Menu
With the introduction of the Device Enrollment Program (DEP) and more recently the T2 Chip, we’re treacherously close to the death of imaging (although I can still image most of my machines, more on that another day). Because machines with the T2 chip don’t support netbooting and only support booting to an external drive by booting to Recovery and changing some security settings, most are relying on booting to Internet Recovery to reinstall macOS. Let’s be honest though: this is annoying. And slow. It’s not automated at all. You have to wait to for your target machine to boot up and then click through the various install screens. This may not be too bad a solution for a single machine, but what about a large number of machines? Not exactly a streamlined solution. Not that there was a great way to do this in the past either; DeployStudio had its multicast that was quite the enigma.
Well, there’s a really great way to image macOS Mojave (by “image” I mean erase and install) on machines now using Jamf Self Service. This is BY FAR the best way I have found to mass install Mojave which seems to be future-proof in regards to machines with the T2 chip. One further thing to note: this method only works for APFS formatted drives. Just something to keep in mind.
First, download the Install macOS Mojave.app. The full 6.0 GB version. If you’re having trouble getting the full installer to download, check out DosDude1’s macOS Mojave Patcher tool. Don’t worry, we’re not doing anything crazy with this. We’re just utilizing the built-in tool to grab the full installer. This is the relevant info:
![]()
https://writingnew146.weebly.com/how-to-unprotect-an-app-on-mac.html. Once you have the full Mojave installer, we just need to package it and upload it to Jamf Pro. I use Composer since it’s straight forward and easy, but feel free to use whatever packaging tool you prefer. As previously stated, this is a 6.0 GB file, so the package is rather large. It will take a bit to download, package and upload to Jamf Pro.
Install Macos Mojave Damaged
In addition to the Mojave installer packaged, we need to write two scripts: a pre-install and post-install script. I would suggest NOT bundling these in the package and instead utilizing the before/after script features in Jamf Pro. https://writingnew146.weebly.com/mac-cannot-see-apps-in-google.html. This way you can have a single Mojave package but have multiple policies to install Mojave.
Macos Delete App
Stat Install MacOS Mojave.app (The name may be different but make sure you use the one shown on your screen and don't forget to escape the spaces with a forward slash.) It's likely that there is only the one file named like that so an easier way to get it is by typing: stat Install and hitting Tab to auto complete the filename. Select Install macOS (or Install OS X) from the Utilities window, then click Continue and follow the onscreen instructions. Learn more For more information about the createinstallmedia command and the arguments that you can use with it, make sure that the macOS installer is in your Applications folder, then enter this path in Terminal. It should be in Applications, as 'Install macOS Mojave' - just in case you were looking for it under 'M'. The installer is simply an app, so like app apps, just put it in the trash and empty the trash.
Because Apple decided that everyone needs Mojave and downloaded the installer automatically to everyone’s machine (ugh), you need to make sure any Mojave install that is already present is erased first. We don’t want to use an old installer for, say, 10.14.1 when 10.14.3 is out now (at the time of writing this). You want to make sure your policy is always installing the latest version of macOS. So the pre-install script is simply this:
Bear app mac workflow. Note: I probably place way too many echoes in my scripts, but I like feedback for testing. So deal with it.
So we’re just checking to see if there is a Mojave installer already present, and removing it if so. Otherwise we’re doing nothing… and making a note of either case.
The post install script is where the real magic happens. And it’s a pretty simple thing, really:
Install Macos Mojave App
There’s quite a bit the Mojave installer can do, I suggest checking out the various usages by entering this in Terminal:
Now that we have the packaged Mojave installer and the two scripts in Jamf Pro, we’re ready to create a policy. You can ultimately do whatever you’d like with the policy and I’m sure there’s plenty of ways to achieve the same end result, but here’s what I did when creating my policy:
Now, the important thing about the Self Service policy… make sure you keep it safe and away from your users, and check the “Ensure that users view the description” check box! I keep it away from users by scoping the policy to my AD account, that way it can only be seen when I personally log into Self Service (I do this for a lot of tools and maintenance scripts, it’s handy). You definitely do NOT want to put this in Self Service for anyone to run at their leisure. Also, even for your own protection, you want to make sure there is a second button you have to click to kick off the policy. So make sure to write a giant warning in the Self Service description for yourself (and others) so you don’t accidentally erase a machine.
Once the policy is set up, go ahead and try it out on a machine or two. Of course, make sure the machine is a DEP machine, configured for a PreStage Enrollment, and removed from Jamf Pro during the macOS installation (if necessary, you may not want the inventory data from before the erase and install). The nice thing about this set up is it doesn’t require the machine to be tethered to some netboot server, to use an external drive, etc. As long as the machine has an internet connection, the policy can be run just like any other Self Service policy. And if you have a Jamf Pro cloud instance (like me), this means you can remote wipe a machine on the other side of the world!
As I mentioned above, you may also want to set a custom trigger for this policy. This is a secret weapon for mass deployments of Mojave. One caveat: if you scope the policy to just your AD account (as I do for my Self Service policy), you may need to create a separate policy and scope it to all machines/whatever group of machines you plan on wiping. Otherwise they won’t be in scope. At that point, all you have to do is issue a remote command to the machines when you’re ready, and watch them all automatically erase and install macOS.
A thing of beauty, really.
Peace,
Joel
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |