Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Imaging and NetBooting of 2017 iMacs

Hello Everyone,

First off, I know many of us use different processes; DEP, thin imaging and many more. We had an issue with the new iMacs coming in requiring a different build and I wanted to share what we did.

We used the standard tools to get this working utilizing AutoDMG and AutoCasperNBI.

Using the tools mentioned above, we found there was an update at Apple for these new iMacs:
https://support.apple.com/en_US/downloads/macos

We then proceeded to run AutoDMG and adding the typical Sierra download as we always have done, the required build for these 2017 Macs, we couldn't find a way to download the needed Sierra build. We added this new update package mentioned above, to AutoDMG so it would add the package to the final AutoDMG build. This created a new OS.dmg that was the correct build for the new iMacs, build 16f2073.

We then used AutoCasperNBI to build the new NetBoot image, this worked just fine to build the correct OS and it NetBoots our new iMacs.

I thought I would share this process for those that need to NetBoot, image the new iMacs.

Like Comment
SOLVED Posted: 6/20/17 at 1:21 PM by bradtchapman

Cool.

The $64,000 question: can you replicate this process using High Sierra on the same computers? And will they have HFS+ or APFS?

Like
SOLVED Posted: 6/21/17 at 2:57 PM by SGill

APFS=RIP imaging?:

http://www.addigy.com/apple-wwdc-completely-changes-managing-macs-apfs-prepared/

Like
SOLVED Posted: 6/22/17 at 4:57 AM by bentoms

optional image ALT text

Like
SOLVED Posted: 6/22/17 at 5:48 AM by blackholemac

@bentoms Now you are just showing off man...I am very eager to see what you have to say in this regard in more detail! Specifically what you have to say because my existing imaging workflow is useless without your product specifically.

P.S. yes, this post was meant to egg you on explicitly because somehow I want to see what you have come up with but I know to some degree you can't show off because of NDA issues.

Like
SOLVED Posted: 6/22/17 at 6:08 AM by bentoms

heh.. yep NDA.. also.. who knows what will happen come 10.13 release?

Like
SOLVED Posted: 6/22/17 at 6:16 AM by blackholemac

well...I'll put it to you this way...I am also an Apple Developer so if you wish to point me to login-walled links I'm all for it. Also if you specifically were to "wax philosophic" on the death of imaging perhaps in a post and include some waxing on the greatness of Mac-based DEP, I'm certain I could read into that how I needed to. I already am near fully DEP on the iOS side, but we never did image there.

I am already trying to get us migrated to a full DEP workflow on Macs as well. We had some pesky licensing issues with some of our Mac software that made such a migration ugly. We have since resolved that mostly, but due to summer scheduling, a migration to the new workflow isn't happening this summer. My target for full migration is June-July of 2018. I guess at that point imaging will die to us, but again that's where I like hearing from you and other creators of our imaging workflow where possible. I pride myself on keeping on open mind on such weighty matters.

Like
SOLVED Posted: 6/22/17 at 7:05 AM by bentoms

@blackholemac See this

With that working, AutoCasperNBi just worked...

Like
SOLVED Posted: 6/22/17 at 5:15 PM by SGill

After some further research...it appears that imaging lives....just perhaps in an updated form.... :)

Like
SOLVED Posted: 6/22/17 at 10:25 PM by dvasquez

Sorry was posting on the wrong discussion.

Like
SOLVED Posted: 6/23/17 at 7:24 AM by Nix4Life

And JAMF even admitted in yesterday's webinar "Why DEP is Replacing Imaging (and Why it's a Good Thing)". Not sure if it's posted on the site yet. The three methods they mention are: DEP, Recovery and Total Nuke and Pave.

Like
SOLVED Posted: 6/29/17 at 4:23 PM by sepiemoini

While I am still in the process of packaging this new DMG using AutoDMG, I am super excited that I found and bookmarked this post a while back. Kudos to everyone!

Like
SOLVED Posted: 6/30/17 at 11:48 AM by sepiemoini

UPDATE: It worked, naturally. It's also worth noting that it's imperative to include the newly created DMG with the 16F2073 build in Casper Admin as the DMG used during imaging if you're wiping the macOS device first.



