• Diff for "admn2511"
Last updated at 2019-06-20 13:16:57 by admn2511
Differences between revisions 1 and 9 (spanning 8 versions)
Revision 1 as of 2018-03-29 12:56:13
Size: 10008
Editor: admn2511
Comment:
Revision 9 as of 2019-06-20 12:51:26
Size: 10739
Editor: admn2511
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
== Mac tips for Windows switchers == Editer
Line 3: Line 3:
== Learn how to perform some common tasks on your new Mac. === = Commissioning a Windows Laptop for BSG Deployment =
<<TableOfContents(3)>>
Line 5: Line 6:
 Right click Click the right corner of your Apple mouse, or click with two fingers on your Apple trackpad. You can change this in Mouse preferences and Trackpad preferences. Scroll, swipe, click Settings for scroll direction, swipe gestures, and button assignments are also in Mouse and Trackpad preferences. == Overview ==
This is the standard method of commissioning a BSG Windows Laptop onto the BSG domain. The laptop should be running Windows 10 Enterprise, and be BitLocker compatible.
Line 7: Line 9:
Close & resize windows Buttons for closing, minimizing, and maximizing a window are in the upper-left corner of the window. Change volume Use the volume control in the menu bar, or use the volume keys on your Apple keyboard. Fresh out of the box Dell Computers will have Windows 10 Enterprise installed. If you need to install a fresh version of Windows 10 Enterprise, please follow the below steps.
Line 9: Line 11:
Find files Use Spotlight to quickly find and open apps, documents, and other files. Open apps You can also use Launchpad and the Dock to open your apps (programs). == Installing Windows 10 ==
Line 11: Line 13:
Browse for files Looking for Windows File Explorer? Learn about the Finder. Throw files away Looking for the Recycle Bin? Use the Trash, which is in the Dock.  1. Download the latest Windows 10 bundle from the [[https://downloads.it.ox.ac.uk/itss/sls/MicrosoftOperating|University Microsoft Download Page]]. You will need to login with your SSO username and password.
Line 13: Line 15:
Rename files Click the file once to select it, then press the Return key and type a new name. Press Return when done. Preview files Preview most files on your Mac using Quick Look. Click the file once to select it, then press Space bar.  1. Create a [[https://www.microsoft.com/en-gb/download/windows-usb-dvd-download-tool|bootable Windows 10 USB drive]]. You will need this to install a fresh version of Windows 10.
Line 15: Line 17:
Back up files Time Machine keeps a copy of all your files, and it remembers how your system looked on any given day. Change Mac settings Looking for the Control Panel? Use System Preferences instead.  1. Boot from USB by pressing F12 on start-up, then choose your USB media from the boot options.
Line 17: Line 19:
Many Mac keyboard combinations use the Command (⌘) key. Learn more keys and keyboard shortcuts. Cut Command-X Copy Command-C Paste Command-V  1. Before installing Windows 10, wipe the hard drive to create a new single partition.
Line 19: Line 21:
Undo Command-Z Print Command-P Close window Command-W  1. Follow the steps to install Windows 10 Enterprise.
Line 21: Line 23:
Switch apps Command-Tab Quit app Command-Q Forward delete Fn-Delete or  1. Create an ladmin account when prompted, this will be the Local Admin account for the end-user. Create a sufficiently strong password and record this in 1Password. You can wait to do this till the end so that the rest of the process is quicker and easier.
Line 23: Line 25:
Find files Command–Space bar Force quit app Option-Command-Esc Take screenshot Shift-Command-3  1. Set a name based on the current naming convention and make a record of this on ‘Windows Computer List’ excel spreadsheet. Assign an asset number and log this in the windows excel spreadsheet.
Line 25: Line 27:
