Keep Calm and Upgrade Your Mac

Transcript

1. View Slide

2. © JAMF Software, LLC
   Daniel Mintz
   Professional Services Engineer
   
   Jamf
   Jonathan Yuresko
   Implementation Engineer
   
   Jamf
   275x275
   
   head shot
   

   View Slide

3. © JAMF Software, LLC
   Keep Calm and Update Your Mac!
   Agenda:
   
   In-place macOS upgrades
   
   Erase and Install macOS…remotely!
   
   Provisioning your Macs from afar
   
   Putting it all together for seamless provisioning
   
   Q/A
   
   

   View Slide

4. © JAMF Software, LLC
   In-Place macOS Upgrades
   /Applications/Install\ macOS\ Mojave.app/Contents/Resources/startosinstall \
   
   --applicationpath /Applications/Install\ macOS\ mojave.app \
   
   - agreetolicence \
   
   --nointeraction
   
   github.com/kc9wwh/macOSUpgrade
   
   How?
   

   View Slide

5. © JAMF Software, LLC
   Der Flounder - Building a Jamf Pro Smart Group For High Sierra Models
   
   goo.gl/AR5BGC
   In-Place macOS Upgrades
   

   View Slide

6. © JAMF Software, LLC
   Install macOS Mojave.app
   Install macOS Mojave.app Install macOS Mojave.app
   

   View Slide

7. © JAMF Software, LLC
   Mojave Installer
   Cache Mojave Installer
   

   View Slide

8. © JAMF Software, LLC
   Install macOS Mojave.app
   

   View Slide

9. © JAMF Software, LLC
   $4
   $5
   $6
   macOS Upgrade Script
   /Applications/Install macOS Mojave.app
   10.14
   moj
   

   View Slide

10. © JAMF Software, LLC
    Upgrade to Mojave
    

    View Slide

11. © JAMF Software, LLC
    Mojave
    

    View Slide

12. © JAMF Software, LLC
    Installing: About 3 minutes
    remaining
    

    View Slide

13. © JAMF Software, LLC
    Erasing and Installing macOS
    How?
    /Applications/Install\ macOS\ mojave.app/Contents/Resources/
    startosinstall \
    
    --applicationpath /Applications/Install\ macOS\ Mojave.app \
    
    --eraseInstall \
    
    - agreetolicence \
    
    --nointeraction
    

    View Slide

14. © JAMF Software, LLC
    /Applications/Install\ macOS\ mojave.app/Contents/Resources/
    startosinstall \
    
    --applicationpath /Applications/Install\ macOS\ Mojave.app \
    
    --eraseInstall \
    
    - agreetolicence \
    
    --nointeraction \
    
    --installpackage
    …and enrolling remotely!
    Erasing and Installing macOS
    

    View Slide

15. © JAMF Software, LLC
    End Goal: To allow an admin to assign a machine
    correctly to a user, and choose its configuration. Thus
    allowing erase and install to happen and the machine
    immediately enrolled back into management.
    
    Example:
    
    A machine is being re-provisioned for a new employee
    and the device in question is not DEP enabled.
    Erasing and Installing macOS
    

    View Slide

16. © JAMF Software, LLC
    Erasing and Installing macOS
    

    View Slide

17. © JAMF Software, LLC
    https://www.bluem.net/en/projects/pashua/
    

    View Slide

18. © JAMF Software, LLC
    

    View Slide

19. © JAMF Software, LLC
    echo "Pashua created the following variables:"
    
    echo " tb = $tb"
    
    echo " tf = $tf"
    
    echo " tf1 = $tf1"
    
    echo " tf2 = $tf2"
    
    echo " ob = $ob"
    
    echo " pop = $pop"
    
    echo " rb = $rb"
    
    echo " cb = $cb"
    
    echo " chk = $chk"
    
    echo ""
    

    View Slide

20. © JAMF Software, LLC
    /usr/sbin/networksetup -setairportnetwork en0
    

    View Slide

21. © JAMF Software, LLC
    /usr/bin/dscl . -create /Users/newadmin
    
    /usr/bin/dscl . -create /Users/newadmin UserShell /bin/bash
    
    /usr/bin/dscl . -create /Users/newadmin RealName "New Admin"
    
    /usr/bin/dscl . -create /Users/newadmin UniqueID 519
    
    /usr/bin/dscl . -create /Users/newadmin PrimaryGroupID 80
    
    /usr/bin/dscl . -create /Users/newadmin NFSHomeDirectory /Users/newadmin
    
    /usr/bin/dscl . -passwd /Users/newadmin password
    
    /usr/bin/dscl . append /Groups/admin GroupMembership newadmin
    
    createhomedir -c -u newadmin
    

    View Slide

22. © JAMF Software, LLC
    /bin/mkdir -p /private/var/db
    
    /usr/bin/touch /private/var/db/.AppleSetupDone
    
    /bin/chmod 0400 /private/var/db/.AppleSetupDone
    
    /bin/mkdir -p /Library/Receipts
    
    /usr/bin/touch /Library/Receipts/.SetupRegComplete
    

    View Slide

23. © JAMF Software, LLC
    ##Erase & Install macOS (Factory Defaults)
    
    ##Requires macOS Installer 10.13.4 or later
    
    ##Disabled by default
    
    ##Options: 0 = Disabled / 1 = Enabled
    
    ##Use Parameter 8 in the JSS.
    
