Deploying one or 100 Macs have never been easier with the Mac Deploy Stick.
The current state of IT is rooted in the “do more, with less” mentality, which finds IT pros faced with daunting tasks and never-ending streams of tickets or work orders with skeleton crews. However, with a bit of mindfulness, consideration, and a few good tools, IT can and does deliver on all support fronts.
One such tool I’m happy to say is on the Mac side of things. Mac admins needed a win with Apple’s triple threat of near simultaneously removing NetBoot from macOS Server, enabling Secure Boot to lock out booting of any “unauthorized” devices, and beefing up System Integrity Protection (SIP) to the point where some legitimate software no longer runs. IT pros charged with provisioning Macs have been in a lurch when some of their most prized tools were rendered useless with the release of macOS Mojave.
SEE: Server deployment/migration checklist (Tech Pro Research)
Allow me to welcome Mac Deploy Stick (MDS) from Twocanoes. According to the developer’s website its, “the easiest, fastest way to deploy Macs.” And they’re not wrong. Unlike image-based deployments, MDS uses Apple’s macOS installer to fully install macOS on a device. While using the startosinstall command implemented in High Sierra, it uses the —installpackage flag to chain together any number of flat packages that will be installed after OS is deployed, but before the device performs its final reboot.
By leveraging this command, admins are given the choice of provisioning a device that will be ready to use once the final reboot takes effect, or minimally provision a device with the necessary tools to allow it to communicate with a first- or third-party management suite like an MDM, Profile Manager, or Munki, where it will then carry out the last leg of its configuration and policy changes.
MDS is all about speed and flexibility. MDS is a lightweight app with a decidedly small footprint that clocks in at just under 30MB (yes, MB not GB). It copies to your Mac just as most apps do. Launch MDS, and it will bring you to the main screen where the bulk of the heavy lifting will occur to configure it to support your organization (Figure A).
Relaying on workflows to accomplish specific tasks, these workflows act as blueprints, guiding the app to perform tasks you’ve outlined including OS deployment, package installation, script processing, and profile installation. There’s no known limit to the number of workflows that may be created, and these may be set to active when you wish for them to be in use or deactivated when they are not needed, but you do not wish to delete them permanently. By default, there are no workflows configured but clicking on the “+” begins the process of creating one (Figure B).
Each workflow has several sections to it, some or all may be used, but they do not all need to be configured. For example, you may wish to create a workflow that merely installs some applications or processes a few scripts on an as-needed basis. These can reside alongside the other workflows without compromising the integrity of either (Figure C).
Once the workflows are created, they must be exported for use during the actual deployment, and of course, testing phase. MDS exports the contents to an external drive for standalone USB-based deployments, volumes such as those found on file shares, or finally as disk images, which may be hosted on web servers (Figure D).
After the source files get exported, it’s time to provision a device. Begin by booting the device into Recovery Mode if using the file share/web server method, otherwise just boot directly to the USB drive. While in recovery, access the Terminal and enter the commands necessary to mount the newly created disk image and kick off MDS. Once loaded, you’ll be prompted to select from a list of workflows. Run the desired one (Figure E).
One of the key points that I’ve saved for last is the automation feature found within MDS. While manually provisioning a dozen devices wouldn’t be too taxing, once that number swells beyond 100, well, you’re going to want some automation to reproduce the repetitive command inputs and leverage inexpensive Arduino boards. Twocanoes included a built-in programming utility baked into MDS that configures and flashes your Arduino boards with a set of commands to replicate every step that must be taken in the recovery partition. Just hold down the Command+R keys during boot to get to recovery, then plug in the “automaton” and allow it to magically automate all the rest (Figure F).
Free to use
Did I forget to mention that MDS is free? The MDS application is free to use, and I highly recommend all Mac admins giving it a trial run to see how it works with their enterprise’s set up. Twocanoes charges $29.99 for the MDS license, which includes one year of support. Volume license and enterprise level plans are also available with support included.
In the few weeks that I’ve tested MDS, I’ve come to enjoy its ease of use and modular approach to deployment. I’ve tested thin-provisioning, which only install the OS and Munki tools, allowing me to manage everything else on the backend for a mostly zero-touch deployment. I’ve performed full provisioning, which included everything needed to get a device end-user ready—both worked superbly.
The best advice I can provide is to double- and triple-check your scripts for compatibility with Mojave. Some of what I believed was working was, in fact, no longer supported or was changed so much it no longer worked.