***Updated for LDMS 2016 SU3 with the Mac agent build of 1066 or greater - you may want to contact support to get the latest builds to ensure you can perform the actions as discussed in the slides***
***Please review the Interchange slides presented in Las Vegas in May of 2016 - these slides contain some best practices when creating your image as well as your deployment template***
***Since version 2016.3 deployment image should not contain Agent already installed in it. Back in 9.6 that was the recommended practice, but in 2016.3 that is not recommended anymore as it can cause issues.***
Whether you're a LANDESK Mac expert in Provisioning or not; it's always nice to have some step-by-step instructions, combined with video, to get you up and running. This document contains links to each critical piece of the Mac imaging process.
Step 1 - Creating a LANDESK Preferred Package Server
Note: This must be done on a server running web sharing services (such as IIS)
- Create a folder on the target preferred server that will host your images
- For our example we will create the following directory structure: C:\Distribution\Imaging
- Open IIS Manager, expand the navigation tree, right-click on Default Web Site and select “Add virtual directory”
- Enter “Imaging” for the share alias, and navigate to the C:\Distribution\Imaging directory created in Step 1.
- After creating the directory, right-click Imaging in the navigation tree and select “Edit Permissions”Permissions should be configured as follows:
Everyone: List Folder Contents, Read
IUSR: Read & Execute, List Folder Contents, Read
NETWORK SERVICE: Full Control
Administrators: Full Control
- Enable directory browsing by selecting the ExampleShare folder in the navigation frame and then clicking the “Directory Browsing” icon and clicking “Enable” in the right-hand pane.
Create UNC Share Distribution
- Navigate to the C:\Distribution\Imaging directory and right-click on the Imaging share.
- Right-click and go to “Advanced Sharing”
- Click “Share this folder”.
- Click “Permissions” and give a domain account account Full Control access to the share. This will be the account used when the provisioning process needs to access or write to the share.
- Ensure that the same account is also given Full Control on the Security tab.
Configure the Preferred Server in LANDesk Management Suite
- Within the LANDesk Management Suite Console click Configure Preferred Server
- Right-click “Preferred Servers” and select “New Preferred Server”
- Enter Server Name and Credentials to the newly created Imaging share on the Preferred Server. This needs to be the same account supplied in Step 4 in the UNC Share area.
- Enter the IP address ranges for the clients subnet(s) that this preferred server will serve.
Step 2 - Build a LANDESK NetBoot Image File
Prepare the OS X El Capitan Machine
- The first thing needed is the OS X El Capitan Installer. Download it and place it into the Applications Folder. Make sure you have the latest installer from Apple, paying attention to the .dot release.
- The LANDESK Mac agent also needs to be installed on the device. Make sure you use an agent that is 9.6 SP2 or later. For more information on how to deploy an agent, seehttps://community.landesk.com/support/docs/DOC-30016
- Download the LANDESK Startup Disk Stamper Utility from https://community.landesk.com/support/docs/DOC-33695 or find it in your ldlogon/mac folder.
- An administrative account on the box
Build the NetInstall Image with Apple’s System Image Utility
- Launch System Image Utility from the Mac. Use the Spotlight Search to find it as it’s buried in an Applications folder under System > Library > CoreServices
- From the source dropdown picker, select Install OS X El Capitan and click Next. If you don’t see Install OS X El Capitan from the options menu, quit the System Image Utility, download the installer and put it into the Applications folder and then re-launch.
- Select the option NetInstall Image and click Next
- Agree to the License Agreement if prompted
- At this time, we don’t need to add any configuration options, as all of that will be built inside the provisioning process within the LANDESK Console. For the next 4 screens, just click Next with no items added or changed from the defaults. Stop when you get to the Image Settings screen.
- Provide a Network Disk name to your liking. You’ll be asked to create a second name for the NBI file LANDESK’s stamps, so for me, I always put Apple in the name so I can be sure to differentiate the two. Also, each image file needs to have a unique image index. Feel free to choose whichever option best suits your environment. I personally assign my indices so I can ensure a unique value. Also, just by way of note, you’ll need to assign another unique ID when you use the LANDESK stamper.
- Select the computer models you want your NBI to support and click Next through all of the other options.
- Finally, provide the path to where the Apple NBI file will be created and click the Save button. For ease of use when using the LANDESK stamper, I select the desktop.
- Enter your admin credentials on the box and wait for the NBI to be generated.
IMPORTANT NOTE: In OS X 10.11 El Capitan, Apple has introduced their new System Integrity Protection feature which affects how you are able to NetBoot devices. If you have need to NetBoot across subnets, you’re going to need to whitelist your NBI servers. See step 5.
