Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Imaging and NetBooting of 2017 iMacs

Posted: 6/20/17 at 1:06 PM by mconners

Hello Everyone,

First off, I know many of us use different processes; DEP, thin imaging and many more. We had an issue with the new iMacs coming in requiring a different build and I wanted to share what we did.

We used the standard tools to get this working utilizing AutoDMG and AutoCasperNBI.

Using the tools mentioned above, we found there was an update at Apple for these new iMacs:

We then proceeded to run AutoDMG and adding the typical Sierra download as we always have done, the required build for these 2017 Macs, we couldn't find a way to download the needed Sierra build. We added this new update package mentioned above, to AutoDMG so it would add the package to the final AutoDMG build. This created a new OS.dmg that was the correct build for the new iMacs, build 16f2073.

We then used AutoCasperNBI to build the new NetBoot image, this worked just fine to build the correct OS and it NetBoots our new iMacs.

I thought I would share this process for those that need to NetBoot, image the new iMacs.

CCT Badge CCA Badge

Posted: 6/20/17 at 1:21 PM by bradtchapman


The $64,000 question: can you replicate this process using High Sierra on the same computers? And will they have HFS+ or APFS?

Posted: 6/21/17 at 2:57 PM by SGill

APFS=RIP imaging?:

CCA Badge CCE Badge CUG Badge Integrator Badge

Posted: 6/22/17 at 4:57 AM by bentoms

optional image ALT text

CCA Badge CCE Badge CJA Badge

Posted: 6/22/17 at 5:48 AM by blackholemac

@bentoms Now you are just showing off man...I am very eager to see what you have to say in this regard in more detail! Specifically what you have to say because my existing imaging workflow is useless without your product specifically.

P.S. yes, this post was meant to egg you on explicitly because somehow I want to see what you have come up with but I know to some degree you can't show off because of NDA issues.

CCA Badge CCE Badge CUG Badge Integrator Badge

Posted: 6/22/17 at 6:08 AM by bentoms

heh.. yep NDA.. also.. who knows what will happen come 10.13 release?

CCA Badge CCE Badge CJA Badge

Posted: 6/22/17 at 6:16 AM by blackholemac

well...I'll put it to you this way...I am also an Apple Developer so if you wish to point me to login-walled links I'm all for it. Also if you specifically were to "wax philosophic" on the death of imaging perhaps in a post and include some waxing on the greatness of Mac-based DEP, I'm certain I could read into that how I needed to. I already am near fully DEP on the iOS side, but we never did image there.

I am already trying to get us migrated to a full DEP workflow on Macs as well. We had some pesky licensing issues with some of our Mac software that made such a migration ugly. We have since resolved that mostly, but due to summer scheduling, a migration to the new workflow isn't happening this summer. My target for full migration is June-July of 2018. I guess at that point imaging will die to us, but again that's where I like hearing from you and other creators of our imaging workflow where possible. I pride myself on keeping on open mind on such weighty matters.

CCA Badge CCE Badge CUG Badge Integrator Badge

Posted: 6/22/17 at 7:05 AM by bentoms

@blackholemac See this

With that working, AutoCasperNBi just worked...

Posted: 6/22/17 at 5:15 PM by SGill

After some further appears that imaging lives....just perhaps in an updated form.... :)

CCA Badge CCE Badge

Posted: 6/22/17 at 10:25 PM by dvasquez

Sorry was posting on the wrong discussion.

Posted: 6/23/17 at 7:24 AM by LSinNY

And JAMF even admitted in yesterday's webinar "Why DEP is Replacing Imaging (and Why it's a Good Thing)". Not sure if it's posted on the site yet. The three methods they mention are: DEP, Recovery and Total Nuke and Pave.

CCT Badge CCA Badge CCE Badge CJA Badge

Posted: 6/29/17 at 4:23 PM by sepiemoini

While I am still in the process of packaging this new DMG using AutoDMG, I am super excited that I found and bookmarked this post a while back. Kudos to everyone!

CCT Badge CCA Badge CCE Badge CJA Badge

Posted: 6/30/17 at 11:48 AM by sepiemoini

UPDATE: It worked, naturally. It's also worth noting that it's imperative to include the newly created DMG with the 16F2073 build in Casper Admin as the DMG used during imaging if you're wiping the macOS device first.

Posted: 6/30/17 at 3:11 PM by mapurcel

@sepiemoini keep in mind that if you erase the drive on a 2017 MacBook and image with that build then the recovery partition won't be compatible (boots to prohibit when trying to access the Recovery Partition)

CCT Badge CCA Badge CCE Badge CJA Badge

Posted: 7/3/17 at 10:39 AM by nkalister

@mapurcel have you found a way to get a compatible recovery partition installed with the 2073 build or included with the autoDMG image?
It's interesting that FileVault works even though booting to recovery does not . . .I wonder if that means the only problem is that the board ID for the 2017 MBP's is not included since the 2073 build comes from the 2017 iMac update.
I'm doing an internet recovery on a 2017 13" right now, then going to try to build a recovery partition installer from the installESD that comes down- if that works, then that can be deployed to any 2017 MBPs that get imaged before 10.12.6 comes out and unifies everything again.

Posted: 7/3/17 at 11:13 AM by mapurcel

@nkalister I did not, we moved to thin imaging, leaving the OS untouched out of the box, until 10.12.6 comes out, good luck

CCT Badge CCA Badge CCE Badge CJA Badge

Posted: 7/3/17 at 12:20 PM by nkalister

double post!

CCT Badge CCA Badge CCE Badge CJA Badge

Posted: 7/3/17 at 12:22 PM by nkalister

  1. use internet recovery on a 13" or 15" 2017 MBP. Grab the installESD.
  2. Download the current Sierra installer from the App Store. Replace the InstallESD.dmg inside with the one from your IR download.
  3. Run Mager Valp's create recovery partition installer with the frankenstein'd Sierra app.

