Employee - Existing - Mac

Existing Faculty or Staff Mac Cascade

---

Imaging and/or Cascading Quick Links

• What is Imaging? - Imaging
• Macintosh Imaging/Cascading Directions - Mac Imaging
• Windows Imaging/Cascading Directions - Windows Imaging
• Cascade Letters - Universal Cascade Letter
• Computer Drop Off and Pick Up Procedure - Computer Drop Off Procedure

---

Cascade Checklist

Checklist created to help with the cascade process.

• Checklist for Macintosh Cascade

Register the Mac

Starting February 2nd, 2022 - personal devices are no longer required to register devices on the Gustavus network.

Step One: Check Crashplan for Backup Status/Run Sync

1. Log into https://www.crashplan.com/login
2. Enter the computer name of the device in the search field.
3. Verify the backup is at least 99% complete.
4. When logged in as the user, run Run CrashPlan Sync.

Step Two: Provision the New Mac

All Macs are now being provisioned with Jamf. This is similar to bootstrapping. Please confirm with a full time staff that the device is assigned to the correct server in Apple School Manager.

If a Mac has been used before, and/or is an Intel device:

1. Connect a provisioning drive to the Mac.
2. Boot the Mac to Recovery Mode by powering on the Mac and holding down command+r
3. Select Utilities --> Terminal
4. Type the command /Volumes/macOS/run in the Terminal window.
5. Terminal will ask which drive you'd like to bootstrap. Select the drive labeled Macintosh HD. If you don't see a drive labeled Macintosh HD you will need to partition the drive with Disk Utility first. Make sure to select the top, "parent" drive of the Mac. If you do not see the Apple SSD, click on the View option and choose "View All Devices" to select the Apple SSD. Click erase, name the drive Macintosh HD and leave other default settings.
6. In Terminal: After you've selected the drive, Terminal will ask you if you want to erase the target volume before install. Type y and press return.

If this is a new, out-of-box M1 or M2, you will not need to reinstall the OS as they come shipped with Monterey. Once booted, you can go through the onscreen set up prompts.

Step Three: Initial MDM Configuration

Once the Mac has been provisioned, it will reboot and you will be presented with the macOS initial setup window. Follow the onscreen prompts.

Important: Make sure you see a screen that says "Remote Management" and "Gustavus Adolphus College can automatically configure your computer". If you don't see this screen the Mac will need to be moved to the correct MDM server. Any dutyperson should be able to move it for you if you provide them with the serial number of the Mac.

Wait about 10-15 seconds until the login screen shows the fields for username and password.

1. Log into admin account
2. Enable FileVault
3. Big Sur or Monterey only - Choose “Not Now” on Accessibility screen
4. If prompted, click OK for System Extension Blocked by HP Inc.
5. Open Terminal and run sudo jamf policy to force checkin. This will install apps and settings for the machine. Please let this run until it is finished. This will take approximately 10-20 min.
6. Check to see if CrashPlan, Enterprise Connect, Google Chrome, and Office are installed.
7. If not, run sudo jamf policy again

Step Four: Data Restoration and User Account Creation

Gustavus uses Migration Assistant, an app built into macOS, to move data and users to a new Mac laptop. Migration Assistant can use a variety of sources to move data including DeployStudio backups, Time Machine Backups, and Macs booted to target disk mode.

This guide will start with how to connect to the various data source types.

Sync Domain Password with FileVault Password

On the old Mac, find out what kind of account the user is. To view this information, please visit System Preferences, Users and Groups. Does the user account say Managed/Mobile, or does it say Admin?

If the user account says Admin, Managed, Mobile, you will need to follow the directions below.

1. 1. Ask the user to log in to their mac
   2. Reset domain password
   3. Write down domain password for the user on the purple sheet and for GTS on the blue sheet
   4. While the computer is logged in, click the Apple Menu and click Log out.
   5. Log in with their username and the reset domain password.
   6. If this doesn't work, you will need to run AD Fix. If it does work please skip to letter n
   7. To run ad fix, please have them log in with their username and password.
   8. Click Go, Connect to Server, and log into macsoft.gac.edu as your username and password.
   9. Go to the Tools folder, and drag ADFix to the desktop.
   10. Double click AD Fix, and type in the admin credentials to run.
   11. On an employee's computer, click rebind employee
   12. you will receive a progress report and it will closed when it is done running.
   13. Once AD fix is done running, please log out again and try again with their username and password.
   14. If this works, restart the computer and try the reset domain password at the FileVault login.
   15. If it doesn't work, have the user log in again with their computer password, and try restarting again and log in with the username and temporary domain password.
   16. The reset domain password has been successfully synced with their FileVault password.

If the user account says Admin, you will need to sync the reset domain password via Enterprise Connect.

1. 1. Reset the user's domain password
   2. Open Enterprise Connect
   3. Log into Enterprise Connect with the username and reset domain password. Make sure the button that says "sync active directory password with computer password box is checked."
   4. Restart the computer and log into the computer with the reset domain password.

