PDA

View Full Version : NetBoot Automatic Secure Erase




bmehilos
Jul 8, 2013, 09:46 AM
Server noob here. I work at a university where all machines that are going to be put in storage or recycled have to have their hard drives erased securely with a 3-pass erase. Automating this over a small LAN is easy for all of the PCs we have, as they have PXE, so getting DBAN on them from a server is a breeze.
Macs don't have this ability, and going around, booting from an install disk or volume, going into Terminal and wiping the drive on the hundreds of Macs we have is a bit more work than I feel it needs to be. I'd like to somehow get some Macs connected to a small LAN (server+switch, nothing crazy) and just immediately start wiping their drives. As far as I can tell OS X Server allows for Automator actions to be run post-install during imaging, but I'm wondering if there is a way to get a shell script Automator action to run right off the bat and start erasing the drives once they connect to the server.

Am I even looking in the right direction with OS X Server/Automator/etc, or are there other, easier ways to set something like this up with other tools I've overlooked?

Thanks in advance



aarond12
Jul 9, 2013, 11:19 AM
If you have Mac OS X Server running on a machine, you can create a NetBoot image. Once that's configured correctly on the server, restarting the Mac with the N key held down boots to that NetBoot image. You could put the erase process in the NetBoot image so it would automatically run.

stuckwithme247
Jul 9, 2013, 12:16 PM
Server noob here. I work at a university where all machines that are going to be put in storage or recycled have to have their hard drives erased securely with a 3-pass erase. Automating this over a small LAN is easy for all of the PCs we have, as they have PXE, so getting DBAN on them from a server is a breeze.
Macs don't have this ability, and going around, booting from an install disk or volume, going into Terminal and wiping the drive on the hundreds of Macs we have is a bit more work than I feel it needs to be. I'd like to somehow get some Macs connected to a small LAN (server+switch, nothing crazy) and just immediately start wiping their drives. As far as I can tell OS X Server allows for Automator actions to be run post-install during imaging, but I'm wondering if there is a way to get a shell script Automator action to run right off the bat and start erasing the drives once they connect to the server.

Am I even looking in the right direction with OS X Server/Automator/etc, or are there other, easier ways to set something like this up with other tools I've overlooked?

Thanks in advance

When you boot using NetBoot to do a NetRestore you simply go to the Utilities menu - > Disk Utility. From there you can choose whatever secure erase option you would normally be able to choose.

The other way would be to use the built-in scripting options of NetRestore (see attached pic).

You will probably want to first take a Mac and install all the extra common software that you will want to have on the image, then with the System Image Utility create a NetRestore image from that Mac.

bmehilos
Nov 6, 2013, 03:29 PM
In the interest of posterity, so if someone happens across this thread via Google, they know the solution I found.

Write the terminal commands for "diskutil" to do a three pass erase (I forget the arguments, but diskutil is an easy command to learn) as a script. Add script to start up items for the main user of a NetBoot image. Set autologin. The moment the NetBoot image loads and you login, the drive will begin to erase (since your "startup disk" is actually on the network, you won't get any guff from OS X).