If you’re not sure what something is called on the Mac, here’s a list of Windows and Mac terms to help you find what you’re looking for. Note: On a portable Mac, you must press and hold the Fn key before pressing the other keys of a shortcut; for example, press Fn-Control-F2. Windows term Mac term Use Alt key Option key To enter special characters, press and hold the Option key in combination with letter keys. For example, to enter é, press Option-E, then press the E key again. Alt key Control-F2 To use the keyboard to open menus in the menu bar at the top of the screen, press Control-F2, then use the arrow keys to select a menu. Press Return to open the selected menu, then use the arrow and Return keys again to choose menu options. Alt-Tab Command-Tab To switch between open apps, press Command-Tab. Release the keys when the app you want is selected. Alt-Tab Exposé To see all the open windows in the current app, press and hold its icon in the Dock. Release the trackpad or mouse when thumbnail images of the windows appear. To see another app’s windows, press Tab. Close button Close button To close a window, click the red button in the top-left corner of a window. Control key Command key To perform actions or shortcuts, use the Command key with keyboard combinations. For example, pressing Command-S usually saves a document or file. Control Panel System Preferences To select preferences such as your desktop background, choose Apple menu > System Preferences. Device Manager System Information System Information gives you detailed information about your Mac hardware and software. Choose Apple menu > About This Mac. Disk drive eject button Media Eject key To open and close the optical drive, press the Media Eject key ⏏ on your keyboard. To eject disks in other types of drives (or if your keyboard doesn’t have the Media Eject key), select the disk in the Finder, then choose File > Eject.  1. Place a name and asset number sticker onto the back of the laptop.
Line 27: Line 29:
Exit Quit To exit from an app, choose Quit from the app menu. (The app menu is labeled with the app’s name; for example, Safari or Mail.) Flip 3D Mission Control To see all your open windows, press the Mission Control key (or use the Control Strip) or press Control-Up Arrow. To temporarily move all windows so you can see the desktop, press the Command and Mission Control keys at the same time. Gadgets Dashboard widgets Notification Center Today view Dashboard includes widgets to do things like take notes, monitor stocks, and show the weather. To open Dashboard, click the Launchpad icon in the Dock (or tap in the Control Strip). You can also get quick information in Today view in Notification Center. To open Notification Center, click its icon in the menu bar. == Binding to BSG Domain ==
Line 29: Line 31:
Microsoft Photo Editor Photos Use the Photos app to import your photos from your iOS device or camera, edit your photos, share your photos, and more. Mouse Mouse (one-button) If you have a one-button mouse and want to open a shortcuts menu, press and hold the Control key as you click. Mouse Magic Mouse, Mighty Mouse, or Apple Mouse If you have a Magic Mouse or other multiple-button mouse, you can customize the buttons by choosing Apple menu > System Preferences, then clicking Mouse. My Computer, This PC In the Finder, choose Go > Computer You see disks connected to your Mac, CDs and DVDs inserted in your optical disc drive, network volumes you’re connected to, and any disk partitions you have. My Documents, Documents folder Documents folder To store a document, use the Documents folder. To see your Documents folder, open a Finder window, then click Documents in the sidebar. My Pictures, Pictures folder Pictures folder The Pictures folder is located in your home folder. In the Finder, choose Go > Home. My Recent Documents Recent Items (in the Apple menu) As you open apps and files, their names are kept in the Recent Items list in the Apple menu. You can use Recent Items to quickly reopen apps and documents. Many apps include an Open Recent command in the File menu that lists documents you worked on recently. Network Connections Network preferences To configure network settings, choose Apple menu > System