Target Disk Mode (Preferred Method)

Target Disk Mode allows the Mac to act as a really big (really expensive) external hard drive. To boot to Target Disk Mode follow these steps:

1. Power off the Mac you'd like to transfer data from.
2. Power on the Mac and hold down the T key. You will see a bouncing Thunderbolt symbol indicating that the Mac as booted to Target Disk Mode.
3. Connect the Target Disk Mode Mac to the new Mac using the appropriate cable and adapter (a Thunderbolt cable with a Thunderbolt to USB-C adapter in most cases).

User Creation/Restoring Data Using Migration Assistant

Migration Assistant can transfer data from a Mac booted to Target Disk Mode, a DeployStudio backup, or a TimeMachine Backup. If these methods do not work, ask a dutyperson for help restoring using Crashplan.

Follow these steps to restore data using Migration Assistant.

1. Log in as admin on the Mac you'd like to transfer data to.
2. Mount or connect the data source as detailed above. Type in the computer password (old computer) to unlock the drive.
3. Click Don't Use when presented with the time machine prompt.
4. Open Migration Assistant located in the /Applications/Utilities folder or by using Spotlight search.
5. Click continue and follow the on screen prompts from Migration Assistant.
6. Ignore any FileVault requests by clicking cancel.
7. Select the default option, "From a Mac, Time Machine backup, or startup disk" and click Continue.
8. Migration Assistant will scan for data sources. Select Macintosh HD and click continue.
9. Migration Assistant will then begin scanning the drive to look for user accounts and data to transfer.
10. Deselect everything except the user account you'd like to transfer and click continue.
11. Set a temporary password for the user account; changeme is standard and click continue.
12. You'll then be prompted to authorize the transfer using the admin account. Click on Authorize and enter the admin password. Then click continue.
13. Migration Assistant will begin transferring data. Depending on how much data is being transferred, Migration Assistant could take anywhere from a few minutes to a few hours.

Step Five: Verify Data Restore

Check to make sure that data restoration method you used has completed successfully. Check bookmarks, Documents, Desktop to verify their data is in place.

Step Six: Install Printers & Update/Install Other Software

1. Use Software Center to install the printers.
2. Use Software Center to install software that the user wants installed. Refer to ticket for specialized software requests.

Step Seven: Set up Code42

1. Open the Code42 app under their user.
2. Click Set up Device
3. Click Replace Existing
4. Click the old computer name.
5. Skip File Transfer
6. Log back in to Code42 as the user and click "finish" to complete the setup

Step Eight: Install iProjection

iProjection is replacing EasyMP, and is in Software Center. If you have issues installing from SC, please visit the Epson website to download the installer for Mac. Select Epson iProjection v3.30 for Mac (with Moderator) from under the Utilities menu.

1. After installation, open iProjection.
2. Choose Advanced Connection Mode.
3. Check the box to set the selected Connection Mode as default.
4. Press OK.
5. Connect to the Olin 133 or Olin 124 projector. When prompted to allow Screen Recording in System Settings, select yes. If Privacy Settings do not automatically open, navigate to System Preferences > Security & Privacy > Privacy tab. On the lefthand side panel, click Screen Recording.
6. Check the box next to iProjection.

Step Nine: Mac Cascade Letter

Customize (replace the items in bold italic that are placeholders) and print a Mac Existing Employee Letter for each user.

Step Ten: Delivery

Deliver the prepared Mac to the user and assist them with signing into Enterprise Connect.

1. Sync their password using the Gustavus user setting page. If the the domain password will not sync with the computer password. Please try the following instructions:

1. 1. Copy the ConvertMobileToLocal.sh script from Macsoft/Tools to the desktop of the user you’d like to convert.
   2. Open Terminal and run the following command: cd /Users/<theusername>/Desktop where <theusername> is the Gustavus username of the Mac you’re working on.
   3. Then, run the following command sudo ./ConvertMobileToLocal.sh Don’t forget the period before the slash.
   4. Follow the instructions within Terminal. This will be the users current login password.
   5. Exit the interactive script after it’s completed.
   6. Click Allow access for contacts, calenders, etc.
   7. Run the following Terminal Command: pwpolicy -setpolicy canModifyPasswordforSelf=1
   8. Restart and try the syncing process.
   9. Make sure Filevault is turned
      1. Make sure you click store recovery key with MDM.

1. Open Enterprise Connect and have them sign in with their Gustavus username and password.
2. When prompted, enter their login password changeme. Enterprise Connect should report the passwords are in sync.
3. Answer any additional questions they may have.

Step Eleven: Store Old Equipment

Please give Mike the old laptop once delivery has been completed.

Troubleshooting

Q: Crashplan won't let me log in as the user?

A: Restart the Mac and re-open Crashplan

Alternative Data Transfer Options

TimeMachine Backup

Time Machine Backups can be used on any Mac. Simply connect the TimeMachine drive to the new Mac.

Crashplan

Crashplan can be used in emergency circumstances where no other data source is available. To use Crashplan as a data source, create a user account for the user while signed into the admin account. Then log in as the user and follow the MacOS crashplan restore guide on the wiki.