it to them but I know it wouldn't end up on the machine or on the machine in the right place. We like to load up the laptops with some software like printer drivers, that might be more painful with DEP.

We have 70 iPads in our lower school. For our iPads we do use DEP as much as possible since we don't put an asset tag on those like we do the laptops. The iPads stay in the classroom vs the laptops that travel all over the school and home, which is why there's no need for the tag on them.

For assignment of laptops, there's a script that runs at first login that assigns the computer to that student. So that's how we assign it within Casper. As for distribution, we just have certain days students can come pick up their laptop and we hand them just one off the pile.

Our teachers use DyKnow for monitoring students on the Mac. We sometimes use ARD though to remote support faculty/staff. But none of our faculty use it.

Sorry for the late response, we've been busy! Every institution is different and I'll give the standard disclaimer that what works for us may not work for you. Brewster Academy is a private, international, college-prep boarding school in the middle of NH (Wolfeboro). We have ~365 students and >200 employees (Fac, Staff, Admin, etc). We are a 23-year 1:1 Apple laptop school that's been BYOD for about 6 of those, with a requirement for recent macOS compatible computers. We have minimum recommendations but try to be as flexible as possible, while keeping a realistically manageable and capable fleet.

To answer some of your questions directly:

What process do you go through to assign a device to a student?
Students admitted to Brewster are to submit a valid serial number for an Apple Notebook following our minimum requirements, over the summer. They submit said serial number into our student/parent portal. This is then verified and accepted by our IT department after checking the unit's GSX record. That verified serial number is then placed into the scope of a pre-state imaging policy. On the first day of student orientation in the fall, our student teams (50-100 each) rotate through a room we've set up for mass imaging. During this 1 hour period, students check in, place their approved notebook on an imaging bench, and with the assistance of IT staff, NetBoot their computer. Assuming that all checks out the machine is wiped and imaged to a configuration that is compiled the previous week to increase the speed-of-deployment. The laptops are given simple naming conventions (BA-Student-SerialNumber) as part of the pre-stage, which are then updated in the JSS to reflect their real name. I've been looking into using the MUT for this but haven't really sat down and evaluated it. Regardless, since we have the student associated with their submitted serial number in our own SIS, we can manage that however we want. I should mention that we do have a small fleet of laptops for Financial Aid allotments as well as a separate loaner pool for users whos' machines need to be repaired (Software or Hardware). The use of laptops here is so deeply embedded that students MUST have a functional machine for ANY class, at any time. Oh, there are also about 6 laptops specially prepped for SAT/ACT/AP accommodation testing as that isn't compatible with our other secured testing environments (we have developed a few). Assigned financial aid laptops are named in the same manner as the rest of the student's as we do not want any student under financial aid to feel separated from their peers.

Are you using DEP?
Yes for units purchased by the academy for Faculty, Staff, Admins, etc. Not for student BYOD units. Thin imaging is just fine for brand new computers but we'll be imaging student BYOD units until there's a better method available. Speed/reliability is the key for a successful start of the school year.

What is your naming scheme?
BA-Department-Name (i.e. BA for Brewster Academy, Department such as "faculty", "Athletics", "Student", "Student-Loaner", ect. and finally, the name of the person assigned to the unit.

Are you using ARD and do your faculty also use ARD?
I.T. uses ARD from time to time. We prefer Casper Remote at the Help Desk. We also have LANSchool installed in two graphics labs, but have piloted and rejected its use in the classroom. This decision is NOT purely technical. While LANSchool certainly suffers in a large environment (I have NOT evaluated their management server) we REALLY do not want our teachers sitting behind their desks attempting to micromanage students from afar. We want them "working the room" so to speak, and making sure to manage student engagement and interactions personally.

I could write endlessly on this topic and so I will stop myself here. That said, I'm happy to jump in on any topic you may be exploring.

@Chris_Hafner Awesome information, thank you! Your deployment process is quite interesting. As for the naming convention, is this information manually entered when the student is in front of the tech or is it pulling information some place to set the name?

As for your ARD points, we just had a conversation about having our faculty be more active in their class. The assistant principal is now working with faculty to utilize this idea. We had issues with students getting off task with their macbooks and complaints were made. Overall we all came to a conclusion it's a classroom management issue even though it was getting painted as a tech issue.

@mccaskill Classroom management is hard! I'm glad that your administration sees the need to engage the students and is working with the faculty directly on that. It's an important part of a successful edu culture!

As for the naming convention: The first stage is supplied by the JSS as part of a pre-stage enrollment. It's important to note that we've got the serial numbers that the students have submitted in an internal database (inventory). The Pre-Stage simply names the computers with a prefix of "BA-Student" and then appends the units serial number during imaging. All students will be named "BA-Student-SERIALNUMBER". Obviously, that's only so useful but it IS unique.

From here you can either manually change the student names in the JSS, which will trickle down to the units at the next inventory, assuming that you have your inventory policy set to do that. OR, you can use a tool like MUT (http://jssmut.weebly.com/) to rename computers based on whatever you can get into a CSV. For us, that's just a .csv dump out of our inventory database.