XPUB-LB Macs Helpdesk: Difference between revisions
m (Manetta moved page XPUB-LB Macs helpdesk to XPUB-LB Macs Helpdesk) |
|||
(9 intermediate revisions by the same user not shown) | |||
Line 20: | Line 20: | ||
# Start the Mac. | # Start the Mac. | ||
# When on the login window, click on the time in the right upper corner | # When on the login window, click on the time in the right upper corner. | ||
# You can click multiple times to show you an ip address starting with 145.24.xxx.xxx or the name of the computer. If there isn’t an ip number, there’s no network. The name of the computer is important for me if there’s another problem I need to solve if needed. | # You can click multiple times to show you an ip address starting with 145.24.xxx.xxx or the name of the computer. If there isn’t an ip number, there’s no network. The name of the computer is important for me if there’s another problem I need to solve if needed. | ||
Line 47: | Line 47: | ||
==Data== | ==Data== | ||
===Students are responsible for their own data=== | |||
The students are responsible for the data they put on those machines. | The students are responsible for the data they put on those machines. | ||
Line 55: | Line 55: | ||
Onedrive has limitations with characters in file of folder names. | Onedrive has limitations with characters in file of folder names. | ||
===Whiping/re-installing=== | |||
<del>Students or staff can start the “EraseInstall” app from the applications folder to totally erase the machine and re-install. | |||
<del>All data will be gone! It will ask for admin permissions before. </del> | |||
<del>After the system is re-installed you need to follow the setup assistant. </del> | |||
<del>When a login is asked so the Mac can be managed use your Hogeschool credentials. Just studentnumber/username without @hro.nl and the correct password. </del> | |||
<del>You should follow this procedure when an Mac is being transferred from a graduated student to a new student.</del> | |||
'''Update AUG 2022''': Due to changes to access the harddrive in macOS you can’t use the app EraseInstall anymore. | |||
'''To re-purpose a Mac the following requirements are needed''': | |||
* working ethernet connection | |||
* Check the computername and year of purchase. The computername starts with department name, follow by a number. The first 2 digits resemble year of purchase. To get the computername: When on the login window, click on the time in the right upper corner. This is a Google switch between: IP address if ethernet is active, macOS version and computername | |||
* The macOS installer app need the be installed in /Applications. If it's not, run HR app-store to get the appropriate installer. | |||
* All iMacs from 2014 run macOS Catalina as the latest macOS version, they should receive the Catalina installer | |||
* All other iMac newer than 2014 and Macpro's can run macOS Monterey. | |||
* If the HR app-store doesn't get the installer, instal it manually using the Onedrive link or usb stick that de servicedesk employees have. | |||
When all the requirements are met, run the appropriate command in Terminal.app: Use the following to get all the option of the tool: | |||
"/Applications/Install macOS Monterey.app/Contents/Resources/startosinstall" —usage | |||
Current OS 10.14 and 10.15 and can only run 10.15: | |||
macOS 10.15 command: | |||
"/Applications/Install macOS Catalina.app/Contents/Resources/startosinstall" --agreetolicense --eraseinstall | |||
Current OS 10.14, 10.15 en 11 and hardware can run macOS 12 Monterey: | |||
"/Applications/Install macOS Monterey.app/Contents/Resources/startosinstall" --agreetolicense --eraseinstall | |||
Current macOS is macOS 12 Monterey and the Mac is from 2020, run the Erase all contents and settings: | |||
* Open System Preferences | |||
* Click on the left upper corner "System Preferences" name and choose "Erase all contents and settings" | |||
This is the current and future method to re-install Macs. There's no need to re-install the whole macOS anymore as the system partition is read only and sealed and the current macOS is running from a snapshot of that system. Only works on T2 Macs and Apple Silicon Macs | |||
'''Important''': When the macOS install is finished the setup differs between macOS Catalina and Monterey. Catalina you have to run the setup assistant manually. Monterey has a new feature called "Auto Advance" and that setup goes automagically. When both are finished with the setup the HR app-store will run at the login window installing apps and scripts. | |||
'''General troubleshooting when something goes wrong''': | |||
In the Munki repo (HR app-store repository) nothing has to be done! I recently re-installed about 30 PZI machines now and all went well on that part. | |||
'''Q's & A's''' | |||
Q: How to get administrator rights? <br> | |||
A: To use eraseinstall you have to get admin permissions using the “Privileges.app”. After that you should be able to successfully authenticate with the elevated permissions. | |||
Q: How can i check if a computer is reset already?<br> | |||
A: Just check the Applications folder. It should only contain Chrome and the Privileges app, together with the standard Apple app’s of course. And /Users shouldn’t contain student id’s. | |||
Q: To which OS should the machines be upgraded?<br> | |||
A: Every year Apple releases a new major version of their OS. Most 3rd party vendors and supporting engineers (like me) choose to support the n -2 model (n=current OS major release) and 2 older versions. | |||
Most Macs are running macOS 10.14 Mojave (in September 2021), they also need to be upgraded to 10.15 Catalina as most of the support from third party vendors will stop by the end of this year when Apple releases their new OS. You can upgrade the OS using the WdKA app-store. | |||