Like
SOLVED Posted: 6/30/17 at 3:11 PM by mapurcel

@sepiemoini keep in mind that if you erase the drive on a 2017 MacBook and image with that build then the recovery partition won't be compatible (boots to prohibit when trying to access the Recovery Partition)

Like
SOLVED Posted: 7/3/17 at 10:39 AM by nkalister

@mapurcel have you found a way to get a compatible recovery partition installed with the 2073 build or included with the autoDMG image?
It's interesting that FileVault works even though booting to recovery does not . . .I wonder if that means the only problem is that the board ID for the 2017 MBP's is not included since the 2073 build comes from the 2017 iMac update.
I'm doing an internet recovery on a 2017 13" right now, then going to try to build a recovery partition installer from the installESD that comes down- if that works, then that can be deployed to any 2017 MBPs that get imaged before 10.12.6 comes out and unifies everything again.

Like
SOLVED Posted: 7/3/17 at 11:13 AM by mapurcel

@nkalister I did not, we moved to thin imaging, leaving the OS untouched out of the box, until 10.12.6 comes out, good luck

Like
SOLVED Posted: 7/3/17 at 12:20 PM by nkalister

double post!

Like
SOLVED Posted: 7/3/17 at 12:22 PM by nkalister
  1. use internet recovery on a 13" or 15" 2017 MBP. Grab the installESD.
  2. Download the current Sierra installer from the App Store. Replace the InstallESD.dmg inside with the one from your IR download.
  3. Run Mager Valp's create recovery partition installer with the frankenstein'd Sierra app.

That produces a package that can be included in imaging or deployed and will install a recovery HD that will boot all models including the 2017 MBP's.

Like
SOLVED Posted: 7/3/17 at 6:23 PM by grepoli

///

Like
SOLVED Posted: 7/3/17 at 6:57 PM by nkalister

@grepoli that will result in a build with a recovery HD that will not boot the 2017 MBP's like @mapurcel said above. It'll boot to the OS and enable FileVault, but attempting to boot to recovery gives the prohibit sign.

Like
SOLVED Posted: 7/6/17 at 3:05 PM by antoinekinch

What I had to do was:

  • Use Disk Utility to Capture a 10.12.5 image from the never been booted 2017 MacBook Pro (no recovery partition)

  • Use AutoCasperNBI to create a bootable USB stick image

  • Boot to the USB

  • Copy System Image Utility from a 10.12.5 machine to the USB

  • Run System Image utility to create a NetRestore Image of the never-been booted Macintosh HD of the 2017 MacBook Pro (16F2073 image that includes the recovery partition) so that any other machines that are imaged can also be encrypted.

  • Then take that image and create Netboot and AutoDMG images.

Like
SOLVED Posted: 7/13/17 at 11:42 AM by jeandelgadoc

@sepiemoini How were you able to get build 16F2073. I did this and still got the same build 16F73 and it doesn't work with MBP 2017. Any guess?

Like
SOLVED Posted: 7/13/17 at 11:42 AM by jeandelgadoc

link text
@sepiemoini How were you able to get build 16F2073. I did this and still got the same build 16F73 and it doesn't work with MBP 2017. Any guess?

Like
SOLVED Posted: 7/13/17 at 11:48 AM by sepiemoini

@jeandelgadoc I grabbed the 10.12.5 from here and completed the above steps using AutoDMG. The result of that DMG was a 10.12.5 DMG with the 16F2073 build. Only difference is that I did not opt for the "apply updates" section in AutoDMG but I can't imagine that having an impact on the DMG itself.

Like
SOLVED Posted: 7/13/17 at 3:03 PM by jeandelgadoc

@sepiemoini This worked I was able to get 16F2073 build, THANKS! The problem now is that 10.11.4 didn't work on MBP 2017 from Casper Admin. I was able to install that configuration to old MBPs but not new ones. I have the Prohibited Symbol. Any tips on how to install macOS Sierra on Casper Admin?

Like
SOLVED Posted: 7/13/17 at 3:15 PM by nkalister

@jeandelgadoc @sepiemoini If you started with the 16F73 installer, your 2017 MBP's will not boot into the recovery partition with that autoDMG procedure. The recovery HD is not updated and will still be 16F73.

Like
SOLVED Posted: 7/13/17 at 3:49 PM by rqomsiya

So we just got one new 2017 iMac. What are the best steps to take to grab a working image so I can deploy to the rest of my iMacs when they arrive?

Thanks,
R.

Like
SOLVED Posted: 7/14/17 at 12:15 AM by neil.martin83

@rqomsiya I had to deal with my first 2017 iMac yesterday...