    eraseInstall="$8"
    if [[ "${eraseInstall:=0}" != 1 ]]; then eraseInstall=0 ; fi
    
    #macOS Installer 10.13.3 or ealier set 0 to it.
    
    if [ "$versionMajor${versionMinor:=0}" -lt 134 ]; then
    
    eraseInstall=0
    
    fi
    
    

    View Slide

24. © JAMF Software, LLC
    Installing: About 3 minutes
    Installing: 1 of 1
    

    View Slide

25. © JAMF Software, LLC
    /Applications/Install\ macOS\ Mojave.app/Contents/Resources/
    startosinstall \
    
    --applicationpath /Applications/Install\ macOS\ Mojave.app \
    
    --eraseInstall \
    
    - agreetolicence \
    
    --nointeraction \
    
    --installpackage
    …and PROVISIONING remotely!
    Erasing and Installing macOS
    

    View Slide

26. © JAMF Software, LLC
    Provisioning Macs from afar
    End Goal: Assign desired computer(s) in Jamf Pro to be
    erased, clean-OS installed, enrolled, and provisioned!
    
    Some Examples:
    
    • Repurposing a used machine, wiping and provisioning it for
    a new employee…without touching the machine
    
    • Updating all lab machines to the latest and greatest and
    provisioning them for the next class/semester, remotely!
    

    View Slide

27. © JAMF Software, LLC
    Provisioning Macs from afar
    • Custom QuickAdd with special features*
    
    • Workflow to erase, install and enroll using the custom quickadd
    
    • Smart Groups
    
    • Policies with Custom Triggers
    
    • Provisioning workflow (script or app based, calling Custom Triggers)
    
    • Cleanup workflow
    Setup
    

    View Slide

28. © JAMF Software, LLC
    Provisioning Macs from afar
    • Network - Wi-Fi (added via script/command) or Ethernet
    
    • Temporary Admin Account - To be removed via Jamf Pro later…but
    available in case of network drop
    
    • Bypass Setup Screens
    
    • Drop a dummy file/plist for an Extension Attribute - Smart Group
    
    • Have an auto provisioning workflow with Custom Policy Triggers
    
    • Cleanup!
    Custom QuickAdd
    

    View Slide

29. © JAMF Software, LLC
    Provisioning Macs from afar
    /bin/mkdir /Library/Company/tmp
    
    /usr/bin/touch /Library/Company/tmp/provisioning.txt
    
    /bin/echo ‘Provisioning’ > /Library/Company/tmp/provisioning.txt
    
    ___________________________
    
    Extension Attribute Workflow:
    
    Smart Group “cat” value in /Library/Company/tmp/provisioning.txt
    
    Scope Smart Group to provisioning workflow
    
    Upon completion, trash /Library/Company/tmp/provisioning.txt
    Custom QuickAdd - Dummy file/plist
    

    View Slide

30. © JAMF Software, LLC
    Smart Group to begin provisioning
    Erasing and Installing macOS
    

    View Slide

31. © JAMF Software, LLC
    Custom Trigger Policies
    Erasing and Installing macOS
    

    View Slide

32. © JAMF Software, LLC
    Provisioning Macs from afar
    /usr/local/jamf/bin/jamf policy -trigger provision_slack
    Custom Trigger Policies
    

    View Slide

33. © JAMF Software, LLC
    Provisioning Macs from afar
    Auto-provisioning Workflow - Policy Structure
    

    View Slide

34. © JAMF Software, LLC
    Provisioning Macs from afar
    /usr/local/jamf/bin/jamf policy -trigger provision_securityharden
    
    /usr/local/jamf/bin/jamf policy -trigger provision_firefox
    
    /usr/local/jamf/bin/jamf policy -trigger provision_googlechrome
    
    /usr/local/jamf/bin/jamf policy -trigger provision_photoshop
    
    /usr/local/jamf/bin/jamf policy -trigger provision_slack
    
    /usr/local/jamf/bin/jamf policy -trigger provision_spotify
    
    /usr/local/jamf/bin/jamf policy -trigger provision_evernote
    
    /usr/local/jamf/bin/jamf policy -trigger provision_browsersettings
    Auto-provisioning Workflow - Script Contents
    

    View Slide

35. © JAMF Software, LLC
    Provisioning Macs from afar
    Remove Dummy Plist/File (or have script say “completed” in plist for Smart Group EA)
    
    Apply security mandated settings/configurations
    
    Enable Filevault
    
    Have computer reboot back to Setup Assistant
    
    Restart machine
    
    Have a popup or something letting end-user know the machine is ready to go
    
    Smart group looking for completed machine…
    
    …and a webhook sending an email to IT showing the machine is ready to go :)
    Cleanup
    

    View Slide

36. © JAMF Software, LLC
    Putting it all Together
    Let’s do this…
    Prerequisites
    
    • Get your machines to at least 10.13.4
    
    • Create Provisioning Policy Structure - https://jamf.it/GcQya
    
    Workflow
    
    • Custom QuickAdd Package to enroll machine(s) and auto-configure
    
    • Cache macOS Installer on desired machine(s)
    
    • startOSInstall binary script in Jamf Pro w/ -installpackage
    
    • Smart/Static Group scoped policy for desired computers
    
    • Result: Desired machines are wiped clean, enrolled and provisioned!
    

    View Slide

37. © JAMF Software, LLC
    Questions?
    

    View Slide

38. © JAMF Software, LL
    THANK YOU!
    

    View Slide