Friday, November 04, 2016

Deploying Creative Cloud Applications with the Dell K1000 Appliance

This document outlines the procedures for building Adobe Creative Cloud packages for distribution with the K1000. The document assumes that you have knowledge of using the Creative Cloud Packager already. You will need the ability to create packages using the Creative Cloud Packager and be able to install them on a Mac.
A few notes:
Because the end goal of this process is creating a managed install the instructions below are designed for installers that only include one application from the Creative Cloud.
The K1000 relies on specific version numbers of products which don't always align with the human friendly names of the Creative Cloud apps. Because of this we will be using the number release names for installers and not always the year release names, i.e. Dreamweaver 16.0 instead of Dreamweaver CC 2015.
In this document I will be using the example of creating a package for Photoshop CC 2015 which has a version number of 16.0.0. I recommend creating a folder on the root of your drive to save packages. Avoid using spaces in the folder and package names to make things easier later. You will be using  command line tools to manipulate files so you will need to know the paths to the packages you are creating. The Creative Cloud Packager will create a folder using the package name you specify.
1.     Using the Creative Cloud Packager create a package for a Creative Cloud Application.
a.     Note that if you are using serial numbers for device based application Adobe recommends not including the Creative Cloud application (as of Summer 2016).
2.     Install the package on your Mac.
3.     In the K1000 force an inventory update of your computer.
4.     Expand the Installed Programs section and find the title that you just installed.
5.     Click on the title to edit it.
6.     Make a note of the version number displayed for the title.
7.     Select the operating systems that this title supports.
Information about the Creative Cloud requirements is available here: https://helpx.adobe.com/creative-cloud/system-requirements.html
8.     Open Terminal.
9.     Create a disk image that contains the package. The disk image name should include the exact version number of the software title.
a.     The syntax for the command is:
hdiutil create –format UDZO –srcfolder /path/to/package.pkg -volname "Name of Volume" /path/to/output.dmg
b.     If you told Creative Cloud Packager to create a package named Photoshop in /Adobe then it will place the installer package at /Adobe/Photoshop/Build/Photoshop_Install.pkg
c.     The command to place that in a disk image would then be:
hdiutil create –format UDZO –srcfolder /Adobe/Photoshop/Build/Photoshop_Install.pkg -volname "Adobe Photoshop" /Adobe/Photoshop/Build/Photoshop16.0.0.dmg
d.     For more help on the hdiutil command view my document on creating disk images or the manual page: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/hdiutil.1.html
10.  Upload the disk image to the software title for this package.
11.  In the K1000 click Distribution.
12.  Click Choose Action, New
13.  Enter the name of the software title including the version number followed by (Mac) to indicate that this is the Mac installer.
14.  Select the title from the Software dropdown menu.
15.  Under execution select Anytime.
16.  Add a device to the devices list or a label to the Labels list.
Note: If you do not specify a device then the K1000 will want to deploy to all devices. If I do not have a specific target device planned, then I will add my own machine as a placeholder.
17.  Save the managed installation.



Friday, July 29, 2016

Managing the Dock on Apple MacOS Systems

We have been migrating the management of our computer labs at Dickinson to Profile Manager this summer and a recent sticking point was managing the Dock. In most cases Profile Manager does a good job of allowing you to specify the applications in the Dock but one of my colleagues wanted her users to be able to add other items they use frequently. Profile Manager includes an option to Merge with User's Dock, which does allow the user to add their own items, but the default Dock items that Apple places there are also present.

That's a lot of extra icons
In an effort to find a happy medium I researched where Apple stores the items that are added to the Dock when new users log into the computer for the first time. I found the answer over at JAMF Nation in this post: https://jamfnation.jamfsoftware.com/discussion.html?id=12266 

The following two commands will alter the two files that contain the default applications:


After the files are modified you can customize your own set of Dock applications using Profile Manager and select the Merge with User's Dock option. Users will then be able to add other applications to their dock but they won't be able to remove those you specified.

The one catch here is that since the files we are modifying are under /System they are protected by System Integrity Protection (SIP). That means that in order to make these changes you must first disable SIP. Whether or not you want to do that in your environment is a question you will have to answer yourself. You should also keep in mind that any updates from Apple might undo these changes and possibly make them more difficult in the future.

Thursday, March 03, 2016

Deploying MacOS X Upgrades with the Dell K1000

At work we will be deploying Office 2016 to campus this summer and it requires at least MacOS X version 10.10. In our environment we normally don't upgrade operating systems in place so we have a fair number of computers with earlier versions installed. This presents a problem. Our initial thought was that we would need to deploy the sneaker net and get to work. I realized that the K1000 detects Mac OS X as an installed program so I wondered if I could setup a managed install to deploy it and it turns out you can. I used the following procedure to deploy Mac OS X 10.11 El Capitan but it should also work for other versions.

Step 1: Download the OS Installer from the AppStore
If you don't already have a copy of the Install OS X El Capitan application from the Apple AppStore login and download a copy of it. You can leave it in the /Applications folder.