  1. Boot the iMac to Internet Recovery.
  2. Connect an external drive (HFS+ formatted).
  3. Choose the Reinstall macOS option.
  4. After the license agreement, select the external drive as the install destination.
  5. When the first stage of installation completes (before the Mac restarts), switch the Mac off and disconnect your external drive.
  6. On the external drive, there's a folder - macOS Install Data - and inside that is a file, InstallESD.dmg - drag InstallESD.dmg onto AutoDMG like you would with the macOS installer application.
  7. Profit with your pristine never-booted image - feed it to AutoCasperNBI to get your NetBoot set and use it as a base to image new Macs.

N.B. 16F2073 boots on older Macs too, not just the 2017 iMacs - BUT Apple do tell you not to use forked builds with Macs other than those they're created for. 10.12.6 will be with us soon and this mess will hopefully be over. :-)

Like
SOLVED Posted: 7/19/17 at 1:54 PM by ant89

@sepiemoini Nice work! Your method worked for me.

We dont use Casper imaging here. We use DEP. But instead of using internet recovery to get a laptop back to the stock image, we use deploy studio. Casper imaging enrolls the device which we dont want. DEP will handle enrollment.
Deploy studio images it back to the out of the box condition.

Adding the 16F73 sierra + macosupd10.12.5 to autoDMG worked perfectly. --- Note: AutoDMG does not rename it... if you add it back to autodmg, you will see the correct build after its created.

I used DeployStudio assistant on the 2017 macbook to create the updated Netboot image.

Like
SOLVED Posted: 7/19/17 at 1:56 PM by sepiemoini

@ant89 Woo-hoo! Glad that it worked for you. Now for a 10.12.6 update :)

Like
SOLVED Posted: 7/19/17 at 1:58 PM by nkalister

10.12.6 came out today.
Also, @ant89 , your build's recovery partition will not boot 2017 MBP's. Don't use it.

Like
SOLVED Posted: 7/19/17 at 4:53 PM by sgorney

I am now using an AutoDMG build of 10.12.6 for my NetBoot and OS Image. NetBoots the 2017 MacBook Pros' just fine. However after imaging and booting into the adobeinstall user for post-imaging tasks, it is not recognizing the ethernet interface. Hence, no enrollment and it skips all my triggers, dummy receipts, etc. I have tried it with the Belkin USB-C adapter as well as the Thunderbolt 2 to 3 plugged into an ethernet adapter.

I am on 9.98 FYI. Anyone else having this issue?

Like
SOLVED Posted: 8/4/17 at 9:56 AM by mohlmag

Believe we are seeing the same issue here . ASR image of 10.12.6 gets applied, quickadd should install at reboot. Instead the system comes up to the login window and the quickadd doesn't seem to apply as there is no SSH access and the cooresponding policy doesn't kick off.

Like
SOLVED Posted: 8/4/17 at 9:56 AM by mohlmag

Believe we are seeing the same issue here . ASR image of 10.12.6 gets applied, quickadd should install at reboot. Instead the system comes up to the login window and the quickadd doesn't seem to apply as there is no SSH access and the corresponding policy doesn't kick off.

Like
SOLVED Posted: 8/7/17 at 2:34 PM by NealIV

Im also seeing this using the 10.12.6 OS on my new Macbook Pro's and iMac.

Like
SOLVED Posted: 8/8/17 at 3:16 PM by mohlmag

Got this to work in our environment by specifying paths more fully in our imaging script. Noticed that the quickadd installation needed the full path to internal HDD.

Like
SOLVED Posted: 9/5/17 at 4:09 AM by deej

No luck here. NetSUS 4.1.0, macOS 10.12.6 in both the AutoCasperNBI and the AutoDMG-created OS package. All created fresh, recreated, and recreated again, multiple times.
Pick the NetBoot image from the Startup Manager (Option key), it thinks for a while, then gives up and boots back to the internal drive. No crossed-out circle, no spinny globe, no (visible) kernel panic.
Works on other Macs -- except the Touch Bar MBPs.
However, it does work if I attach a "USB-C to USB-A"+"USB-A to Ethernet" piggybacked adapter. Not only can it be NetBooted, but fully imaged and 100% setup successfully. But obviously, that's completely infeasible across 350 lab Macs that we want to zero-touch refresh.

Like
SOLVED Posted: 9/24/17 at 8:03 AM by bentoms

Just circling back to this.. should have a 10.13 AutoCasperNBI release our in the next couple of days... but with some outstanding issues:

  1. NetBooting take 8-9 mins to complete
  2. Auto-login fails the majority of the time.

1) is an Apple thing & not much I can change.

2) seems worse in GM than B9.. to see if I can fix, but again a bug open with Apple.

Like