Thursday, March 03, 2016

Deploying MacOS X Upgrades with the Dell K1000

At work we will be deploying Office 2016 to campus this summer and it requires at least MacOS X version 10.10. In our environment we normally don't upgrade operating systems in place so we have a fair number of computers with earlier versions installed. This presents a problem. Our initial thought was that we would need to deploy the sneaker net and get to work. I realized that the K1000 detects Mac OS X as an installed program so I wondered if I could setup a managed install to deploy it and it turns out you can. I used the following procedure to deploy Mac OS X 10.11 El Capitan but it should also work for other versions.

Step 1: Download the OS Installer from the AppStore
If you don't already have a copy of the Install OS X El Capitan application from the Apple AppStore login and download a copy of it. You can leave it in the /Applications folder.

Step 2: Build a Mac OS X install package
Download createOSXInstallPkg script from GitHub and store it somewhere on your computer.
https://github.com/munki/createOSXinstallPkg
Open a terminal window and change to the location of the script.
The documentation for the script is well written but there isn't too much necessary for a basic package. The following command will create the package in the same location as the script:
sudo ./createOSXInstallPkg --source /Applications/Install\ OS\ X\ El\ Capitan.app/

You should end up with a file named something like InstallOSX_10.11.3_15D21.pkg. The version and build number (10.11.3 and 15D21 respectively) will depend on when you download the installer from the App Store.

Step 3: Create a disk image to hold the package
The K1000 appliance will deploy packages stored on a disk image and I have found this method to be the most reliable for uploading packages to the appliance.
Open Disk Utility
Click New Image
Give the disk image a name, I called mine MacOSX_10.11.3_15D21.dmg.
For the size you need to make the image larger than the size of the package because once the disk is formatted it will loose some space. My install package was 6.1GB so I made the disk image 7.5GB.
Leave the Format, Encryption, Partitions and Image Format defaults.
Click Create

Step 4: Copy the install package to the newly created disk image
The disk image should be mounted when created, but if it isn't mount it and then copy the file to the volume. Once it is copied, unmount the disk.

Step 5: Copy the disk image to the K1000 appliance
The web interface won't allow you to upload files more than 2GB so you will need to mount the clientdrop share on your K1000 and copy the file there. If you have not already enabled the SAMBA share on your appliance login to the admin interface and browse to Settings, Security.

Step 6: Associate the disk image with the software title
When creating a managed install it is very important that you associate the installer with the correct title. If you have any doubt about which software title to use then I strongly recommend that you use the installer to update one machine in your environment manually and then associate the file with the software title found in that machines software inventory after the setup is complete and the machine has checked into the K1000 again.
Once you are satisfied that you have the correct software title select the disk image from the Upload and Associate Client Drop File menu.
In the Supported Operating Systems list select the operating systems that you will be upgrading to 10.11.
Save the software title.

Step 7: Create the managed install
In the K1000 interface click Distribution
Under Managed Installs click Choose Action, New
Give your MI a name, I called mine Mac OS X El Capitan Install
Select 10.11.3 software title from the dropdown
Set the execution option based on whether or not you want to interrupt users with the installation or not.
Leave the Default installation option selected
For the notification options we setup both Alert user before run and Completion messages. This is what we have set for our environment:
Alert user before run:
Your computer has been scheduled to be upgraded to OS X El Capitan (10.11). You can continue to use the computer and will be notified when the first phase is complete.
Completion message:
The first phase of your upgrade to Mac OS X El Capitan is complete. Please restart your computer to begin the next phase. Phase two will take about half an hour to complete.
Save the managed install.

You should now be able to target computers with the installation and they will receive the upgrade. Note that the first phase of the installation (before the computer restarts) is silent. Unless you use a completion message the user will not be prompted to restart. Once the computer does restart the installation will proceed. I have had varied reports of whether or not there is interaction required during this phase of the upgrade.

The installation of 10.11 has been resetting the Sharing preferences in our environment. We normally have remote login and remote desktop enabled for certain users and after the upgrade those options are turned off. Thankfully the KACE agent is still checking in so you can use a script to set those options. Here is our script:
#!/bin/sh
# start here
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users admin -access -on -privs -DeleteFiles -ControlObserve -TextMessages -OpenQuitApps -GenerateReports -RestartShutDown -SendFiles -ChangeSettings
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setmenuextra -menuextra no
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw VNCPasswordHere
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent -menu -console
sudo systemsetup -setremotelogin on
exit 0


1 comment:

earleenmaaske said...
This comment has been removed by a blog administrator.