Employee - Existing - Mac
Revision as of 10:43, 14 May 2021 by Vogel(talk | contribs)(Step Six: Install Printers & Update/Install Other Software)

Existing Faculty or Staff Mac Cascade

Imaging and/or Cascading Quick Links

Cascade Checklist

Checklist created to help with the cascade process.

Register the Mac

Before you unbox the Mac, register the Mac in GReg and update FileMaker. If they are receiving a USB-C Mac, please register the HooToo USB-C adapter on the proper wired VLAN (not wireless). To find the MAC address of the HooToo, please either use Network Preferences/Network Utility.

Step One: Check Crashplan for Backup Status/Run Sync

  1. Log into
  2. Enter the computer name of the device in the search field.
  3. Verify the backup is at least 99% complete.
  4. When logged in as the user, run Run CrashPlan Sync.

Step Two: Provision the New Mac

All Macs are now being provisioned with Jamf. This is similar to bootstrapping. Please confirm with a full time staff that the device is assigned to the correct server in Apple School Manager.

If a Mac has been used before, and/or is an Intel device:

  1. Connect a provisioning drive to the Mac.
  2. Boot the Mac to Recovery Mode by powering on the Mac and holding down command+r
  3. Select Utilities --> Terminal
  4. Type the command /Volumes/macOS/run in the Terminal window.
  5. Terminal will ask which drive you'd like to bootstrap. Select the drive labeled Macintosh HD. If you don't see a drive labeled Macintosh HD you will need to partition the drive with Disk Utility first. Make sure to select the top, "parent" drive of the Mac. If you do not see the Apple SSD, click on the View option and choose "View All Devices" to select the Apple SSD. Click erase, name the drive Macintosh HD and leave other default settings.
  6. In Terminal: After you've selected the drive, Terminal will ask you if you want to erase the target volume before install. Type y and press return.

If this is a new, out-of-box M1, you will not need to reinstall the OS as they come shipped with Big Sur. Once booted, you can go through the onscreen set up prompts.

Step Three: Initial MDM Configuration

Once the Mac has been provisioned, it will reboot and you will be presented with the macOS initial setup window. Follow the onscreen prompts.

Important: Make sure you see a screen that says "Remote Management" and "鶹Ƶ can automatically configure your computer". If you don't see this screen the Mac will need to be moved to the correct MDM server. Any dutyperson should be able to move it for you if you provide them with the serial number of the Mac.

Step Four: Data Restoration and User Account Creation

鶹Ƶ uses Migration Assistant, an app built into macOS, to move data and users to a new Mac laptop. Migration Assistant can use a variety of sources to move data including DeployStudio backups, Time Machine Backups, and Macs booted to target disk mode.

This guide will start with how to connect to the various data source types.

Sync Domain Password with Filevault Password (Summer 2020 note: this step should already be done for you-you will find the reset domain password in the ticket)

On the old Mac, find out what kind of account the user is. To view this information, please visit System Preferences, Users and Groups. Does the user account say Managed/Mobile, or does it say Admin?

If the user account says Admin, Managed, Mobile, you will need to follow the directions below.

    1. Ask the user to log in to their mac
    2. Reset domain password
    3. Write down domain password for the user on the purple sheet and for GTS on the blue sheet
    4. While the computer is logged in, click the Apple Menu and click Log out.
    5. Log in with their username and the reset domain password.
    6. If this doesn't work, you will need to run AD Fix. If it does work please skip to letter n
    7. To run ad fix, please have them log in with their username and password.
    8. Click Go, Connect to Server, and log into macsoft.gac.edu as your username and password.
    9. Go to the Tools folder, and drag ADFix to the desktop.
    10. Double click AD Fix, and type in the admin credentials to run.
    11. On an employee's computer, click rebind employee
    12. you will receive a progress report and it will closed when it is done running.
    13. Once AD fix is done running, please log out again and try again with their username and password.
    14. If this works, restart the computer and try the reset domain password at the FileVault login.
    15. If it doesn't work, have the user log in again with their computer password, and try restarting again and log in with the username and temporary domain password.
    16. The reset domain password has been successfully synced with their FileVault password.

If the user account says Admin, you will need to sync the reset domain password via Enterprise Connect.

    1. Reset the user's domain password
    2. Open Enterprise Connect
    3. Log into Enterprise Connect with the username and reset domain password. Make sure the button that says "sync active directory password with computer password box is checked."
    4. Restart the computer and log into the computer with the reset domain password.
Target Disk Mode (Preferred Method)

Target Disk Mode allows the Mac to act as a really big (really expensive) external hard drive. To boot to Target Disk Mode follow these steps:

  1. Power off the Mac you'd like to transfer data from.
  2. Power on the Mac and hold down the T key. You will see a bouncing Thunderbolt symbol indicating that the Mac as booted to Target Disk Mode.
  3. Connect the Target Disk Mode Mac to the new Mac using the appropriate cable and adapter (a Thunderbolt cable with a Thunderbolt to USB-C adapter in most cases).
TimeMachine Backup

Time Machine Backups can be used on any Mac. Simply connect the TimeMachine drive to the new Mac.

Crashplan

Crashplan can be used in emergency circumstances where no other data source is available. To use Crashplan as a data source, create a user account for the user while signed into the admin account. Then log in as the user and follow the MacOS crashplan restore guide on the wiki.

