Notice: Trying to access array offset on value of type null in /var/www/mediawiki/webroot/mediawiki/includes/profiler/SectionProfiler.php on line 99 Notice: Trying to access array offset on value of type null in /var/www/mediawiki/webroot/mediawiki/includes/profiler/SectionProfiler.php on line 99 Notice: Trying to access array offset on value of type null in /var/www/mediawiki/webroot/mediawiki/includes/profiler/SectionProfiler.php on line 100 Notice: Trying to access array offset on value of type null in /var/www/mediawiki/webroot/mediawiki/includes/profiler/SectionProfiler.php on line 100 Notice: Trying to access array offset on value of type null in /var/www/mediawiki/webroot/mediawiki/includes/profiler/SectionProfiler.php on line 101 Notice: Trying to access array offset on value of type null in /var/www/mediawiki/webroot/mediawiki/includes/profiler/SectionProfiler.php on line 101 Difference between revisions of "Zero-Touch Deployment for Macs" - Library & ITS Wiki

Middlebury

Difference between revisions of "Zero-Touch Deployment for Macs"

Line 5: Line 5:
  
 
 
 
 
 +
  
 
=== '''<span style="font-size:larger">How does it work?</span>''' ===
 
=== '''<span style="font-size:larger">How does it work?</span>''' ===
  
Apple has a progam called Apple School Manager (ASM) which works in conjuction with any number of Mobile Device Management (MDM) systems. At Middlebury College, ITS uses an application called Jamf Pro for MDM. When computers are enrolled into Apple School Manager, they become assigned to Middlebury College's Jamf Pro server.
+
Apple has a progam called Apple School Manager (ASM) which works in conjuction with any number of Mobile Device Management (MDM) systems. Middlebury College&nbsp;uses an application called Jamf Pro for MDM. When computers are enrolled into Apple School Manager, they become assigned to Middlebury College's Jamf Pro server.
  
 
When&nbsp;a Mac is powered on for the first time and gets an Internet connection, the first thing it does is establish a connection&nbsp;to Apple servers. Apple then directs the computer to make a connection with Middlebury's Jamf Pro server and&nbsp;then enrolls&nbsp;itself into the Jamf Pro inventory. After enrollment is complete, Jamf begins to push policies, profiles&nbsp;and software, thereby configuring it automatically. Once Zero-Touch completes, a Self Service application will open on the desktop providing the client with many options to install as the user sees fit.
 
When&nbsp;a Mac is powered on for the first time and gets an Internet connection, the first thing it does is establish a connection&nbsp;to Apple servers. Apple then directs the computer to make a connection with Middlebury's Jamf Pro server and&nbsp;then enrolls&nbsp;itself into the Jamf Pro inventory. After enrollment is complete, Jamf begins to push policies, profiles&nbsp;and software, thereby configuring it automatically. Once Zero-Touch completes, a Self Service application will open on the desktop providing the client with many options to install as the user sees fit.

Revision as of 10:40, 2 June 2020

What is Zero-Touch?

Zero-Touch deployment is a new method for provisioning College-issued, primary-user Mac computers. This method of deployment replaces the need for an ITS staff member to prepare computers before they are deployed to the client. With Zero-Touch, a computer can be delivered directly to a client without ever needing to be physically handled by ITS.

 


How does it work?

Apple has a progam called Apple School Manager (ASM) which works in conjuction with any number of Mobile Device Management (MDM) systems. Middlebury College uses an application called Jamf Pro for MDM. When computers are enrolled into Apple School Manager, they become assigned to Middlebury College's Jamf Pro server.

When a Mac is powered on for the first time and gets an Internet connection, the first thing it does is establish a connection to Apple servers. Apple then directs the computer to make a connection with Middlebury's Jamf Pro server and then enrolls itself into the Jamf Pro inventory. After enrollment is complete, Jamf begins to push policies, profiles and software, thereby configuring it automatically. Once Zero-Touch completes, a Self Service application will open on the desktop providing the client with many options to install as the user sees fit.

 

Deployment steps - off campus

1. Power on the computer and join your home Internet; either by joining the Wifi or connecting directly to your modem/router with a network cable.

2. Step through the first couple of setup screens and be sure to turn on Location Services.

3. Once the Single Sign-on login window appears, type your entire Middlebury email address then press Enter. On the next window, enter your password then press Enter. A third window will ask you to retype your password a second time.

SSO

4. Once startup has completed wait to see a message that says the computer will reboot in one minute. This can take several minutes on a slower network.

5. After the reboot, you will be prompted to enable encryption. Click on the "Enable Now" button. A second popup will indicate that encryption is being enabled; click "Okay."

FV enable

FV Enabled

6. When you reach the login screen, click on the “Local Login” button. This will present you with a shorter way to log into your Mac. Just enter your username and password. Using the Local Login button bypasses the authentication process and logs you into your profile regardless of an Internet connection.

Local Login.png

7. If Self Service isn’t already open, open it by navigating to Applications/Utilities then double click on Self Service.

Use the search box in the upper left corner of the Self Service window to search for desired items. Self Service provides installers for software and printers, as well as information on how to get applications outside of Self Service (e. g. MS Office and Adobe applications).

On-campus

For now, Zero-Touch deployments performed on campus must be completed using a network cable. The Jamf Connect Login application is not compatible with 802.1x Enterprise 2 wireless. MiddleburyCollege wifi will not be active at the Single Sign-on login window and will produce a network error if not connected to a live Ethernet jack.

 

Troubleshooting

Occasionally we have seen at-home Wifi drop during the setup process. This results in the following error message:

No Wifi.png

There is no way to rejoin Wifi in this state. The only remedy is to connect the computer to your home router with a network cable and reboot. Once the computer regains Internet access, it should bring you to the single sign-on login window. If it does not, allow the computer to sit for a few minutes, then try rebooting once again.