Image: iStockphoto/Ben-Schonewille

Apple’s recent changes to the Mac operating system has brought various changes to the way in which Mac admins deliver clean and upgraded installs of macOS to their client systems. By rolling in the delivery of firmware updates to the installer files, Apple has made for a tighter integration between the software and hardware levels of its systems.

This closed loop further adds to the underlying security of its products, especially when newer devices leveraging the T2 security chip–Apple’s version of TPM–lock all the internal components down through Secure Boot to ensure that only authorized, signed software from Apple runs efficiently with each new installation without the malware inherent with introducing compromised software into the matrix.

SEE: 10 essential apps and utilities for your Mac (free PDF) (TechRepublic)

Previous methods, including thick imaging standards based on NetBoot/NetInstall, have been deprecated by Apple’s move to a thinner, lighter touch to managing Macs involving clean installations and zero-touch management using Mobile Device Management (MDM) servers to affect changes and ongoing support. But without getting too ahead of ourselves, let’s focus on the requirements that must be met to successfully create our USB installer.

  • Apple computer (click to see a list of supported devices)
  • macOS Catalina (10.15) installer downloaded from the Mac App Store
  • Admin credentials
  • USB flash drive or hard drive (8 GB free space or more)

How to create the macOS Catalina USB installer

1. Log on to the Mac computer and mount the USB device.

2. Launch the Terminal and enter the command below to convert the USB device to installer media. Note: The contents of the drive will be erased during the conversion process.

sudo /Applications/Install macOS --Volume /Volumes/USB --nointeraction

3. You’ll be required to enter admin credentials when prompted for the password. Once authenticated, the command will begin erasing the disk and copying the necessary files to the drive. Upon completion, the drive will be made bootable and may be ejected safely to begin upgrading client devices.