Tagged "mac"

Goodbye seedutil, hello Apple IDs

Starting in macOS 13.4, there is no longer a way for Mac admins to programmatically manage beta program enrollments. During the 13.4 beta cycle it was announced seedutil is deprecated, to be removed entirely in a future release, and the only path forward to enroll in beta programs being Apple IDs.

Running sysdiagnose and Wireless Diagnostics With Self Service

Troubleshooting technology issues this past year has been especially challenging due to the distance coronavirus has forced upon us. Getting good data to help our users has been more difficult when it’s not possible to be in front of their computer. Mac admins who have worked with Apple support or filed feedback know the very first data point usually requested is a sysdiagnose. No logs, no help. A sysdiagnose contains a voluminous amount of log files which can help pinpoint exactly what’s gone wrong with a Mac.

Authorization Rights Management for Standard User Access

Authorization rights on macOS determine are a core part of the security model which determine who can and can’t access specific functions. For example, system.preferences.datetime determines authentication required to modify Date & Time settings under System Preferences. A curious power user could cause a lot of harm changing authorization rights, and for the most should be left well alone. However, modifying authorization rights is particularly useful in granting standard users access to areas only admins can go by default.

Notes on Activation Lock: Apple Silicon Management Challenges

Apple silicon has made Mac exciting again. Exiting for consumers who can run most everyday tasks at near ludicrous speed. Exciting for IT admins as the rules for managing this new era of Mac shift around them. There’s a new normal, and what worked with Intel Macs might not work on Apple silicon. In this post we’ll look at Activation Lock. The good, the bad, and what’s actually true.

Granting Full Disk Access to Malwarebytes

Malwarebytes has required full disk access on macOS Catalina and later since at least March 2020, but I only noticed recently as I was testing for Big Sur compatibility.

MDM Kernel Extension Install Support in Big Sur

This post mainly exists to shamelessly promote my Jamf feature request to add support for RebuildKernelCache. Before jumping into the details, go upvote that feature request. You can always go backtrack later to downvote me if by the end you decide it’s not worth the support.

Managing Fast User Switching Broken in Big Sur

While some organizations went full steam ahead with Big Sur, in K12 education land we’re usually a few months behind. While testing our Big Sur deployment I found managing fast user switching using MultipleSessionEnabled in a GlobalPreferences profile payload is broken.

Big Sur Upgrade Requires Over 35 GB Free Space

Like many of us during the pandemic, Big Sur has gotten a bit chonky. Not including the over 12 GB installer, it takes 35 GB to upgrade from a previous OS to Big Sur.

You Had One Job! Apple Silicon Macs Can't Be Locked Using MDM Lock Command

Consider filing feedback after reading this post! Voice your opinion by referencing AppleCare enterprise case 101264025284. Talk with your Apple SE, account manager, or vendor. DeviceLockCommand As Apple silicon documentation slowly trickles in, the Apple admin community learns more about changes impacting MDM and other functions intended for enterprise.

Native Restart and Logout Dialogs with PyObjC

Recently I wanted to find a friendly way to prompt for logout or restart using the dialog prompts people were already used to. As part of a workflow users had to restart, but the only solutions I found to programmatically accomplish this were to force something like…

Downloading Apple Silicon Mac IPSWs

Admins who have worked with non-Mac Apple devices for a long time are already familiar with IPSW (iPod software) files. IPSWs are the OS installers for iOS, iPadOS, tvOS, and other variations in the iDevice family.

Deploying Lightspeed Relay with Jamf Pro

One of the most common questions on the MacAdmins Slack #lightspeed channel is, “How do I install the Relay smart agent on Macs?” Lightspeed provides a little guidance and a decent overview, and that works most of the time, except when it doesn’t.

Big Sur Beta 5 - Still Not Education Ready

Two months into the beta cycle, Big Sur is still not education ready. Today marks the release of beta 5 and Apple has not implemented a way for standard users to enable screen recording.

Mitigating Mac Enrollment Failures

While working to enroll 1,000+ Macs to prep for the start of school, we found a large number were failing to get an enrollment configuration during Setup Assistant. There were three distinct ways the process failed.

Allow Local Only Account Login

There are times when you may want to only allow local account logins, but also bind to a directory service like AD. Though mobile accounts are a thing of the past and should be avoided, binding in your environment could still have a place.

NoMAD Login and Jamf Connect EAs for Jamf Pro

My previous posts about NoMAD Login + Jamf Pro deployment workflows assumed that once a local account is provisioned NoMAD Login will be uninstalled. From then on out users would use the stock macOS login window they’re used to.

Moving to authchanger with NoMAD Login

NoMAD Login offers up two flavors of installer package - NoMADLogin.pkg and NoMADLogin-authchanger.pkg. This post aims to explain what authchanger does, differences between those two packages, and how to deploy NoMAD Login using authchanger.