Modern Workflows for macOS Deployment - Amsys Apple Training

Modern Workflows for macOS Deployment

Posted on by david.mann

In recent years Apple has made significant changes to the potential methods for macOS deployment. These changes have a notable impact on medium- to large-scale deployments. In this post we’ll discuss and revisit some of the more modern workflows used.

The Apple position on legacy macOS deployment methods such as imaging are well-documented. Here’s a reminder, in case you missed it:

Apple doesn’t recommend or support monolithic system imaging as an installation method. The system image might not include model-specific information such as firmware updates.

Published Date: September 24, 2018

The good news is, Mac sysadmins now have alternatives. These include using standard Apple installation tools to erase and install or upgrade macOS, with no need for older solutions such as NetBoot and ASR.

In this blog you’ll see some of the options we’ve tested for three specific macOS deployment scenarios:

  • in-place upgrades
  • erase and re-install
  • erase and upgrade

It’s worth mentioning that each of these scenarios requires either the use of Apple’s Automated MDM Enrolment (formerly DEP) or for the administrator to perform some manual steps post-install.

In-place upgrades

There are two ways to approach in-place upgrades: either with user interaction, or without.

With user interaction

There are a couple of options to let users run an in-place upgrade when it suits them:

  • If the users have local admin rights, they can simply download and run the macOS installer from the app store.
  • If the users don’t have local admin rights, you can use a device management tool such as Jamf Pro or Munki to make the installer available (see resources below).

Without user interaction

As the IT administrator, you may want to perform an in-place upgrade of macOS. For the past few versions of macOS, Apple has included a binary called “startosinstall”. This binary, documented in depth here, allows you to trigger the install. With some additional options, you can start the install with no further user interaction:

#!/bin/sh
“/Applications/Install macOS High Sierra.app/Contents/Resources/startosinstall” –applicationpath
“/Applications/Install macOS Mojave.app” –volume / –nointeraction

Other options for the binary can be seen here:

Neils-MacBook-Pro:~ sperringsn$ /Users/sperringsn/OneDrive\ -\ Amsys/Amsys\ Ltd/2019/Amsys\ Courses/Software/Install\ macOS\ Mojave.app/Contents/Resources/startosinstall —usage
Usage: startosinstall

Arguments —license, prints the user license agreement only.
—agreetolicense, agree to the license you printed with —license.
—rebootdelay, how long to delay the reboot at the end of preparing. This delay is in seconds and has a maximum of 300 (5 minutes).
—pidtosignal, Specify a PID to which to send SIGUSR1 upon completion of the prepare phase. To bypass “rebootdelay” send SIGUSR1 back to startosinstall.
—installpackage, the path of a package (built with productbuild(1)) to install after the OS installation is complete; this option can be specified multiple times.
—eraseinstall, (Requires APFS) Erase all volumes and install to a new one. Optionally specify the name of the new volume with —newvolumename.
—newvolumename, the name of the volume to be created with —eraseinstall.
—preservecontainer, preserves other volumes in your APFS container when using —eraseinstall.
—usage, prints this message.

Example: startosinstall
Neils-MacBook-Pro:~ sperringsn$

Erase and install/upgrade

Education institutions and some businesses have a need to erase and cleanly
deploy groups of Mac computers. You can achieve this with a few solutions that
leverage the Recovery partition and Internet Recovery, depending on your goals.

The three scenarios we tested were:

  • Erase the Mac and re-install the same operating system
  • Erase the Mac and deploy the OS that it originally shipped with
  • Erase the Mac and upgrade to a newer operating system

Scenario 1: Erase the Mac and re-install the same operating system

This can be achieved with the built-in Recovery partition, which will match
the currently installed operating system. The high-level steps are:

  1. Restart the Mac and hold down “Command-R” to boot to the built-in Recovery partition
  2. Once booted, launch Disk Utility and erase the Macintosh HD volume
  3. Proceed with a standard macOS install

Scenario 2: Erase and deploy the OS that was originally shipped with the Mac (requires 10.12.4 or higher)

Option-Command-Shift-R

This method was introduced via a firmware update when you upgrade to 10.12.4 or higher. It gives you the ability to reset a Mac to the OS that it was originally shipped with, thereby returning it to “out-of-the-box” configuration.

Scenario 3: Erase the Mac and upgrade to a newer operating system

This last scenario gets a little tricky. If you use the built-in Recovery partition, you’ll get the OS that is already installed on your Mac. If, for example, you are currently running 10.11 and want to erase and install 10.12, you would have to first upgrade the OS to 10.12, then boot to recovery, erase and re-install the OS a second time.

Option-Command-R

Using command-option-R will “Upgrade to the latest macOS that is compatible with your Mac” (https://support.apple.com/en-us/HT204904). But in the fine print it also states that “If you haven’t already installed macOS Sierra 10.12.4 or later, Option-Command-R reinstalls the macOS that came with your Mac, or the version closest to it that is still available.”

Other techniques we tested

Creating an install partition using createinstallmedia

The intention here is to pre-load the necessary installation files, which speeds up the overall installation process.

The basic process involves resizing the Macintosh HD, creating a new 12GB partition, and then running createinstallmedia to build the install partition.

Useful resources:

Looking to perfect your macOS deployment skills? See our course list.

This article has been adapted from a post on the Amsys.co.uk website.

About The Author

david.mann
2 posts