Keep Calm and Upgrade Your Mac

Transcript

1. None

2. © JAMF Software, LLC Daniel Mintz Professional Services Engineer Jamf

   Jonathan Yuresko Implementation Engineer Jamf 275x275 head shot

3. © JAMF Software, LLC Keep Calm and Update Your Mac!

   Agenda: In-place macOS upgrades Erase and Install macOS…remotely! Provisioning your Macs from afar Putting it all together for seamless provisioning Q/A

4. © JAMF Software, LLC In-Place macOS Upgrades /Applications/Install\ macOS\ Mojave.app/Contents/Resources/startosinstall

   \ --applicationpath /Applications/Install\ macOS\ mojave.app \ - agreetolicence \ --nointeraction github.com/kc9wwh/macOSUpgrade How?

5. © JAMF Software, LLC Der Flounder - Building a Jamf

   Pro Smart Group For High Sierra Models goo.gl/AR5BGC In-Place macOS Upgrades

6. © JAMF Software, LLC Install macOS Mojave.app Install macOS Mojave.app

   Install macOS Mojave.app

7. © JAMF Software, LLC Mojave Installer Cache Mojave Installer

8. © JAMF Software, LLC Install macOS Mojave.app

9. © JAMF Software, LLC $4 $5 $6 macOS Upgrade Script

   /Applications/Install macOS Mojave.app 10.14 moj

10. © JAMF Software, LLC Upgrade to Mojave

11. © JAMF Software, LLC Mojave

12. © JAMF Software, LLC Installing: About 3 minutes remaining

13. © JAMF Software, LLC Erasing and Installing macOS How? /Applications/Install\

    macOS\ mojave.app/Contents/Resources/ startosinstall \ --applicationpath /Applications/Install\ macOS\ Mojave.app \ --eraseInstall \ - agreetolicence \ --nointeraction

14. © JAMF Software, LLC /Applications/Install\ macOS\ mojave.app/Contents/Resources/ startosinstall \ --applicationpath

    /Applications/Install\ macOS\ Mojave.app \ --eraseInstall \ - agreetolicence \ --nointeraction \ --installpackage …and enrolling remotely! Erasing and Installing macOS

15. © JAMF Software, LLC End Goal: To allow an admin

    to assign a machine correctly to a user, and choose its configuration. Thus allowing erase and install to happen and the machine immediately enrolled back into management. Example: A machine is being re-provisioned for a new employee and the device in question is not DEP enabled. Erasing and Installing macOS

16. © JAMF Software, LLC Erasing and Installing macOS

17. © JAMF Software, LLC https://www.bluem.net/en/projects/pashua/

18. © JAMF Software, LLC

19. © JAMF Software, LLC echo "Pashua created the following variables:"

    echo " tb = $tb" echo " tf = $tf" echo " tf1 = $tf1" echo " tf2 = $tf2" echo " ob = $ob" echo " pop = $pop" echo " rb = $rb" echo " cb = $cb" echo " chk = $chk" echo ""

20. © JAMF Software, LLC /usr/sbin/networksetup -setairportnetwork en0 <SSID> <PASSWORD>

21. © JAMF Software, LLC /usr/bin/dscl . -create /Users/newadmin /usr/bin/dscl .

    -create /Users/newadmin UserShell /bin/bash /usr/bin/dscl . -create /Users/newadmin RealName "New Admin" /usr/bin/dscl . -create /Users/newadmin UniqueID 519 /usr/bin/dscl . -create /Users/newadmin PrimaryGroupID 80 /usr/bin/dscl . -create /Users/newadmin NFSHomeDirectory /Users/newadmin /usr/bin/dscl . -passwd /Users/newadmin password /usr/bin/dscl . append /Groups/admin GroupMembership newadmin createhomedir -c -u newadmin

22. © JAMF Software, LLC /bin/mkdir -p /private/var/db /usr/bin/touch /private/var/db/.AppleSetupDone /bin/chmod

    0400 /private/var/db/.AppleSetupDone /bin/mkdir -p /Library/Receipts /usr/bin/touch /Library/Receipts/.SetupRegComplete

23. © JAMF Software, LLC ##Erase & Install macOS (Factory Defaults)

    ##Requires macOS Installer 10.13.4 or later ##Disabled by default ##Options: 0 = Disabled / 1 = Enabled ##Use Parameter 8 in the JSS. eraseInstall="$8" if [[ "${eraseInstall:=0}" != 1 ]]; then eraseInstall=0 ; fi #macOS Installer 10.13.3 or ealier set 0 to it. if [ "$versionMajor${versionMinor:=0}" -lt 134 ]; then eraseInstall=0 fi