Preferences, then click Network. For help setting up or solving network problems, click “Assist me” in Network preferences. On-Screen Keyboard (OSK) Keyboard Viewer To open the Keyboard Viewer, in the menu bar click the Input menu (identified by the Show Emoji & Symbols icon or an input method character), then choose Show Keyboard Viewer. If you don’t see the menu, choose Apple menu > System Preferences, click Keyboard, click Keyboard, then select “Show keyboard and emoji viewers in menu bar.” Performance control panel Activity Monitor To see how your Mac is performing and which processes it’s running, open Activity Monitor (located in the Utilities folder in the Applications folder). Printers & scanners Printers & Scanners preferences To select and set up printers, choose Apple menu > System Preferences, then click Printers & Scanners. Print Screen Shift-Command-3 Shift-Command-4 To take a picture of the entire screen, press Shift-Command-3. To take a picture of part of the screen, press Shift-Command-4, then drag the pointer to select an area. Programs menu Launchpad For quick access to all your apps and utilities, click the Launchpad icon in the Dock (or tap in the Control Strip). Properties Get Info To see information about a file, folder, disk, server, or other item, select it in the Finder, then choose File > Get Info. In the Info window, you can set ownership and permissions for the item. For files, you can select the app that you want to open the file. Recycle Bin Trash (in the Dock) To delete files and folders, drag them to the Trash. To permanently delete the files, choose File > Empty Trash. Search Spotlight To find files, documents, apps, email, and other items, click the Spotlight icon in the menu bar, then enter a word or phrase. Many apps, such as the Finder, Mail, and Contacts, provide a search field in the toolbar where you can quickly search for items in the app. Shortcuts Alias To make an alias, select the file or app, then choose File > Make Alias. Snipping Tool Grab Use the Grab app (located in the Utilities folder in the Applications folder) to take pictures of a window, the screen, or a section of the screen. Standby Sleep (in the Apple menu) Sleep is a low-power mode. To put your computer to sleep, choose Apple menu > Sleep. Start menu and Task bar Dock Use the Dock to open your favorite apps, files, folders, and websites. By default, the Dock appears at the bottom of the screen. To add a file or folder to the Dock, drag it to the right of the Dock’s separator line. Start menu Spotlight To find files, email, and other items, click the Spotlight icon in the menu bar. Once you have booted into windows 10, you need to assign the computer the to BSG domain. Do this by following the below steps.
Line 31: Line 33:
Status icons Status menus Status menus appear as icons in the right half of the menu bar. Use status menus to connect to a wireless network, check the battery status of your portable Mac, and more. Task Manager Activity Monitor To see how your Mac is performing and which processes it’s running, open Activity Monitor (located in the Utilities folder, which is in the Applications folder). Windows Explorer Finder To organize files, folders, and apps, use the Finder. To open a Finder window, click the desktop, then choose File > New Finder Window. Windows Media Player QuickTime Player iTunes To play movies and music, use QuickTime Player. To listen to music CDs, purchase music from the iTunes Store, and create your personal digital music library, use iTunes. Windows MovieMaker iMovie To download video from your digital video camera and create your own movies, use iMovie. Cortana Siri Ask Siri to do things like open files or apps, or find things on your Mac or on the Internet. You can easily keep your Siri results handy on your desktop or in Notification Center. To use Siri, click the Siri icon in the menu bar (or use the Touch Bar).  1. Login to the [[https://nac.bsg.ox.ac.uk/tips|NAC]] and put the device on the 'User' VLan using its MAC address.

