How to configure Mac Deploy Stick to deploy macOS

Mac admins have a new way to deploy macOS to their Apple devices with the Mac Deploy Stick.

istock-93277070.jpg
Image: GeorgeDolgikh, Getty Images/iStockphoto

I recently reviewed the Mac Deploy Stick (MDS) after becoming aware of its existence while attempting to resolve an unrelated Mac issue that had crossed my desk. After getting in touch with Twocanoes CEO, Tim Perfitt, he provided the rundown on how MDS fills in the gap left behind after recent changes were made by Apple to effectively eliminate a device's capability to NetBoot and in the delivery mechanism of the hardware firmware updates.

These two very important keys rendered Mac admins with the ability to automate the process used to distribute macOS to devices—new and old. These changes also brought with them the specter that the only official way to deploy Apple devices would be through Apple's Device Enrollment Program, a program aimed at businesses of all sizes, however, only applicable to new hardware purchased directly from Apple. This cuts out any existing devices organizations may own, as well as those used as part of a BYOD program.

SEE: System update policy template download (Tech Pro Research)

This brings us back to MDS, which "provides a fast way to initially provision a new Mac or wipe and restore an existing Mac with minimal administrator time," according to Perfitt. Additionally, "MDS uses the standard macOS installer so it installs macOS along with any required firmware updates."

MDS shares the same DNA as one of Apple's earlier mindsets in that, "it just works." The application, OS, and any applications and/or scripts you wish to include in your provisioning workflow are all that's needed to hit-the-ground-running and deploy your first Mac in minutes.

In this article, we'll walk through the steps to get the basics set up, but first, please review the requirements so that the process can occur as seamless as possible:

  • Apple computer running macOS 10.4 (or later) to serve as the administrative workstation
  • Apple computer to serve as our test device
  • Mac Deploy Stick application (installed on administrative workstation)
  • macOS Mojave Installer (latest version) downloaded from the Mac App Store
  • 16GB USB Flash Drive (Optional; but required if creating external deployment volume)
  • File server or Web server (Optional; but required if created network-based deployment volume)
  • 1st/3rd-party Apple applications in flat-package (PKG) format (Optional)
  • Bash scripts to configure settings (Optional)
  • Switched Network (Optional; but required if connecting to network-based volume)

Configure MDS for macOS deployment

Launch the MDS app on the administrative workstation (Figure A).

201913-figure-a.jpg

Figure A: The administrative workstation.

The application console should be free of any content, by default. However, clicking the "+" sign allows us to create our first workflow. The first tab, named Description, will provide a title to the workflow and a brief description of what the workflow accomplishes. Note: MDS allows for the creation of multiple workflows, so feel free to be as concise or granular as you wish (Figure B).

201913-figure-b.jpg

Figure B: The Description tab will provide a title to the workflow.

For the purposes of this guide, we'll create a simple workflow that erases the drive on an existing Mac, installs macOS Mojave, and creates an admin account for us to manage the devices post-MDS.

Click on the macOS tab and place a check next to Install macOS. Next, click the select installer button to locate the local copy of Install macOS Mojave.app. Finally, place a check next to Erase and install, since for this exercise we wish to completely format the existing drive (Figure C).

201913-figure-c.jpg

Figure C: Place a check next to Erase and install.

The Resources tab holds three optional choices: Package & Apps: Where applications we wish to install will be located; Scripts: Where bash scripts that are to be run will be located; And Profiles: Where customized profiles, .mobileconfig files with payloads will be located—all for installation post-macOS (Figure D).

201913-figure-d.jpg

Figure D: The Resources tab holds three optional choices.

Note: If utilizing these resources, it is best to isolate each of these into their own separate folders under a root directory for each category. From experience, all scripts stored in one folder will be bundled up once MDS processes them and will be installed as one pkg file. Since MDS allows us the freedom to be as granular as possible, it is far simpler to test each component in isolation, and then include them as part of an overall master deployment workflow.

Last, is the Options tab. Another optional selection, but in my opinion one that adds a welcome bit of automation when provisioning multiple devices. In this tab, the first portion titled Create User allows admins to standardize the creation of a user account—standard or administrator—that will be deployed to each device. Simply enter the full and short names of the account, a password, and the UID. Also, don't forget to check the box next to Allow user to administer the computer if you wish to create a local admin-level account (Figure E).

201913-figure-e.jpg

Figure E: Check the box next to Allow user to administer the computer if you wish to create a local admin-level account.

An additional bit of automation baked right in is the ability to skip the set-up screens upon first booting a newly installed Mac. By checking the boxes for the screens you wish to become hidden, these will get processed after macOS is installed and be skipped altogether during set up (Figure F).

201913-figure-f.jpg

Figure F: Check the boxes for the screens you wish to become hidden.

Once all the necessary changes are made to your first workflow, click the OK button to return to the main screen with your newly customized workflow created. While the process is almost done, the contents of the workflow need to be copied to its final destination.

If choosing to provision devices over a USB drive, insert your USB drive now and click on the Save to Volume... button. Locate the USB drive you wish to use, and MDS will copy the contents to the USB drive. If wishing to deploy over the network, then click the Save to Disk Image... button and MDS will copy the contents to a compressed DMG file and store it at the root of the directory of your choosing after providing the file a name and clicking the Save button (Figure G).

201913-figure-g.jpg

Figure G: If wishing to deploy over the network, then click the Save to Disk Image.

Provisioning a Mac device (USB method)

1. After the USB Flash Drive is populated with the MDS files, safely remove the device from your administrative workstation and insert it into your test Mac's USB port.

2. Boot the device to the recovery partition by holding down Command+R as it boots.

3. After the recovery partition boots, select Utilities | Terminal from the Toolbar to launch the Terminal application and enter the following command to launch the MDS app:

/Volumes/mdsresources/run

4. This will kick off ,Imagr, the application used to select the workflows from. Make your selection from the drop-down menu, then click on the Run Workflow button, and the process will execute as your workflow is designed.

Provisioning a Mac device (Network-based method)

1. After the Disk Image is created with the MDS files, you may keep the file there if that is the location that has the proper permissions to serve the file. If not, you need to create a shared folder or web directory with the correct permissions to allow the file to be hosted before proceeding.

2. On the test Mac, boot the device to the recovery partition by holding down Command+R as it boots.

3. After the recovery partition boots, select Utilities | Terminal from the Toolbar to launch the Terminal application and enter the following commands to launch the MDS app. First, we will create a temporary directory to mount the DMG file to:

mkdir /tmp/mds

Next, we connect to the server hosting our DMG file and mount it to the temporary folder:

smbfs_mount //username@hostname.domain/sharename /tmp/mds

Third, we mount the DMG as a volume:

hdiutil mount /tmp/mds/name_of_mds_diskimage.dmg

Last, we kick off the Imagr app:

/Volumes/mdsresources/run

4. Make your selection from the drop-down menu, then click on the Run Workflow button, and the process will execute as your workflow is designed.

Regardless of the deployment method chosen, all workflows with the macOS installer phase configured will reboot automatically upon completion. Any additional packages, scripts, and/or profiles selected will install automatically after macOS is installed as a post-install process.

One of the best things about MDS is its modular set up, which allows admins the flexibility to add (or not add) anything to their workflows to get their devices ready for the end-user, or hand it off to a management suite or MDM to complete the last leg of configuration.

At its core, said Perfitt, "MDS works great in environments where you need to quickly set up Macs prior to deployment like labs, one-to-one environments, or have large software packages to install."

Also see

By Jesus Vigo

Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from seve...