24. © JAMF Software, LLC Installing: About 3 minutes Installing: 1

    of 1

25. © JAMF Software, LLC /Applications/Install\ macOS\ Mojave.app/Contents/Resources/ startosinstall \ --applicationpath

    /Applications/Install\ macOS\ Mojave.app \ --eraseInstall \ - agreetolicence \ --nointeraction \ --installpackage …and PROVISIONING remotely! Erasing and Installing macOS

26. © JAMF Software, LLC Provisioning Macs from afar End Goal:

    Assign desired computer(s) in Jamf Pro to be erased, clean-OS installed, enrolled, and provisioned! Some Examples: • Repurposing a used machine, wiping and provisioning it for a new employee…without touching the machine • Updating all lab machines to the latest and greatest and provisioning them for the next class/semester, remotely!

27. © JAMF Software, LLC Provisioning Macs from afar • Custom

    QuickAdd with special features* • Workflow to erase, install and enroll using the custom quickadd • Smart Groups • Policies with Custom Triggers • Provisioning workflow (script or app based, calling Custom Triggers) • Cleanup workflow Setup

28. © JAMF Software, LLC Provisioning Macs from afar • Network

    - Wi-Fi (added via script/command) or Ethernet • Temporary Admin Account - To be removed via Jamf Pro later…but available in case of network drop • Bypass Setup Screens • Drop a dummy file/plist for an Extension Attribute - Smart Group • Have an auto provisioning workflow with Custom Policy Triggers • Cleanup! Custom QuickAdd

29. © JAMF Software, LLC Provisioning Macs from afar /bin/mkdir /Library/Company/tmp

    /usr/bin/touch /Library/Company/tmp/provisioning.txt /bin/echo ‘Provisioning’ > /Library/Company/tmp/provisioning.txt ___________________________ Extension Attribute Workflow: Smart Group “cat” value in /Library/Company/tmp/provisioning.txt Scope Smart Group to provisioning workflow Upon completion, trash /Library/Company/tmp/provisioning.txt Custom QuickAdd - Dummy file/plist

30. © JAMF Software, LLC Smart Group to begin provisioning Erasing

    and Installing macOS

31. © JAMF Software, LLC Custom Trigger Policies Erasing and Installing

    macOS

32. © JAMF Software, LLC Provisioning Macs from afar /usr/local/jamf/bin/jamf policy

    -trigger provision_slack Custom Trigger Policies

33. © JAMF Software, LLC Provisioning Macs from afar Auto-provisioning Workflow

    - Policy Structure

34. © JAMF Software, LLC Provisioning Macs from afar /usr/local/jamf/bin/jamf policy

    -trigger provision_securityharden /usr/local/jamf/bin/jamf policy -trigger provision_firefox /usr/local/jamf/bin/jamf policy -trigger provision_googlechrome /usr/local/jamf/bin/jamf policy -trigger provision_photoshop /usr/local/jamf/bin/jamf policy -trigger provision_slack /usr/local/jamf/bin/jamf policy -trigger provision_spotify /usr/local/jamf/bin/jamf policy -trigger provision_evernote /usr/local/jamf/bin/jamf policy -trigger provision_browsersettings Auto-provisioning Workflow - Script Contents

35. © JAMF Software, LLC Provisioning Macs from afar Remove Dummy

    Plist/File (or have script say “completed” in plist for Smart Group EA) Apply security mandated settings/configurations Enable Filevault Have computer reboot back to Setup Assistant Restart machine Have a popup or something letting end-user know the machine is ready to go Smart group looking for completed machine… …and a webhook sending an email to IT showing the machine is ready to go :) Cleanup

36. © JAMF Software, LLC Putting it all Together Let’s do

    this… Prerequisites • Get your machines to at least 10.13.4 • Create Provisioning Policy Structure - https://jamf.it/GcQya Workflow • Custom QuickAdd Package to enroll machine(s) and auto-configure • Cache macOS Installer on desired machine(s) • startOSInstall binary script in Jamf Pro w/ -installpackage • Smart/Static Group scoped policy for desired computers • Result: Desired machines are wiped clean, enrolled and provisioned!

37. © JAMF Software, LLC Questions?

38. © JAMF Software, LL THANK YOU!