Mac Operations

MacTech Deployment Discussion/BOF/Q&A Notes

At MacTech Conference 2014 in Los Angeles, Graham Gilbert and myself conducted a discussion / birds-of-a-feather session on the broad topic of OS and software deployment for OS X and iOS.

Allister Banks was present and dutifully took notes and reference URLs of specifics that were mentioned - solutions, blog posts, and other resources. We thought these would be great to share:

We started by discussing what's new in Yosemite:

Puppet as a tool is unaffected, due to getting over the issues with Ruby 2.0 in Mavericks.

The issues with NetInstall and CreateOSXInstallPkg with the distribution pkg format were discussed, as per:

SCCM hasn't been well know to immediately support OS releases, nor patch broken functionality in a timely fashion.

Re: looking to migrate a DeployStudio repo to a new address but reuse nbi's of older version of the OS was given the option of mounting them as they are read/write, and can therefore be updated for new server location. Another point is you can provide auth to automatically run workflows at the NBI level, which is super cool for lab re-imaging. (but really, use DNS!)

Another method of removing the Mac-as-a-server dependency of DeployStudio:

A linux-based DeployStudio server replacement: Spirit - Spirit Docker Image -

For those that need to keep up with rapid DeployStudio releases when rebuilding NBI's: AutoDSNBI -

A non-Mac NetBoot service from Pepijn Bruienne, in Docker format: BSDPy

Then we discussed the Device Enrollment Program, which I incorrectly got wrong about it's implementation on Macs, it's supposedly fully functional with several MDMs. DEP

What's new in autopkg - 3rd party patch mgmt system support, primarily

I asked about making munki aware of users/OU's in AD, and was told years back Per Olofsson had actually shared a munkiconditional way of determining info before applying it. Per has just donated this script to Tim's munki-conditions repo:

Regarding writing to the Default User Template, we recommended Outset to write prefs per-user login via LaunchAgent, and Joe himself was there to discuss it

In specific managing first-login things like Apple ID sign-in and Diagnostic/privacy opt-in prompts, those 'setup assistant-like' prefs can be set with a system-wide configuration profile. Tim said he modified Greg'ss, first mentioned here: and probably this is a good one to look at using:

802.1x/WiFi auth at loginwindow solutions and in specific, payload variables, and identification Greg specifically even wanted to share what he had experimented with in a blog post!

There might have been a WWDC video on Managing Apple Devices...