By Danny Knox

December 17, 2018

  0

How-To With T2—Imaging Newer Mac Computers with the T2 Chip

Parallels® Mac Management for Microsoft® SCCM version 7.0 enhances the ability of the USB utility to boot a Mac to the Task Sequences and OSD images without the use of NetBoot®. Parallels Mac Management still uses NetBoot on the distribution point (DP) to handle images but not to boot. If you want to image from macOS® Mojave, you’ll need to upgrade to version 7.1 which has full support for macOS Mojave. 

Note: Apple® left macOS High Sierra 10.13 with a broken ASR process that builds images from macOS. It isn’t until macOS Mojave 10.14 that you can build images. Apple came out with T2 chips on 2017 iMac® and 2018 MacBook® Pro. Most recently, MacBook® Air and Mac mini all have T2 chips and effectively kill NetBoot. 

The latest release of Parallels Mac Management  is version 7.2. See our release notes for all the new features. The only way to image a Mac with a T2 chip set with Task Sequences and OSD images is with the Parallels Mac Management USB utility. 

If you want to deploy macOS High Sierra 10.13 you’ll need to build boot and restore images from macOS High Sierra 10.13.3 or older. You can then use WSUS to upgrade to macOS High Sierra 10.13.6, the highest patched version.

Workflow Overview:

• • Create a bootable USB drive (flash drive or HDD). Be careful, it will re-format the media used. A minimum 2 GB RAM device is required.
  • Start the Mac and boot into Recovery
  • Relax Secure Boot settings and External Boot on the Mac in Recovery
  • Boot from the USB stick by re-starting the Mac, holding the Option button, and selecting USB as the boot drive. 

Creating a Bootable USB Drive 

If for any reason you can’t use a network boot during OS deployment, you can create a bootable USB drive (flash drive or HDD) and boot each Mac computer from it. 

To create a bootable drive, download the Image Builder utility to the Mac: 

• • In the Configuration Manager console, navigate to Administration / Overview / Parallels Mac Management / Mac Client Enrollment
  • In the Mac Client Enrollment list, right-click the Mac Client installation package download URL and then click Properties in the context menu
  • Copy and paste the URL into a text editor. Replace “pma_agent.dmg” with “PmmOsdImageBuilder.dmg”
  • On the Mac, open the resulting URL in a web browser to download the PmmOsdImageBuilder.dmg disk image file
  • After downloading the disk image file, mount it in macOS. You are now ready to use the utility to create a bootable USB drive. 

This utility allows you to create two kinds of bootable drives: 

• • Regular bootable drive 
  • Bootable drive with SSH access (see the Parallels Mac Management Administrator’s Guide for syntax). 

To continue, open Terminal and change the directory to the PmmOsdImageBuilder.dmg image mount point (e.g. /Volumes/Parallels OSD Image Builder 7.0.xxxx.yyyyyy). To create a regular bootable drive, execute the following command in Terminal: 

$ sudo ./pmm_osd_image_builder usbboot -t /Volumes/<usb volume name>

After creating the bootable drive, leave the USB media in the USB port ready to use after you change the settings for Secure Boot–Booting a T2 Mac. Note: a NetBoot image must be captured from a T2 Mac running macOS Mojave. 

Booting a T2 Mac

Tip: Be sure you have set an Administrative local account on the Mac prior to going into Recovery Mode.

Secure Boot settings are available in the Startup Security Utility:

• • Turn on the Mac, then press and hold Command (⌘)-R immediately after you see the Apple logo to start up from macOS Recovery
  • When you see the macOS Utilities window, choose Utilities > Startup Security Utility from the menu bar
  • When you’re asked to authenticate, click Enter macOS Password, then choose an administrator account and enter its password

Boot into recovery and relax (nice way to say turn off) Secure Boot and Allow USB. If you don’t make the changes to Secure Boot and External Boot you will receive this error – 

Close the Startup Security Utility.

Close the macOS Utilities window.

Select Boot from Startup Disk.

Select the newly created USB device, Parallels Mac OSD then press Restart.

The Mac will reboot using the USB stick and after a short period present the Task Sequence Login Screen.

The actual OSD restore image building process is still the same for Mojave as outlined in the Administrators Guide. 

You have 2 options: 

1. 1. Use the OSD Image Builder on a Mac to build the image from Terminal commands
   2. Use a Task Sequence to capture the image.

Image Capture and Deployment for T2 Mac Computers

The actual image to be captured has to be from a non-T2 Mac due to the file encryption scheme Apple uses with the T2 chipset. We recommend that this non-T2 Mac is running macOS High Sierra 10.13.6 or later. Every file is encrypted on a T2 Mac and therefore can’t be imaged, so you have to capture a macOS Mojave image from a non-T2 Mac and deploy it to a Mac with a T2 chipset. Note that a T2 Mac won’t be installed with anything earlier than macOS High Sierra 10.13.6.