Step 2: Build a Mac OS X install package
Download createOSXInstallPkg script from GitHub and store it somewhere on your computer.
https://github.com/munki/createOSXinstallPkg
Open a terminal window and change to the location of the script.
The documentation for the script is well written but there isn't too much necessary for a basic package. The following command will create the package in the same location as the script:
sudo ./createOSXInstallPkg --source /Applications/Install\ OS\ X\ El\ Capitan.app/

You should end up with a file named something like InstallOSX_10.11.3_15D21.pkg. The version and build number (10.11.3 and 15D21 respectively) will depend on when you download the installer from the App Store.

Step 3: Create a disk image to hold the package
The K1000 appliance will deploy packages stored on a disk image and I have found this method to be the most reliable for uploading packages to the appliance.
Open Disk Utility
Click New Image
Give the disk image a name, I called mine MacOSX_10.11.3_15D21.dmg.
For the size you need to make the image larger than the size of the package because once the disk is formatted it will loose some space. My install package was 6.1GB so I made the disk image 7.5GB.
Leave the Format, Encryption, Partitions and Image Format defaults.
Click Create

Step 4: Copy the install package to the newly created disk image
The disk image should be mounted when created, but if it isn't mount it and then copy the file to the volume. Once it is copied, unmount the disk.

Step 5: Copy the disk image to the K1000 appliance
The web interface won't allow you to upload files more than 2GB so you will need to mount the clientdrop share on your K1000 and copy the file there. If you have not already enabled the SAMBA share on your appliance login to the admin interface and browse to Settings, Security.

Step 6: Associate the disk image with the software title
When creating a managed install it is very important that you associate the installer with the correct title. If you have any doubt about which software title to use then I strongly recommend that you use the installer to update one machine in your environment manually and then associate the file with the software title found in that machines software inventory after the setup is complete and the machine has checked into the K1000 again.
Once you are satisfied that you have the correct software title select the disk image from the Upload and Associate Client Drop File menu.
In the Supported Operating Systems list select the operating systems that you will be upgrading to 10.11.
Save the software title.

Step 7: Create the managed install
In the K1000 interface click Distribution
Under Managed Installs click Choose Action, New
Give your MI a name, I called mine Mac OS X El Capitan Install
Select 10.11.3 software title from the dropdown
Set the execution option based on whether or not you want to interrupt users with the installation or not.
Leave the Default installation option selected
For the notification options we setup both Alert user before run and Completion messages. This is what we have set for our environment:
Alert user before run:
Your computer has been scheduled to be upgraded to OS X El Capitan (10.11). You can continue to use the computer and will be notified when the first phase is complete.
Completion message:
The first phase of your upgrade to Mac OS X El Capitan is complete. Please restart your computer to begin the next phase. Phase two will take about half an hour to complete.
Save the managed install.

You should now be able to target computers with the installation and they will receive the upgrade. Note that the first phase of the installation (before the computer restarts) is silent. Unless you use a completion message the user will not be prompted to restart. Once the computer does restart the installation will proceed. I have had varied reports of whether or not there is interaction required during this phase of the upgrade.

The installation of 10.11 has been resetting the Sharing preferences in our environment. We normally have remote login and remote desktop enabled for certain users and after the upgrade those options are turned off. Thankfully the KACE agent is still checking in so you can use a script to set those options. Here is our script:
#!/bin/sh
# start here
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users admin -access -on -privs -DeleteFiles -ControlObserve -TextMessages -OpenQuitApps -GenerateReports -RestartShutDown -SendFiles -ChangeSettings
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setmenuextra -menuextra no
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw VNCPasswordHere
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent -menu -console
sudo systemsetup -setremotelogin on
exit 0


Friday, January 29, 2016

Deploying Winclone Image Packages with DeployStudio

Background: 

As of DeployStudio version 1.7.2 it is not possible to create and deploy an image of Windows 10 on a Bootcamp partition. Due to this issue we purchased licenses of Winclone so that we can still deploy dual boot systems at Dickinson College. Winclone images have a few options which potentially make them a better solution for deploying Windows on Apple hardware so overall this isn't a bad decision in the long term. DeployStudio is capable of distributing Winclone images but the process is a little different. This documentation will serve as a guide to creating a workflow that images an Apple device with a dual boot setup using Winclone to create the Windows image for the Bootcamp partition. You will need a licensed copy of Winclone to complete this procedure.

I created a few scripts to help automate the imaging process. They are available on my GitHub repository:

Preparing a Mac Image: 

The process for preparing a MacOS image for a dual boot setup is not any different from before. Setup your image as desired and upload it to DeployStudio as you normally would. 

