Configuring Apple Remote Desktop at Setup Assistant

 

This post was originally written August 21. Then, on August 22nd, Apple broke kickstart intentionally with a Mojave beta. Many Mac Admins filed radars, and the feature seems to have made a welcome return in the release version of Mojave.

I expect the kickstart ARD setting below will be replaced soon with Configuration Profile from an MDM. Until then, you can use this, and it takes just a few minutes to set up, so it’s worth doing until Apple kills it again.

Apple’s DEP set up is fantastic, except for one small issue. Apple don’t give Sysadmins the ability to skip the first few screens of the Set Up Assistant, making “imaging” (for lack of a better word) a pain in the butt.

Apple have improved the situation recently by adding new flags to the Installer – the “–eraseinstall” flag is really handy, but still you need to have someone physically in front of a newly erased Mac to jump through those first few screens.

To get past that, Cameron Kay at UNSW created a simple workflow that adds an ARD agent to the Mac, so you can remote in and click-through those first few screens. I’ve been testing his excellent work, and will share the documentation here.

The Script

The script is a very simple bash script – just change the names and password as you wish. This script also renames the computer to “Setup – Serial Number” – I’ve kept this in mine so I can create a Jamf smart group of Macs at Setup, because our DEP enrolment scripts rename the computer anyway. The script is available here.

Packaging it for Jamf

This takes just a few seconds, using Rich Trouton’s Payload Free Packager

Upload to your server

Upload this to your management system of choice. We use Jamf, so the examples here will be Jamf. You’ll also need the latest macOS Installer as a package. Upload both, then create a policy

Create a policy

My policy is a very simple policy with two packages; the macOS installer, and the ARD at Setup Package. It is scoped to all computers, but only support staff can see it. It is available in self service or via the -eraseward trigger. All very basic, but here are the screenshots.

Important: Set the ARD at Setup Package to cache, rather than install!

The secret sauce that makes the policy work is under Files and Processes – using the –eraseinstall and –installpackages flags. 

Here, I’m searching for the process “Self Service” and killing it (so self service quits, allowing the Mac to reboot. And under Execute Command:

/Applications/Install\ macOS\ High\ Sierra.app/Contents/Resources/startosinstall --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --installpackage "/Library/Application Support/JAMF/Waiting Room/ard-at-setup.pkg"

We cached the Ard at Setup package earlier, so it’s in the folder “JAMF/Waiting Room”.

Now, when you run that policy, the Mac will download the installer, then erase and install macOS, and when it reboots, you’ll be able to remote to the Mac via ARD. Simple!

Obviously you can also use this as a policy to erase a whole lab at once if you want, but start testing within Self Service.

 

Missing the SD card reader in your MacBook? Don’t buy a dock

I’ve tested every damn dock with an SD Card reader and they all suck, and they get super hot in use. Get this instead, one cable that can go from your camera to your computer, no crappy adaptors or docks in between.

I’ve been using one for over a year, and it’s much better solution. And gosh, some cameras even have USB-C now.

Buy: ORICO Type-C to Micro USB Charge & Sync Cable (MCU) (MCU-10-BK) | Centre Com : Best PC Hardware Prices!

Modular Mac Pro is a 2019 Product

“We want to be transparent and communicate openly with our pro community, so we want them to know that the Mac Pro is a 2019 product. It’s not something for this year.”

In addition to transparency for pro customers, there’s also a larger fiscal reason behind it.“

We know that there’s a lot of customers today that are making purchase decisions on the iMac Pro and whether or not they should wait for the Mac Pro,” says Boger.This is why Apple wants to be as explicit as possible now, so that if institutional buyers or other large customers are waiting to spend budget on, say iMac Pros or other machines, they should pull the trigger without worry that a Mac Pro might appear late in the purchasing year.

Source: Apple’s 2019 Mac Pro will be shaped by workflows | TechCrunch

Steve Jobs on privacy – 8 Years ago

I love Kara Swisher’s little “you here, Mark?” joke at the start of this question…

I really hope Apple can do something about Facebook at the iOS level, but of course, if they piss off Facebook too much, the company can tell it’s 1 Billion users to switch to Android for the best experience.

Apple Is Planning Its First Education-Related Event Since 2012 – Bloomberg

Its last education-related event took place in New York City in 2012. The company said in an invitation Friday that it will share “creative new ideas for teachers and students” at the affair, which will take place at Lane Tech College Prep High School.
— Read on www.bloomberg.com/news/articles/2018-03-16/apple-to-make-education-related-announcement-on-march-27

This is pretty exciting – we saw some great new classroom features come to the iPad in iOS 11 – I’m hoping to see more of that, and as a Mac Sys admin working at a University right now, a few more tools for the Mac would be welcomed, too. The most intriguing rumours are around Apple’s laptop line – with talk of a possible rev to the education workhorse, the MacBook Air.