Stamp the Apple NBI File with LANDESK’s Startup Disk Stamper
- Launch the LANDESK Startup Disk Stamper. You can find the download link in the Overview section if you have not yet pulled it down from the LANDESK Community.
- Click the Choose button in the NBI Source panel and select the Apple NBI file previously generated
- Although a bit hidden in the dialog box, you can change the desktop background displayed during the NetBoot process by selecting the Choose button in the Agent Source panel. This step is optional.
- Set your destination type.
- If you intend to boot your NBI from the network, select the NetBoot Image radio button and push the Choose button to name your LANDESK NBI file and to indicate where you would like to save it.
- If you need to build a bootable USB drive, select the Removable Drive option and select the Device from the Finder window.
- Set a second unique index. Since LANDESK is generating it’s own NBI file, you’ll want this value to be different from the value selected in step 6 for the System Image Utility NBI creation.
- Provide a description if desired and click Create
- Enter your admin credentials on the box and wait for the LANDESK NBI to be generated. If you see ?? marks in any of the panels, the tool has not been properly configured or a 9.6 SP2 or later LANDESK Mac agent has not been installed.
Step 3 - Configure the an OS X Server or a LANDESK Core Server for NetBoot
At this time, it is recommended that an OS X server be used for NetBooting.
OS X Server
- Launch Server on an OS X machine and authenticate
- Select NetInstall from the left hand menu and hit the Edit Storage Locations, setting up both the image and client directories
- Copy your NBI you created to /Library/NetBoot/NetBootSP0
- Go back to the Server App and turn on the service
- Validate your NetIntall is running on the correct port
- Set your newly created NBI to be the default and make sure it is enabled for HTTP using the settings options after highlighting the Image from the Images window.
- Logon to the device from which you created the LANDESK NBI file outlined previously.
- Connect to the server hosting your HTTP share. For information on how to create an appropriate HTTP share, see https://community.landesk.com/support/docs/DOC-6986
- Transfer the LANDESK NBI file to the HTTP share
- From the LANDESK Console, open Tools > Provisioning > OS Provisioning
- On the Operating System Provisioning toolbar, select the Preboot dropdown button and click on the Manage Netboot Image Mappings
- Supply the HTTP path to your Netboot image files and then click Browse to select your appropriate NBI.Configure any unique device models that will need an NBI file different from the default. The list of device models will be automatically populated from the LANDESK inventory
- Ensure your HTTP share has been properly enabled to support files with no extensions as outlined in the link in step 2.
- Configure any unique device models that will need an NBI file different from the default. The list of device models will be automatically populated from the LANDESK inventory
- Click OK
Step 4 - Configure the LANDESK Environment for NetBoot
- How-to video Step 1 and 2 listed below is not included in the how-to video. Make sure you don't forget these steps.
This step is not needed if using an OS X server for NetBooting
- Open Internet Information Services on your Core Server. Highlight the Default Web Sites from the list and click on the MIME Types button under IIS. In the right hand pane, click Add... and insert a . (period) as the File name extension and application/octet-stream as the MIME type. Click OK.
- Note: There IS a difference between the “.” And the “.*” MIME types in IIS. “.*” is telling IIS something will come after the period, but “.” means nothing is to come after it. That means you do need add the “.” in addition to the automatically added “.*” to the MIME types.
- Repeat Step 1 for any and all preferred servers you have in your environment.
- From the LANDESK Console, open Tools > Distribution > Distribution Packages
- From the Distribution packages menu tree, highlight All Packages
- Search or scroll to find the PXE Representative Deployment, right click on it and select Create Scheduled Task
- Select your specific task properties, such as the targets, task settings, portal settings and when to start the task
Step 5 - Blessing an El Capitan Device for NetBooting
- Turn on or restart the device to be “blessed”
- Press and hold the keys Command (⌘)-R immediately after you turn on your Mac and hear the startup sound. Keep holding until you see the progress bar.
- When the device boots into the Recovery Mode, you should see a Mac OS X Utilities toolbar. If you end up back to your typical login screen, reboot and try hitting the Command (⌘)-R keys again.
- Navigate to the Utilities menu bar item and select Terminal
- Type the following command in Terminal to add a trusted server. Change
addressto the IP address of your NetBoot server (PXE representatives, preferred servers, core servers)
csrutil netboot add address
- Repeat step 5 for any additional NetBoot servers (PXE representatives, preferred servers, core servers)
- To verify your NetBoot servers have been added, type the following command in Terminal in either the Recovery Mode session or after having booted back into the OS
csrutil netboot list
Step 6 - Capturing a Gold Image
AutoDMG Image Creation
There are two ways to capture a Gold Image. One is to use a freeware tool called AutoDMG. This tool allows you to build your image directly from an Installer so that you don't have to build your image on a machine and then capture it. There are many advantages to going this route, as your image will be completely hardware independent. Furthermore, the tool will automatically create your restore partition when deploying. As such, using AutoDMG is the preferred method for creating a Gold Image. The second method is to use a capture template.