DeployStudio Backup

Older Macs (that don't use APFS as their filesystem usually version 10.12.x or older) are able to backup to DeployStudio. The backup can then be used to move the account to the new user. To connect to a DeployStudio backup follow these steps.

  1. Login to the machine you'd like to transfer data to using the admin account.
  2. Click on "Go" in the Menu Bar and click on Connect to Server. Or use the keyboard shortcut: command + k.
  3. Type in afp://ispace.gac.edu and press return.
  4. Authenticate with your 鶹Ƶ credentials.
  5. Double click on the corresponding backup as listed in the Apple_Backups folder.
  6. You are now ready to restore data from a DeployStudio backup.

User Creation/Restoring Data Using Migration Assistant

Migration Assistant can transfer data from a Mac booted to Target Disk Mode, a DeployStudio backup, or a TimeMachine Backup. If these methods do not work, ask a dutyperson for help restoring using Crashplan.

Follow these steps to restore data using Migration Assistant.

  1. Log in as admin on the Mac you'd like to transfer data to.
  2. Mount or connect the datasource as detailed above. Type in the computer password (old computer) to unlock the drive.
  3. Click Don't Use when presented with the time machine prompt.
  4. Open Migration Assistant located in the /Applications/Utilities folder or by using Spotlight search.
  5. Click continue and follow the on screen prompts from Migration Assistant.
  6. Ignore any FileVault requests by clicking cancel.
  7. Select the default option, "From a Mac, Time Machine backup, or startup disk" and click Continue.
  8. Migration Assistant will scan for data sources. Select Macintosh HD and click continue.
  9. Migration Assistant will then begin scanning the drive to look for user accounts and data to transfer.
  10. Deselect everything except the user account you'd like to transfer and click continue.
  11. Set a temporary password for the user account; "changeme" is standard and click continue.
  12. You'll then be prompted to authorize the transfer using the admin account. Click on "Authorize..." and enter the admin password. Then click continue.
  13. Migration Assistant will begin transferring data. Depending on how much data is being transferred, Migration Assistant could take anywhere from a few minutes to a few hours.

Step Five: Verify Data Restore

Check to make sure that data restoration method you used has completed successfully. Check bookmarks, Documents, Desktop to verify their data is in place.

Step Six: Install Printers & Update/Install Other Software

  1. Use Software Center to install the printers.
  2. Use Software Center to install software that the user wants installed. Refer to ticket for specialized software requests.

Step Seven: Set up Code42

  1. Open the Code42 app under their user.
  2. Click Set up Device
  3. Click Replace Existing
  4. Click the old computer name.
  5. Skip File Transfer
  6. Open System Preferences and choose Security and Privacy.
  7. Navigate to the Privacy tab, and choose Full Disk Access from the left side panel. Check the box next to Code42 and falconhd.
  8. Log back in to Code42 as the user and click "finish" to complete the setup

Step Eight: Install iProjection

iProjection is replacing EasyMP, and is now in Managed Software Center. If you have issues installing from MSC, please visit the to download the installer for Mac. Select Epson iProjection v2.40 for Mac (with Moderator) from under the Utilities menu.

  1. After installation, open iProjection.
  2. Choose Advanced Connection Mode.
  3. Check the box to set the selected Connection Mode as default.
  4. Press OK.
  5. Connect to the Olin 133 or Olin 124 projector. When prompted to allow Screen Recording in System Settings, select yes. If Privacy Settings do not automatically open, navigate to System Preferences > Security & Privacy > Privacy tab. On the lefthand side panel, click Screen Recording.
  6. Check the box next to iProjection.

Step Nine: Mac Cascade Letter

Customize (replace the items in bold italic that are placeholders) and print a Mac Existing Employee Letter for each user.

Step Ten: Delivery

Deliver the prepared Mac to the user and assist them with signing into Enterprise Connect.

  1. Sync their password using the 鶹Ƶ user setting page. If the the domain password will not sync with the computer password. Please try the following instructions:
    1. Copy the ConvertMobileToLocal.sh script from Macsoft/Tools to the desktop of the user you’d like to convert.
    2. Open Terminal and run the following command: cd /Users/<theusername>/Desktop where <theusername> is the 鶹Ƶ username of the Mac you’re working on.
    3. Then, run the following command sudo ./ConvertMobileToLocal.sh Don’t forget the period before the slash.
    4. Follow the instructions within Terminal. This will be the users current login password.
    5. Exit the interactive script after it’s completed.
    6. Click Allow access for contacts, calenders, etc.
    7. Run the following Terminal Command: pwpolicy -setpolicy canModifyPasswordforSelf=1
    8. Restart and try the syncing process.
    9. Make sure Filevault is turned
      1. Make sure you click store recovery key with MDM.
  1. Open Enterprise Connect and have them sign in with their 鶹Ƶ username and password.
  2. When prompted, enter their login password changeme. Enterprise Connect should report the passwords are in sync.
  3. Answer any additional questions they may have.

Step Eleven: Store Old Equipment

Please give Mike the old laptop once delivery has been completed.

Troubleshooting

Q: Crashplan won't let me log in as the user?

A: Restart the Mac and re-open Crashplan

Retrieved from "/gts/w/index.php?title=Employee_-_Existing_-_Mac&oldid=38634"