 1. Join the device to the BSG Domain, using your -s account to confirm.

  *On the Start screen, type Control Panel, and then press ENTER.
  *Navigate to System and Security, and then click System.
  *Under Computer name, domain, and workgroup settings, click Change settings.
  *On the Computer Name tab, click Change.
  *Under Member of, click Domain, type the name of the domain that you wish this computer to join, and then click OK.
  *Click OK, and then restart the computer.

 1. Once the computer has restarted, search for the new computer on the domain and place this in the correct computer group. This will then apply all necessary group polices for the computer.

 1. When the computer has restarted, login as the ladmin account. Remember to use the computer name with the username when logging in e.g. bsg-computername\ladmin.

 1. Check for any updates for windows and install them.

== Software Setup ==

 1. Uninstall 'MyOffice' if present, then download and install Microsoft Office 2016 from the [[https://downloads.it.ox.ac.uk/itss/sls/MicrosoftOffice|University Microsoft Download]] site.

 1. Navigate to [[https://www.dell.com/support/home/us/en/04|Dell Support]] page and in install any missing drivers. Make sure to install any dock patches that may be needed.

 1. Install the following software:
  *Sophos Endpoint
  *Microsoft Teams
  *Chome
  *FireFox
  *Adobe Reader
  *Forticlient

 1. For Oracle Financials users, install the [[https//downloads.it.ox.ac.uk/itss/jre|University Java package]]

 1. For CoreHR users you must follow the setup instructions at the [[https://www.admin.ox.ac.uk/personnel/usinghris/trainingandaccess/accesstocorehr/localit/#d.en.68267|CoreHR Local IT]] webpage.

 1. For Oracle Financial users, you must follow the setup instructions at the [[https://www1.admin.ox.ac.uk/finance/support/access_support/technicalsupport|Oracle Financials Technical Support]] page.



This is automatically followed by the 'Planting' stage where essential configuration for security, binding, branding etc and installation of the munki software deployment tools including the Orchard Software Centre. Once Planting is complete the user is prompted to restart and Orchard Software Centre (munki) will deploy software.

For macOS 10.13 onwards the jamf binary is downloaded via MDM.

== Prerequisites ==
 1. You have an account on the Orchard JSS with the privilege 'JSS Actions' --> 'Enrol Computers and Mobile Devices'.
 1. You have the credentials for an admin account on the Mac. All BSG Macs use ‘ladmin’ as the local admin account username. The Site Admin account, or ‘sadmin’ is installed automatically as part of enrolment.
 1. The Mac has been assigned a name based on the computer name list found on Live. The name must always have the ‘bsg-‘ prefix. The only exception to this rule is for the AV Mac Mini’s.
 1. Print out and stick a name label onto the back of the Macbook if it's a new device. Make a note or assign an Asset Tag number and stick the corresponding sticker on the back.
 1. If the Mac has an ethernet port, this needs to be put on the [[https://nac.bsg.ox.ac.uk/tips/tipsLogin.action|NAC]] under the 'User' Vlan.
 1. The Mac's storage has a single partition named 'Macintosh HD'.

== Process ==
=== Prepare for enrolment ===
 1. Whether the Mac is fresh out of the box or a reinstallation, create an {{{ladmin}}} account as part of the Setup Assistant. You can use an easy password for this section of enrolment for ease. You will need to set a complex password and record this in 1Password later.
 1. Login to the Mac using the {{{ladmin}}} account.
 1. In System Preferences --> Sharing, check the Computer Name has the bsg- prefix eg. {{{bsg-Macbook}}}. This will be the name used to create the Computer Record in the Orchard JSS. It will also be used to bind the Mac to the BSG Active Directory.
 1. Close all open documents and applications.

=== Enrol and prepare for Planting ===
 1. On the Mac to be commissioned, browse to {{{https://jss.orchard.ox.ac.uk/enrol}}} to start the enrolment process.
 1. ''Complete this process to add your Mac'': Enter your JSS User Account credentials.

{{attachment:Enrol 1.png}}

 1. ''Assign to user'': enter the end-user's SSO username (abcd1234), click the spyglass and wait for a tick or cross to appear.
  * If a cross appears this means the user needs to be added to the JSS, first check if an AD account has been created for them. If this is going to be a shared computer, enter your own SSO instead and click the spylass again. You can then amend the user details in the JSS after enrolment has completed.
  * The user search relies on the Orchard JSS being bound to an Active Directory containing your users' data. If this has not been configured, leave the username field blank and set it in the Computer Record after enrolment.

{{attachment:Enrol 2.png}}

 1. ''Assign to user'': Once the tick has appeared click 'Enrol'.
 1. ''To continue with enrolment...'': Click Continue to download and open the MDM profile.

{{attachment:Enrol 3.png}}

 1. ''Are you sure you want to install...'': Click Continue to install the MDM profile.

INSTALL STEP 2

 1. ''Are you sure you want to install...'': Check the details of the profile then click Install.

INSTALL STEP 3

 1. ''Profiles wants to make changes'': Enter credentials for the ladmin account.

