Troubleshooting technology issues this past year has been especially challenging due to the distance coronavirus has forced upon us. Getting good data to help our users has been more difficult when it’s not possible to be in front of their computer. Mac admins who have worked with Apple support or filed feedback know the very first data point usually requested is a sysdiagnose. No logs, no help. A sysdiagnose contains a voluminous amount of log files which can help pinpoint exactly what’s gone wrong with a Mac.
Authorization rights on macOS determine are a core part of the security model which determine who can and can’t access specific functions. For example, system.preferences.datetime determines authentication required to modify Date & Time settings under System Preferences. A curious power user could cause a lot of harm changing authorization rights, and for the most should be left well alone. However, modifying authorization rights is particularly useful in granting standard users access to areas only admins can go by default.
This post mainly exists to shamelessly promote my Jamf feature request to add support for RebuildKernelCache. Before jumping into the details, go upvote that feature request. You can always go backtrack later to downvote me if by the end you decide it’s not worth the support.
One of the most common questions on the MacAdmins Slack #lightspeed channel is, “How do I install the Relay smart agent on Macs?” Lightspeed provides a little guidance and a decent overview, and that works most of the time, except when it doesn’t.
My previous posts about NoMAD Login + Jamf Pro deployment workflows assumed that once a local account is provisioned NoMAD Login will be uninstalled. From then on out users would use the stock macOS login window they’re used to.
jamf_cat_report.py is a Python tool to output Jamf Pro mobile device app catalog info in a nicely formatted CSV. Here’s an example CSV of the type of data you’ll get.
NoMAD Login is a login window replacement for macOS that allows you to authenticate to Active Directory to create a local account mirroring AD credentials. It’s often used in conjunction with NoMAD as a way to access AD features without requiring an actual bind.