See the AutoDMG how-to video here.
LANDESK Image Capture
Prepare Your Machine for Capture
- Obtain the latest and greatest machine you have
- Create as small of a partition as possible that’ll contain your OS and apps
- Install the desired operating system
- Install any desired apps
- Again, best practice will be to keep the image as thin as possible. Ideally, applications should be deployed
- Make note of the disk identifier for the partition you want to capture as you’ll need it when creating the capture template. Do this by launching Terminal and running the command below
Create the LANDESK Provisioning Capture Template
- Within the LANDESK Console, open Tools > Provisioning > OS Provisioning
- Expand My Templates from the menu tree and highlight All My Templates
- Click the New Template dropdown button from the Operating System Provisioning toolbar and then select the Empty Template
- Provide a template name
- Select Netboot from the Boot Environment dropdown list
- The target OS should automatically change to Mac OS X, if not, select it from the list
- Provide a description if desired
- Push the OK button to create
- Right click on the template created and select Edit
- Now, right click on System Migration and select Add Action
- Select the Reboot/shutdown action and select OK
- Highlight the Reboot/shutdown action generated and change the Action Properties option to NetBoot
- Set the Server option to your PXE representative using the format bsdp://ipaddress. For convenience when NetBooting manually, you’ll likely want to deselect the checkbox for “Stop processing the template if this action fails.”
- Note: This IP address must match the exact address used to bless your El Capitan devices in order to NetBoot the device remotely.
- Right click on the OS installation and select Add Action
- Select the Capture an Image action and select OK
- Provide the smb:// or afp:// url to where you would like to save the image. It should be something similar to smb://servername/share/filename.dmg
- Hit the Validate button so the command line parameters are generated and then replace the /dev/disk0s2 with the appropriate identifier discovered from your capture machine, it may be /dev/disk1 or something else entirely
- Right click on Post-OS installation and select Add Action
- Select the Reboot/shutdown action and select OK.
- Select the radio button Shut down. Like previously, you’ll likely want to deselect the checkbox for “Stop processing the template if this action fails” and hit OK to save the template
Schedule the Image Capture
- Right click on the template created and select Schedule Template
- From the Network View, find your machine from the Devices menu tree and drag it to the scheduled task created under your My Tasks folder
- Remember, when capturing an OS X image, the machine should NOT be a managed node with a LANDESK Mac agent installed on it. In LDMS 9.6 this was the recommended practice but that changed with LDMS 2016.
- Right click on the scheduled task and select Start Now > All
Step 7 - Creating an OS X Deployment Template and Deploying an OS X Image
There are a number of new actions available in LANDESK's 2016 Software Update 3. In addition, several fixes have been made to some of the actions, so if you're struggling to get some of the actions to work, reach out to support and see if you can get the latest Mac build.
An example template can be downloaded from https://github.com/northice/LDMS-Scripts/tree/master/Provisioning%20Templates.
Creating an OS X Image Deploy Template
- From the LANDESK Console, open Tools > Provisioning > OS Provisioning
- From the menu tree, highlight All My Templates from the My Templates folder or the All Public Templates from the Public folder
- Click the New Template dropdown button from the Operating System provisioning toolbar and select the Mac Deploy Template
- Provide a name and description
- Specify the path to save your Mac and Windows image files. The path should besmb://fqdn/share/filename.dmg for an OS X image or smb://fqdn/share/filename.image for a Windows image. Just make sure your preferred server credentials have access to the shares.
- Add the path to store the profile, leveraging the same format in the previous step
- Push the Create button
Edit the Deploy Template
- Right click on the template created and select Edit
- Ensure the Netboot action has the Server variable set to your PXE rep or OS X server unless you’re using the USB NetBoot environment. The server URL format should be bsdp://ipaddress to ensure compatibility with El Capitan’s SIP.
- If deploying a Mac and Windows image, adjust the partition sizes in the Create Partitions actions under Pre-OS Installation. You can set the sizes in percentages so the template can work on any HD size.
- Set the correct partition identifier on the Deploy image action(s) under OS installation inside the Command-line parameters box. Make sure you do this for all Deploy Image actions.
- Add any System Configuration actions desired, such as deploy software
Deploying a Provisioning Template
- Right click on the template created previously and select Schedule Template
- Drag the desired machine(s) to image onto the task created in Scheduled tasks
- If deploying to an unmanaged machine(s), create a record for the new device(s) in the Network View > Configuration > Bare Metal Server tool. See the help file for more info.
- Right click on the scheduled task created and select Start Now > All