STEP 4

 1. ''Profiles'': Note the MDM profile is now Verified.

STEP 5

 1. ''Profiles'': The Privacy Preferences Policy profile should then install automatically.

STEP 6

 1. Enrolment is now complete and Planting policies will start executing in the background.

=== Planting and software deployment ===
 1. The Planting policies are triggered automatically after enrolment and will take around five minutes to complete. These configure security, binding, branding etc and install 'Orchard Software Centre' (munki) for software deployment.
  * To follow the results of the Planting policies, run {{{tail -f /var/log/jamf.log}}} in a Terminal window.
 1. ''Computer record'': While waiting for the Planting policies to complete, sign into the Orchard JSS at https://jss.orchard.ox.ac.uk and find the new computer.
 1. ''Computer record'': In General, edit the page and add an Asset Tag number based on the sticker you chose.

GENERAL ASSET TAG PICTURE

 1. ''Computer record'': In User & Location, check the user and correct it to the end-user's if necessary.

USER & LOCATION PICTURE

 1. ''Computer record'': In Purchasing, enter the PO Number and PO Date.

PURCHASING PICTURE

 1. ''A restart is needed'': Once the Planting policies are complete you will see this dialog. Click the 'Restart in 2 Minutes' button and '''wait for the Mac to automatically restart'''.

PLANTING RESTART PICTURE

 1. ''Orchard Software Centre'': After the Mac restarts, the login screen should appear but be locked immediately. Orchard Software Centre should then automatically install Apple Software Updates followed by software titles. This may require one or more automated restarts.
 1. Orchard Software Centre will close after all software is installed.

=== MacBooks only: Initiate FileVault encryption ===
If you are commissioning a !MacBook it will receive a Configuration Profile to enable !FileVault at login. Encryption will only proceed if the '''ladmin''' account is used; it will not happen if any other account logs in.

Follow the encryption workflow for macOS 10.13 onwards on [[https://docs.orchard.ox.ac.uk/ITSS/FileVault#Supported_workflow_for_encrypting_macOS_10.13_or_later|'FileVault - Information for IT Support Staff']], then return here to complete the remainder of the commissioning process.

=== Confirm Configuration Profiles, restrict admin rights and hand over to user ===
 1. On the Mac, confirm in ''System Preferences >>> Profiles'' that all the Configuration Profiles listed in the Mac's JSS Computer Record under Management have been installed.
 1. Restrict admin rights as appropriate:
  * Reset the 'ladmin' password using 1Password to both generate a password and to save it.
 1. Logout of the 'ladmin' account so that the standard Mac login screen shows. The new user can then enter their BSG credentials.
 1. You should now be able to hand over the Mac to the user.
 1. Once they have logged in, you will need to enter the 'ladmin' password stored in 1Password. This will then encrypt the laptop, and set the user as the main login account.

To troubleshoot issues check the computer record in the JSS for failed policies (History --> Policy Logs), and check the Orchard Software Centre install log for failures at {{{/var/log/munki/Install.log}}}

Editer

Commissioning a Windows Laptop for BSG Deployment

Contents

  1. Commissioning a Windows Laptop for BSG Deployment
    1. Overview
    2. Installing Windows 10
    3. Binding to BSG Domain
    4. Software Setup
    5. Prerequisites
    6. Process
      1. Prepare for enrolment
      2. Enrol and prepare for Planting
      3. Planting and software deployment
      4. MacBooks only: Initiate FileVault encryption
      5. Confirm Configuration Profiles, restrict admin rights and hand over to user

Overview

This is the standard method of commissioning a BSG Windows Laptop onto the BSG domain. The laptop should be running Windows 10 Enterprise, and be BitLocker compatible.

Fresh out of the box Dell Computers will have Windows 10 Enterprise installed. If you need to install a fresh version of Windows 10 Enterprise, please follow the below steps.

Installing Windows 10

  1. Download the latest Windows 10 bundle from the University Microsoft Download Page. You will need to login with your SSO username and password.

