We help top organizations stay competitive, by implementing the latest disruptive technologies.

Latest Posts
 

Test macOS DEP Enrollment with a VMWare Virtual Machine

Test macOS DEP Enrollment with a VMWare Virtual Machine

Occasionally I get asked to demo (not just explain) the macOS DEP enrollment process, which can be a bit complicated when the demo takes place remotely. So, what does one do? Well, I resorted to using a VMWare machine with a spoofed serial number from one of my legitimate DEP machines and viola! I can easily show the entire DEP enrollment process from a remote presentation.

And for Macadmins, this is good news for you as well. Using the process outlined below, you can spoof one of your DEP device serial numbers and test your macOS enrollment process.

What’s Needed?

There are a couple of pieces to this and the easiest way is to just create a brand new virtual machine. However, we’re going to do this using some open source tools as opposed to the conventional VMWare Fusion wizard.

To start, therefore, download from the Mac App Store the latest version of the macOS installer you want to use for your virtual machine. Once you have your installer, download and install the following utilities:

  • VMWare Fusion – vfuse uses some of the CLI from Fusion to build the virtual machine.
  • AutoDMG – AutoDMG creates the bootable DMG from the macOS installer.
  • vfuse – vfuse will generate the VMWare virtual machine from the bootable DMG built by AutoDMG.

In addition to these tools, you’re going to need a serial number and the model number identifier for a legitimate DEP device enrolled with Apple. If you don’t have a DEP account or machines purchased through the proper channels to be enrolled with Apple’s DEP, you can just stop now as the rest of the post won’t be very helpful.

If you’re unsure of where to find a valid DEP serial number, you can download them directly from your DEP account. Go to https://deploy.apple.com, authenticate and provide your two-factor authentication if required, and then click on Manage Servers from the left-hand panel. Select your specific server name from the list (you may have multiple) and from the GUI panel, click on the Download Serial Numbers link at the upper-right corner.

Step 1 – Create a Bootable DMG with AutoDMG

AutoDMG is a very simple and time-saving tool used to build an image deployable to all supported types of Mac hardware (for the OS version you chose) using only the macOS installer. In this case, it’ll be used to deploy to VMWare Fusion.

  1. Launch AutoDMG.
  2. Drag and drop your macOS Installer onto the top panel
  3. Click the Download button to inject applicable Apple updates.
  4. Ignore the Additional Software panel.
  5. Click the Build button.
  6. Provide your Save As name and Where location. You may choose to simplify the name from the default (ex. 10.13.0.dmg).
  7. Provide the needed Mac admin credentials.
  8. Take a 15 minute break.
  9. Close the utility when complete.

Step 2 – Create the Virtual Machine with Vfuse

Vfuse is really just a script that takes a never-booted DMG and converts it to a VMware Fusion VM. This is all done from the command-line with a few arguments. We’re going to use the -i, -o, -n, -s, and –hw-model switches. These are only a sub-set of the switches available, so to learn about all of the others, open Terminal and type /usr/local/vfuse/vfuse.

  • -i – indicates the input path to your AutoDMG DMG. (ex. ~/Desktop/10.13.0.dmg)
  • -o – tells the script where to write your new VMWare image (ex. ~/Documents/VMs)
  • -n – names the virtual machine file (ex. macOSHighSierraDEP)
  • -s – sets the serial number for the virtual machine (ex. C05C29EQCR0M)
  • –hw-model – applies the Apple hardware identifier associated with the serial number (ex. MacBookPro14,3)

To put it all together, call the command line for vfuse and provide your switches with their appropriate values. Also, so you don’t get prompted afterwards, run the command with sudo.

/usr/local/vfuse/vfuse -i ~/Desktop/10.13.0.dmg -o ~/Documents/VMs -n macOSHighSierraDEP -s C05C29EQCR0M --hw-model MacBookPro14,2

When finished, you should find a .vmwarevm file at the -o path specified. If you’d like to see where the serial number and hardware identifier model attributes are stored, right-click on your vmwarevm file and select Show Package Contents. If you’ve not yet launched the VM, you’d see two files in there. You want to right-click on the .vmx file and open it with a Text Editor. Therein, you’ll find the serialNumber and hw-model values you supplied.

Step 3 – Take a Snapshot and Test

At this point, you should have everything you need to begin testing your DEP enrollment process. But before you do so, it would be a good idea to snapshot your machine before you load it up the first time. So doing will allow you to easily go back and test from the beginning.

No Comments

Post A Comment