Preparing the Windows system: 

  1. Launch the Bootcamp assistant and use the wizard to create a Bootcamp partition.  Note: You will need a disk image of Windows 10. The size of the Bootcamp partition needs to be large enough to accommodate Windows and any applications you want to install. Winclone will be able to shrink the partition to a smaller footprint and also create a larger or smaller partition for restoration. 
  1. The computer should restart and proceed with installing Windows. Remember that you need to format the Bootcamp partition in order to select it and install the OS. 
  1. After installation is complete the Bootcamp installer should launch. Note: I have seen an issue with the RealTek audio drivers failing to install. If the Bootcamp installer stalls for a long period of time open Task Manager and kill the RealTek setup process. 
  1. Restart after installing the Bootcamp software. 
  1. Configure the computer as required with applications and settings.  
  1. Winclone uses text in c:\windows\system32\license.rtf to determine the operating system when creating an image. Check the file to make sure it contains "Windows 10". In my experience the Enterprise version does not have the text and it needs to be added. 
  1. Perform a sysprep on the computer. I have created a basic unattend.xml file that includes examples of several key settings and made it available on GitHub: https://github.com/csteelatgburg/scripts/blob/master/Windows/Win10Unattend.xml 

Creating the Bootcamp image: 

You will need a licensed copy of Winclone for this task. I was using version 5.5 when I wrote these instructions. 
  1. Boot the computer to MacOS. 
  1. Launch Winclone and load your license file if you have not already done so. 
  1. Select the Bootcamp partition. 
  1. In the Tools menu select Shrink Windows (NTFS) Filesystem. 
  1. After shrinking the partition click Save Image and give it a name. 
  1. After the image is saved, select it in the list on the left. 
  1. Click the Make Package button. 
  1. Select the appropriate option for the size of the Bootcamp partition. 
  1. Click Create package and choose a name and location. 

Getting the image to DeployStudio:

Depending on your environment you need to get the package to your DeployStudio server. Place it in the Packages folder of your Images share.

Creating your workflow: 

I have created several scripts that will assist in the automated deployment of Winclone packages. You will need to add these scripts to the workflow for imaging a dual boot computer using a Winclone package. You can download them from my GitHub repository:
These scripts need to be placed on your DeployStudio server in the Scripts folder of your Images share.

  1. Create a new workflow and name it appropriately. 
  1. Add the following tasks 
  1. Partition Target Volume: First Disk available Create one partition using the entire disk named Macintosh HD Check the Automate checkbox. Note: We do not need to create the partition for Windows at this point because the Winclone installer will handle that for us. 
  1. Restore Target Volume: Enter value, Macintosh HD Image: HFS, select the appropriate image for the MacOS partition Check the boxes for the following options: Don't check restoration, Rename ByHost prefs, Delete machine dependent files and caches, Set as default startup volume, Automate 
  1. Generic Select the disable_sip.sh shell script in the Command dropdown Note: The Winclone package can't run with SIP enabled.  You can read more about this on the Twocanoes website.Check the Automate checkbox. 
  1. Configure Target volume: Previous task target Check the boxes for the following options: Rename computer, Automate 
  1. Generic Select the copy_tools_local.sh shell script in the Command dropdown.  Check the Automate checkbox. Note: This copies the DeployStudio scripts to /etc/deploystudio on the Macintosh HD, we will need them after the computer reboots. 
  1. Generic Select the bootcamp_save_name_to_file.sh shell script in the Command dropdown. Check the Automate checkbox. Note: This is a script that I created that saves the computers Bootcamp name from the DeployStudio database in /etc/deploystudio/bootcampname on the Macintosh HD.  Check the Automate checkbox. 
  1. Package Install Target volume: Previous task target Package: Select the Winclone package that you created and placed in the Packages folder on the DeployStudio server. Check the boxes for the following options: Postponed Installation, Automate 
  1. Generic Select the bootcamp_set_name_from_file.sh shell script in the Command dropdown.  Check the Postponed Execution checkbox and select Previous Task Target for the target volume. Parameters: /dev/disk0s3 Note: This is the disk and partition that is typically used for Bootcamp in my configurations. If your partition scheme is different you will have to adjust this value accordingly. Check the Automate checkbox. Note: This script retrieves the computer name from /etc/deploystudio/bootcampname and then searches the Bootcamp partition for an unattend.xml line that contains the <computername>*</computername> directive. It replaces the * with the computer name so that the machine is named correctly after it completes the OOBE stage. 
  1. Add any other tasks for your image (additional software installs, active directory binding, etc.). 
  1. Click Save  

Applying the images to a computer: 

  1. NetBoot the computer to the DeployStudio server. 
  1. If you have not already added the computer to the DeployStudio database then do so now.  
  1. Run the workflow you created. 
  1. DeployStudio will perform the selected tasks. Note that it will copy the Winclone image to the local machine, this may take a long time depending on network speed. 
  1. After the tasks which run in the DeployStudio Runtime complete the computer will restart and then run the postponed tasks, including installing the Winclone package. 
  1. Once all of the postponed tasks are complete the computer will restart. 
  1. Login to MacOS and set the startup volume to the Bootcamp partition.  Note: Before restarting you can verify the naming scripts worked by browsing the Bootcamp partition to c:\windows\panther and checking the unattend.xml file. The <computername> directive should contain the name from the DeployStudio database. 
  1. Restart the computer and allow Windows to complete the sysprep OOBE process.