  2. Create a bootable Windows 10 USB drive. You will need this to install a fresh version of Windows 10.

  3. Boot from USB by pressing F12 on start-up, then choose your USB media from the boot options.
  4. Before installing Windows 10, wipe the hard drive to create a new single partition.
  5. Follow the steps to install Windows 10 Enterprise.
  6. Create an ladmin account when prompted, this will be the Local Admin account for the end-user. Create a sufficiently strong password and record this in 1Password. You can wait to do this till the end so that the rest of the process is quicker and easier.
  7. Set a name based on the current naming convention and make a record of this on ‘Windows Computer List’ excel spreadsheet. Assign an asset number and log this in the windows excel spreadsheet.
  8. Place a name and asset number sticker onto the back of the laptop.

Binding to BSG Domain

Once you have booted into windows 10, you need to assign the computer the to BSG domain. Do this by following the below steps.

  1. Login to the NAC and put the device on the 'User' VLan using its MAC address.

  2. Join the device to the BSG Domain, using your -s account to confirm.
    • On the Start screen, type Control Panel, and then press ENTER.
    • Navigate to System and Security, and then click System.
    • Under Computer name, domain, and workgroup settings, click Change settings.
    • On the Computer Name tab, click Change.
    • Under Member of, click Domain, type the name of the domain that you wish this computer to join, and then click OK.
    • Click OK, and then restart the computer.
  3. Once the computer has restarted, search for the new computer on the domain and place this in the correct computer group. This will then apply all necessary group polices for the computer.
  4. When the computer has restarted, login as the ladmin account. Remember to use the computer name with the username when logging in e.g. bsg-computername\ladmin.
  5. Check for any updates for windows and install them.

Software Setup

  1. Uninstall 'MyOffice' if present, then download and install Microsoft Office 2016 from the University Microsoft Download site.

  2. Navigate to Dell Support page and in install any missing drivers. Make sure to install any dock patches that may be needed.

  3. Install the following software:
    • Sophos Endpoint
    • Microsoft Teams
    • Chome

    • FireFox

    • Adobe Reader
    • Forticlient

  4. For Oracle Financials users, install the University Java package

  5. For CoreHR users you must follow the setup instructions at the CoreHR Local IT webpage.

  6. For Oracle Financial users, you must follow the setup instructions at the Oracle Financials Technical Support page.

This is automatically followed by the 'Planting' stage where essential configuration for security, binding, branding etc and installation of the munki software deployment tools including the Orchard Software Centre. Once Planting is complete the user is prompted to restart and Orchard Software Centre (munki) will deploy software.

For macOS 10.13 onwards the jamf binary is downloaded via MDM.

Prerequisites

  1. You have an account on the Orchard JSS with the privilege 'JSS Actions' --> 'Enrol Computers and Mobile Devices'.

  2. You have the credentials for an admin account on the Mac. All BSG Macs use ‘ladmin’ as the local admin account username. The Site Admin account, or ‘sadmin’ is installed automatically as part of enrolment.
  3. The Mac has been assigned a name based on the computer name list found on Live. The name must always have the ‘bsg-‘ prefix. The only exception to this rule is for the AV Mac Mini’s.
  4. Print out and stick a name label onto the back of the Macbook if it's a new device. Make a note or assign an Asset Tag number and stick the corresponding sticker on the back.

  5. If the Mac has an ethernet port, this needs to be put on the NAC under the 'User' Vlan.

  6. The Mac's storage has a single partition named 'Macintosh HD'.

Process

Prepare for enrolment

  1. Whether the Mac is fresh out of the box or a reinstallation, create an ladmin account as part of the Setup Assistant. You can use an easy password for this section of enrolment for ease. You will need to set a complex password and record this in 1Password later.

  2. Login to the Mac using the ladmin account.

  3. In System Preferences --> Sharing, check the Computer Name has the bsg- prefix eg. bsg-Macbook. This will be the name used to create the Computer Record in the Orchard JSS. It will also be used to bind the Mac to the BSG Active Directory.