That produces a package that can be included in imaging or deployed and will install a recovery HD that will boot all models including the 2017 MBP's.

Posted: 7/3/17 at 6:23 PM by grepoli


CCT Badge CCA Badge CCE Badge CJA Badge

Posted: 7/3/17 at 6:57 PM by nkalister

@grepoli that will result in a build with a recovery HD that will not boot the 2017 MBP's like @mapurcel said above. It'll boot to the OS and enable FileVault, but attempting to boot to recovery gives the prohibit sign.

CCA Badge CJA Badge

Posted: 7/6/17 at 3:05 PM by antoinekinch

What I had to do was:

  • Use Disk Utility to Capture a 10.12.5 image from the never been booted 2017 MacBook Pro (no recovery partition)

  • Use AutoCasperNBI to create a bootable USB stick image

  • Boot to the USB

  • Copy System Image Utility from a 10.12.5 machine to the USB

  • Run System Image utility to create a NetRestore Image of the never-been booted Macintosh HD of the 2017 MacBook Pro (16F2073 image that includes the recovery partition) so that any other machines that are imaged can also be encrypted.

  • Then take that image and create Netboot and AutoDMG images.

Posted: 7/13/17 at 11:42 AM by jeandelgadoc

@sepiemoini How were you able to get build 16F2073. I did this and still got the same build 16F73 and it doesn't work with MBP 2017. Any guess?

Posted: 7/13/17 at 11:42 AM by jeandelgadoc

link text
@sepiemoini How were you able to get build 16F2073. I did this and still got the same build 16F73 and it doesn't work with MBP 2017. Any guess?

CCT Badge CCA Badge CCE Badge CJA Badge

Posted: 7/13/17 at 11:48 AM by sepiemoini

@jeandelgadoc I grabbed the 10.12.5 from here and completed the above steps using AutoDMG. The result of that DMG was a 10.12.5 DMG with the 16F2073 build. Only difference is that I did not opt for the "apply updates" section in AutoDMG but I can't imagine that having an impact on the DMG itself.

Posted: 7/13/17 at 3:03 PM by jeandelgadoc

@sepiemoini This worked I was able to get 16F2073 build, THANKS! The problem now is that 10.11.4 didn't work on MBP 2017 from Casper Admin. I was able to install that configuration to old MBPs but not new ones. I have the Prohibited Symbol. Any tips on how to install macOS Sierra on Casper Admin?

CCT Badge CCA Badge CCE Badge CJA Badge

Posted: 7/13/17 at 3:15 PM by nkalister

@jeandelgadoc @sepiemoini If you started with the 16F73 installer, your 2017 MBP's will not boot into the recovery partition with that autoDMG procedure. The recovery HD is not updated and will still be 16F73.

Posted: 7/13/17 at 3:49 PM by rqomsiya

So we just got one new 2017 iMac. What are the best steps to take to grab a working image so I can deploy to the rest of my iMacs when they arrive?


Posted: 7/14/17 at 12:15 AM by neil.martin83

@rqomsiya I had to deal with my first 2017 iMac yesterday...

  1. Boot the iMac to Internet Recovery.
  2. Connect an external drive (HFS+ formatted).
  3. Choose the Reinstall macOS option.
  4. After the license agreement, select the external drive as the install destination.
  5. When the first stage of installation completes (before the Mac restarts), switch the Mac off and disconnect your external drive.
  6. On the external drive, there's a folder - macOS Install Data - and inside that is a file, InstallESD.dmg - drag InstallESD.dmg onto AutoDMG like you would with the macOS installer application.
  7. Profit with your pristine never-booted image - feed it to AutoCasperNBI to get your NetBoot set and use it as a base to image new Macs.

N.B. 16F2073 boots on older Macs too, not just the 2017 iMacs - BUT Apple do tell you not to use forked builds with Macs other than those they're created for. 10.12.6 will be with us soon and this mess will hopefully be over. :-)

CCT Badge CCA Badge

Posted: 7/19/17 at 1:54 PM by ant89

@sepiemoini Nice work! Your method worked for me.

We dont use Casper imaging here. We use DEP. But instead of using internet recovery to get a laptop back to the stock image, we use deploy studio. Casper imaging enrolls the device which we dont want. DEP will handle enrollment.
Deploy studio images it back to the out of the box condition.

Adding the 16F73 sierra + macosupd10.12.5 to autoDMG worked perfectly. --- Note: AutoDMG does not rename it... if you add it back to autodmg, you will see the correct build after its created.

I used DeployStudio assistant on the 2017 macbook to create the updated Netboot image.

CCT Badge CCA Badge CCE Badge CJA Badge

Posted: 7/19/17 at 1:56 PM by sepiemoini

@ant89 Woo-hoo! Glad that it worked for you. Now for a 10.12.6 update :)

CCT Badge CCA Badge CCE Badge CJA Badge

Posted: 7/19/17 at 1:58 PM by nkalister

10.12.6 came out today.
Also, @ant89 , your build's recovery partition will not boot 2017 MBP's. Don't use it.

CCA Badge CCE Badge CJA Badge

Posted: 7/19/17 at 4:53 PM by sgorney

I am now using an AutoDMG build of 10.12.6 for my NetBoot and OS Image. NetBoots the 2017 MacBook Pros' just fine. However after imaging and booting into the adobeinstall user for post-imaging tasks, it is not recognizing the ethernet interface. Hence, no enrollment and it skips all my triggers, dummy receipts, etc. I have tried it with the Belkin USB-C adapter as well as the Thunderbolt 2 to 3 plugged into an ethernet adapter.

I am on 9.98 FYI. Anyone else having this issue?