==Admin account== | |||
'''Admin account''' can be to names: <code>admin</code> or <code>_wdkadmin</code> | |||
'''Password reset''': Sometimes a PZI student changed the admin pass or deleted the admin account. | |||
We need to reset the password of the machine: | |||
* Startup from the recovery partition, holding cmnd-r keys. | |||
* When in the recovery partition, klik on the upper menu Utilities and op a Terminal window | |||
* type: resetpassword | |||
* Reboot and you should be able to log in. | |||
'''For iMacs from 2020''', that came with an T2 co processor the procedure is different. To keep it simple: | |||
* Startup from recovery, same as above. | |||
* Wipe the disk using Disk Utility, then quit | |||
* Reinstall macOS | |||
* Follow the normal install procedure | |||
Additional info: | |||
* https://support.apple.com/en-gb/guide/mac-help/mchl338cf9a8/mac | |||
* https://support.apple.com/en-us/HT204904 | |||
The IT service desk employees know the '''firmware password''' when asked. | |||
==Computer groups and naming== | |||
During these last couple days I noticed that some iMacs moved from a classroom to a personal device workspace. | |||
All Macs are in a computer group configuration that matches the purpose of the room or the student/employee. | |||
Staff Desktop iMacs can't be placed in a public space to be used by everyone. Students can't log in to staff setup Macs. | |||
Check the computername the figure out the group it belongs to. | |||
Is the name starting with: | |||
* '''sd''' - This is a staff Desktop and it's only purpose is for some PZI employees in offices to work on. Do not put it in a classroom or the workspace from Xpub or Lensbased | |||
* '''mov''' - This is a Mac desktop meant for shared usage in big classrooms to teach or work on by everyone. The Mac's data (All homedirectories) are erased with reboots. It's not meant for the Xpub or Lensbased students as a 1:1 personal work Mac. | |||
* '''emm, emx, eml''' - These Macs are meant for personal 1:1 desktops for the students to work on for their 2 years study period. Do not place these Macs in public rooms where during a year maybe 100 people can work on. It fills up the Mac with data for example. | |||
If a Mac needs to get a "'''new purpose'''" only I can make the appropriate changes before we run a wipe and new install. If needed this has to wait till I'm back from holiday. | |||
==Updates== | ==Updates== | ||
Line 82: | Line 172: | ||
Those versions will be available within the WdKA app-store. | Those versions will be available within the WdKA app-store. | ||
=Related pages= | =Related pages= |
Latest revision as of 08:23, 5 September 2022
IT questions/problems
At the moment we have 2 IT email addresses and departments, both handling their own services.
All problems related to logins, HRO services like printing, email, office 365, network patches need to be sent to Hogeschool IT: service@hr.nl
All problems related to macOS/WdKA app-store, MyWdKA (webservices) and planning/reservations need to be handled by WdKA IT: wdka.ict@hr.nl
When in doubt email wdka.ict@hr.nl and Patrick will point you in the right direction.
Patches/network
FIT does all the patching, you can ask them to patch an outlet by giving the port numbers in the wall.
Please make a list if more patching needs to be done.
Check the status of the network
You can check if the network works for a Mac the following way:
- Start the Mac.
- When on the login window, click on the time in the right upper corner.
- You can click multiple times to show you an ip address starting with 145.24.xxx.xxx or the name of the computer. If there isn’t an ip number, there’s no network. The name of the computer is important for me if there’s another problem I need to solve if needed.
Use the Macs
Login
When a new Mac is ready to be used, students need to login with their Hogeschool account.
- No network=No login
- If a wrong password is used multiple times, the student gets blocked. They need to go to the FIT service desk to gain access again
First login
When they login for the first time some stuff will be setup automatically.
The WdKA app-store.app and Privileges.app will be placed in the Dock for example.
WdKA app-store.app and Privileges.app
- Students can install or remove apps from the WdKA app-store.
- It is allowed to install other software outside the WdKA app-store. Do this with care! If in doubt of the software package, send an email to wdka.ict@hr.nl
- With the Privileges.app students gain admin rights.
- When you open the WdKA app-store it will present you the “Featured items”. These are the latest apps that get more attention. There are way more apps available, use the search window or click on a category.
Data
Students are responsible for their own data
The students are responsible for the data they put on those machines.
If that data is important they should create backups to external storage or preferably and possible use Microsoft Onedrive cloud storage.
Onedrive has limitations with characters in file of folder names.
Whiping/re-installing
Students or staff can start the “EraseInstall” app from the applications folder to totally erase the machine and re-install.
All data will be gone! It will ask for admin permissions before.
After the system is re-installed you need to follow the setup assistant.
When a login is asked so the Mac can be managed use your Hogeschool credentials. Just studentnumber/username without @hro.nl and the correct password.
You should follow this procedure when an Mac is being transferred from a graduated student to a new student.
Update AUG 2022: Due to changes to access the harddrive in macOS you can’t use the app EraseInstall anymore.
