DEP Testing Workflows

NickKoval
Contributor
Contributor

I've not found a lot of workflows to rerun through the DEP process but I've found a number of folks that seem to want to run through DEP again quickly. I'm sharing our methods for re-running DEP without re-imaging the computer completely. We've found two options that work well for DEP deployment testing: a second partition on the computer or removing some files from the device to trigger the Setup process again. Feel free to add to this if you have other solutions:

A Second Partition
This process involves making a second partition on the existing system. Prior to running through DEP, boot to the Recovery HD. Next using Disk Utility, partition Macintosh HD into two partition. Clone the existing Macintosh HD to the New Partition and name it something other than Macintosh HD or Recovery HD (I'll use PreDEP HD). Quit Disk Utility and select Macintosh HD as your startup drive then reboot.

  • Pros: You can quickly reboot to the Recovery HD and clone the PreDEP HD over the Macintosh HD.
  • Cons: If you accidentally modify the PreDEP HD, you have to wipe it, re-install and start again.
  • Optional: Instead of cloning the entire drive to the second partition, you can simply store a disk image on the second partition of Macintosh HD. It prevents you from accidentally booting to the wrong hard drive, but it may take up to two minutes longer to restore depending on how you created the disk image.

Remove Some Special Files
Keep in mind that this is essentially performing a selective lobotomy on your computer. Be careful what you type.
Boot the computer into Single-User mode and mount Macintosh HD as writable. Next run the following commands:

rm /var/db/.AppleSetupDone
rm -rf /var/db/ConfigurationProfiles/
rm /Library/Keychains/apsd.keychain
jamf removeFramework
rm -rf <any created user accounts>
rm -rf /var/db/dslocal/nodes/Default/users/<user plist file>

The last two commands require some explanation. rm -rf <any created user accounts> is used for you to remove any accounts home directories created in /Users, /var (for some hidden accounts) or other locations that your management of the system created. rm -rf /var/db/dslocal/nodes/Default/users/<user plist file> removes the actual account that is created. If the account is not removed, you will not be able to use the same short name again. If the home directory is not remove, the same short name for the account can be used, but you will see a "-1, -2" appended to your home folders.

  • Pros: Faster than re-imaging or cloning an image over top of the boot drive.
  • Cons: Requires messing around in terminal where typos can be very treacherous.

Sources

6 REPLIES 6

tyler_sparr
New Contributor

To add to your optional area:

Optional: Instead of cloning the entire drive to the second partition, you can simply store a disk image on the second partition of Macintosh HD. It prevents you from accidentally booting to the wrong hard drive, but it may take up to two minutes longer to restore depending on how you created the disk image.

I like to use AutoDMG to create never booted versions of several different OS versions and then restore them with CCC (or Disk Utility). That way you can easily use the same computer to test multiple operating systems.

I know there's a way to use DEP with a VM, but I can't find the article about how exactly to do it. If anyone reading this has a good one, please share!

dpertschi
Valued Contributor

To test in a VM, open the VM bundle and edit the .vmx file in a text editor. Add a DEP registered serial number and model identifier like this and restart the VM.

hw.model = “MacPro6,1”
serialNumber = “ABCD1234”

seann
Contributor

I think your fourth line is meant to be
sudo jamf removeFramework

Also I don't see why you need to boot to another volume to remove the first 3 files, I've deleted them from a live system, rebooted, and DEP runs again. Or am I missing something?

NickKoval
Contributor
Contributor
I think your fourth line is meant to be sudo jamf removeFramework Also I don't see why you need to boot to another volume to remove the first 3 files, I've deleted them from a live system, rebooted, and DEP runs again. Or am I missing something?

@seann If you are booted into single user mode, you are root so there's no need to use sudo on any of the listed commands.

You aren't missing anything but running them on a booted system, I just prefer to not have a user logged in when I do it - it's a personal preference, not a hard and fast rule. Basically it's me making sure that I really, really want to do this.

StoneMagnet
Contributor III

@nkoval The comment @seann was directing at the 4th line of your posted snippet is because it reads rm jamf removeFramework, which probably isn't what you intended.

NickKoval
Contributor
Contributor

@StoneMagnet Thanks. Completely missed the point of @seann's comment; sorry about that. I've corrected the information above and I appreciate the assist.