Upgrading iMacs to Catalina and Meraki MDM

I have been slowly updating our Makerspace iMacs to Catalina and enrolling them into Meraki. Lots of different reasons for this, but the most prominent is that major OS releases give me time to reflect on what worked well and didn't work out with the last OS. In this case, we shifted printing to student BYOD through Google Cloud Print so there was no need for students to use the iMacs anymore.

The Makerspace iMacs run in Guest Mode so it's easy to reset the machines and erase personal data with a reboot. I had big problems with using the macOS Recovery option (it only worked on 4 or 5 machines) so ended up downloading Catalina and installing it on two USB sticks and a MicroSD card using Install Disk Creator. One machine couldn't reformat the drive as APFS until I figured out Disk Utility was actually hiding the "device" -- going into the View menu allowed me to view devices and I was able to right-click (or Ctrl-click) the drive and format as APFS.

Once the machine was wiped and upgraded to Catalina I enrolled into Meraki. This involved:

1. System Preferences > Sharing. Rename the shared computer name using the convention "Makerspace iMac #"
2. System Preferences > Users. Turning on the Guest login and in Login Options setting it as the default login (so reboots will go directly into Guest).
3. Opening Safari and doing the mobile Meraki enrolment.

There was a bit of finagling behind the scenes with profiles. Using my admin iMac I created a profile that had a few settings Meraki cannot handle: the two colour printers, setting screensaver timeouts, turning on Content Caching. I used Apple Server for this, though only the Profile Manager component. Oddly, it opens in a web browser instead of the Server app. Once all profile settings are created I then downloaded the .mobileconfig file and uploaded to Meraki. I force pushed that profile and the Meraki macOS profile.

Note that Meraki suggests force downloading the Agent app -- I enabled that in the Meraki settings. It unlocks some additional power features, like Command Line and Remote Desktop. I used command line to turn on Remote Management so my Apple Remote Desktop can control the iMacs. I used this command:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -restart -agent -privs -all

There might be a problem with some VPP apps not downloading. It might just be their size, specifically iMovie and Keynote. One iMac is definitely downloading. I'll have to double-check the others in a few days.

Next step to push out a custom wallpaper using Apple Remote Desktop. Meraki might be able to handle this -- it works really well with iOS and DEP iPads. Much much much easier than Configurator.