Tagged "mac"

Notes on Activation Lock: Apple Silicon Management Challenges

Apple silicon has made Mac exciting again. Exiting for consumers who can run most everyday tasks at near ludicrous speed. Exciting for IT admins as the rules for managing this new era of Mac shift around them. There’s a new normal, and what worked with Intel Macs might not work on Apple silicon. In this post we’ll look at Activation Lock. The good, the bad, and what’s actually true.

Granting Full Disk Access to Malwarebytes

Malwarebytes has required full disk access on macOS Catalina and later since at least March 2020, but I only noticed recently as I was testing for Big Sur compatibility.

MDM Kernel Extension Install Support in Big Sur

This post mainly exists to shamelessly promote my Jamf feature request to add support for RebuildKernelCache. Before jumping into the details, go upvote that feature request. You can always go backtrack later to downvote me if by the end you decide it’s not worth the support.

Managing Fast User Switching Broken in Big Sur

While some organizations went full steam ahead with Big Sur, in K12 education land we’re usually a few months behind. While testing our Big Sur deployment I found managing fast user switching using MultipleSessionEnabled in a GlobalPreferences profile payload is broken.

Big Sur Upgrade Requires Over 35 GB Free Space

Like many of us during the pandemic, Big Sur has gotten a bit chonky. Not including the over 12 GB installer, it takes 35 GB to upgrade from a previous OS to Big Sur.

You Had One Job! Apple Silicon Macs Can't Be Locked Using MDM Lock Command

DeviceLockCommand As Apple silicon documentation slowly trickles in, the Apple admin community learns more about changes impacting MDM and other functions intended for enterprise. One of the most obvious is the change to the MDM DeviceLockCommand command.

Native Restart and Logout Dialogs with PyObjC

Recently I wanted to find a friendly way to prompt for logout or restart using the dialog prompts people were already used to. As part of a workflow users had to restart, but the only solutions I found to programmatically accomplish this were to force something like…

Downloading Apple Silicon Mac IPSWs

Admins who have worked with non-Mac Apple devices for a long time are already familiar with IPSW (iPod software) files. IPSWs are the OS installers for iOS, iPadOS, tvOS, and other variations in the iDevice family.

Deploying Lightspeed Relay with Jamf Pro

One of the most common questions on the MacAdmins Slack #lightspeed channel is, “How do I install the Relay smart agent on Macs?” Lightspeed provides a little guidance and a decent overview, and that works most of the time, except when it doesn’t.

Big Sur Beta 5 - Still Not Education Ready

Two months into the beta cycle, Big Sur is still not education ready. Today marks the release of beta 5 and Apple has not implemented a way for standard users to enable screen recording.

Mitigating Mac Enrollment Failures

While working to enroll 1,000+ Macs to prep for the start of school, we found a large number were failing to get an enrollment configuration during Setup Assistant. There were three distinct ways the process failed.

Allow Local Only Account Login

There are times when you may want to only allow local account logins, but also bind to a directory service like AD. Though mobile accounts are a thing of the past and should be avoided, binding in your environment could still have a place.

NoMAD Login and Jamf Connect EAs for Jamf Pro

My previous posts about NoMAD Login + Jamf Pro deployment workflows assumed that once a local account is provisioned NoMAD Login will be uninstalled. From then on out users would use the stock macOS login window they’re used to.

Moving to authchanger with NoMAD Login

NoMAD Login offers up two flavors of installer package - NoMADLogin.pkg and NoMADLogin-authchanger.pkg. This post aims to explain what authchanger does, differences between those two packages, and how to deploy NoMAD Login using authchanger.