  4. Close all open documents and applications.

Enrol and prepare for Planting

  1. On the Mac to be commissioned, browse to https://jss.orchard.ox.ac.uk/enrol to start the enrolment process.

  2. Complete this process to add your Mac: Enter your JSS User Account credentials.

[ATTACH]

  1. Assign to user: enter the end-user's SSO username (abcd1234), click the spyglass and wait for a tick or cross to appear.

    • If a cross appears this means the user needs to be added to the JSS, first check if an AD account has been created for them. If this is going to be a shared computer, enter your own SSO instead and click the spylass again. You can then amend the user details in the JSS after enrolment has completed.
    • The user search relies on the Orchard JSS being bound to an Active Directory containing your users' data. If this has not been configured, leave the username field blank and set it in the Computer Record after enrolment.

[ATTACH]

  1. Assign to user: Once the tick has appeared click 'Enrol'.

  2. To continue with enrolment...: Click Continue to download and open the MDM profile.

[ATTACH]

  1. Are you sure you want to install...: Click Continue to install the MDM profile.

INSTALL STEP 2

  1. Are you sure you want to install...: Check the details of the profile then click Install.

INSTALL STEP 3

  1. Profiles wants to make changes: Enter credentials for the ladmin account.

STEP 4

  1. Profiles: Note the MDM profile is now Verified.

STEP 5

  1. Profiles: The Privacy Preferences Policy profile should then install automatically.

STEP 6

  1. Enrolment is now complete and Planting policies will start executing in the background.

Planting and software deployment

  1. The Planting policies are triggered automatically after enrolment and will take around five minutes to complete. These configure security, binding, branding etc and install 'Orchard Software Centre' (munki) for software deployment.

    • To follow the results of the Planting policies, run tail -f /var/log/jamf.log in a Terminal window.

  2. Computer record: While waiting for the Planting policies to complete, sign into the Orchard JSS at https://jss.orchard.ox.ac.uk and find the new computer.

  3. Computer record: In General, edit the page and add an Asset Tag number based on the sticker you chose.

GENERAL ASSET TAG PICTURE

  1. Computer record: In User & Location, check the user and correct it to the end-user's if necessary.

USER & LOCATION PICTURE

  1. Computer record: In Purchasing, enter the PO Number and PO Date.

PURCHASING PICTURE

  1. A restart is needed: Once the Planting policies are complete you will see this dialog. Click the 'Restart in 2 Minutes' button and wait for the Mac to automatically restart.

PLANTING RESTART PICTURE

  1. Orchard Software Centre: After the Mac restarts, the login screen should appear but be locked immediately. Orchard Software Centre should then automatically install Apple Software Updates followed by software titles. This may require one or more automated restarts.

  2. Orchard Software Centre will close after all software is installed.

MacBooks only: Initiate FileVault encryption

If you are commissioning a MacBook it will receive a Configuration Profile to enable FileVault at login. Encryption will only proceed if the ladmin account is used; it will not happen if any other account logs in.

Follow the encryption workflow for macOS 10.13 onwards on 'FileVault - Information for IT Support Staff', then return here to complete the remainder of the commissioning process.

Confirm Configuration Profiles, restrict admin rights and hand over to user

  1. On the Mac, confirm in System Preferences >>> Profiles that all the Configuration Profiles listed in the Mac's JSS Computer Record under Management have been installed.

  2. Restrict admin rights as appropriate:
    • Reset the 'ladmin' password using 1Password to both generate a password and to save it.
  3. Logout of the 'ladmin' account so that the standard Mac login screen shows. The new user can then enter their BSG credentials.
  4. You should now be able to hand over the Mac to the user.
  5. Once they have logged in, you will need to enter the 'ladmin' password stored in 1Password. This will then encrypt the laptop, and set the user as the main login account.

To troubleshoot issues check the computer record in the JSS for failed policies (History --> Policy Logs), and check the Orchard Software Centre install log for failures at /var/log/munki/Install.log