To re-purpose a Mac the following requirements are needed:
- working ethernet connection
- Check the computername and year of purchase. The computername starts with department name, follow by a number. The first 2 digits resemble year of purchase. To get the computername: When on the login window, click on the time in the right upper corner. This is a Google switch between: IP address if ethernet is active, macOS version and computername
- The macOS installer app need the be installed in /Applications. If it's not, run HR app-store to get the appropriate installer.
- All iMacs from 2014 run macOS Catalina as the latest macOS version, they should receive the Catalina installer
- All other iMac newer than 2014 and Macpro's can run macOS Monterey.
- If the HR app-store doesn't get the installer, instal it manually using the Onedrive link or usb stick that de servicedesk employees have.
When all the requirements are met, run the appropriate command in Terminal.app: Use the following to get all the option of the tool:
"/Applications/Install macOS Monterey.app/Contents/Resources/startosinstall" —usage
Current OS 10.14 and 10.15 and can only run 10.15: macOS 10.15 command:
"/Applications/Install macOS Catalina.app/Contents/Resources/startosinstall" --agreetolicense --eraseinstall
Current OS 10.14, 10.15 en 11 and hardware can run macOS 12 Monterey:
"/Applications/Install macOS Monterey.app/Contents/Resources/startosinstall" --agreetolicense --eraseinstall
Current macOS is macOS 12 Monterey and the Mac is from 2020, run the Erase all contents and settings:
- Open System Preferences
- Click on the left upper corner "System Preferences" name and choose "Erase all contents and settings"
This is the current and future method to re-install Macs. There's no need to re-install the whole macOS anymore as the system partition is read only and sealed and the current macOS is running from a snapshot of that system. Only works on T2 Macs and Apple Silicon Macs
Important: When the macOS install is finished the setup differs between macOS Catalina and Monterey. Catalina you have to run the setup assistant manually. Monterey has a new feature called "Auto Advance" and that setup goes automagically. When both are finished with the setup the HR app-store will run at the login window installing apps and scripts.
General troubleshooting when something goes wrong:
In the Munki repo (HR app-store repository) nothing has to be done! I recently re-installed about 30 PZI machines now and all went well on that part.
Q's & A's
Q: How to get administrator rights?
A: To use eraseinstall you have to get admin permissions using the “Privileges.app”. After that you should be able to successfully authenticate with the elevated permissions.
Q: How can i check if a computer is reset already?
A: Just check the Applications folder. It should only contain Chrome and the Privileges app, together with the standard Apple app’s of course. And /Users shouldn’t contain student id’s.
Q: To which OS should the machines be upgraded?
A: Every year Apple releases a new major version of their OS. Most 3rd party vendors and supporting engineers (like me) choose to support the n -2 model (n=current OS major release) and 2 older versions.
Most Macs are running macOS 10.14 Mojave (in September 2021), they also need to be upgraded to 10.15 Catalina as most of the support from third party vendors will stop by the end of this year when Apple releases their new OS. You can upgrade the OS using the WdKA app-store.
Admin account
Admin account can be to names: admin
or _wdkadmin
Password reset: Sometimes a PZI student changed the admin pass or deleted the admin account.
We need to reset the password of the machine:
- Startup from the recovery partition, holding cmnd-r keys.
- When in the recovery partition, klik on the upper menu Utilities and op a Terminal window
- type: resetpassword
- Reboot and you should be able to log in.
For iMacs from 2020, that came with an T2 co processor the procedure is different. To keep it simple:
- Startup from recovery, same as above.
- Wipe the disk using Disk Utility, then quit
- Reinstall macOS
- Follow the normal install procedure
Additional info:
- https://support.apple.com/en-gb/guide/mac-help/mchl338cf9a8/mac
- https://support.apple.com/en-us/HT204904
The IT service desk employees know the firmware password when asked.
Computer groups and naming
During these last couple days I noticed that some iMacs moved from a classroom to a personal device workspace. All Macs are in a computer group configuration that matches the purpose of the room or the student/employee. Staff Desktop iMacs can't be placed in a public space to be used by everyone. Students can't log in to staff setup Macs.
Check the computername the figure out the group it belongs to.
Is the name starting with:
- sd - This is a staff Desktop and it's only purpose is for some PZI employees in offices to work on. Do not put it in a classroom or the workspace from Xpub or Lensbased
- mov - This is a Mac desktop meant for shared usage in big classrooms to teach or work on by everyone. The Mac's data (All homedirectories) are erased with reboots. It's not meant for the Xpub or Lensbased students as a 1:1 personal work Mac.
- emm, emx, eml - These Macs are meant for personal 1:1 desktops for the students to work on for their 2 years study period. Do not place these Macs in public rooms where during a year maybe 100 people can work on. It fills up the Mac with data for example.
If a Mac needs to get a "new purpose" only I can make the appropriate changes before we run a wipe and new install. If needed this has to wait till I'm back from holiday.
Updates
Please update
Students also need to keep their Macs up to date with the security and macOS updates.
If they are to far behind I will send an email asking to update.
New OS versions
New yearly MacOS versions will be available when all other software we have is ready.
Those versions will be available within the WdKA app-store.