Starting in macOS 13.4, there is no longer a way for Mac admins to programmatically manage beta program enrollments. During the 13.4 beta cycle it was announced seedutil is deprecated, to be removed entirely in a future release, and the only path forward to enroll in beta programs being Apple IDs.
Troubleshooting technology issues this past year has been especially challenging due to the distance coronavirus has forced upon us. Getting good data to help our users has been more difficult when it’s not possible to be in front of their computer. Mac admins who have worked with Apple support or filed feedback know the very first data point usually requested is a sysdiagnose. No logs, no help. A sysdiagnose contains a voluminous amount of log files which can help pinpoint exactly what’s gone wrong with a Mac.
Authorization rights on macOS determine are a core part of the security model which determine who can and can’t access specific functions. For example, system.preferences.datetime determines authentication required to modify Date & Time settings under System Preferences. A curious power user could cause a lot of harm changing authorization rights, and for the most should be left well alone. However, modifying authorization rights is particularly useful in granting standard users access to areas only admins can go by default.
Apple silicon has made Mac exciting again. Exiting for consumers who can run most everyday tasks at near ludicrous speed. Exciting for IT admins as the rules for managing this new era of Mac shift around them. There’s a new normal, and what worked with Intel Macs might not work on Apple silicon. In this post we’ll look at Activation Lock. The good, the bad, and what’s actually true.
Malwarebytes has required full disk access on macOS Catalina and later since at least March 2020, but I only noticed recently as I was testing for Big Sur compatibility.
This post mainly exists to shamelessly promote my Jamf feature request to add support for RebuildKernelCache. Before jumping into the details, go upvote that feature request. You can always go backtrack later to downvote me if by the end you decide it’s not worth the support.
While some organizations went full steam ahead with Big Sur, in K12 education land we’re usually a few months behind. While testing our Big Sur deployment I found managing fast user switching using MultipleSessionEnabled in a GlobalPreferences profile payload is broken.
Like many of us during the pandemic, Big Sur has gotten a bit chonky. Not including the over 12 GB installer, it takes 35 GB to upgrade from a previous OS to Big Sur.
Consider filing feedback after reading this post! Voice your opinion by referencing AppleCare enterprise case 101264025284. Talk with your Apple SE, account manager, or vendor. DeviceLockCommand As Apple silicon documentation slowly trickles in, the Apple admin community learns more about changes impacting MDM and other functions intended for enterprise.
Recently I wanted to find a friendly way to prompt for logout or restart using the dialog prompts people were already used to. As part of a workflow users had to restart, but the only solutions I found to programmatically accomplish this were to force something like…
Admins who have worked with non-Mac Apple devices for a long time are already familiar with IPSW (iPod software) files. IPSWs are the OS installers for iOS, iPadOS, tvOS, and other variations in the iDevice family.
One of the most common questions on the MacAdmins Slack #lightspeed channel is, “How do I install the Relay smart agent on Macs?” Lightspeed provides a little guidance and a decent overview, and that works most of the time, except when it doesn’t.
Two months into the beta cycle, Big Sur is still not education ready. Today marks the release of beta 5 and Apple has not implemented a way for standard users to enable screen recording.
While working to enroll 1,000+ Macs to prep for the start of school, we found a large number were failing to get an enrollment configuration during Setup Assistant. There were three distinct ways the process failed.
There are times when you may want to only allow local account logins, but also bind to a directory service like AD. Though mobile accounts are a thing of the past and should be avoided, binding in your environment could still have a place.
My previous posts about NoMAD Login + Jamf Pro deployment workflows assumed that once a local account is provisioned NoMAD Login will be uninstalled. From then on out users would use the stock macOS login window they’re used to.
NoMAD Login offers up two flavors of installer package - NoMADLogin.pkg and NoMADLogin-authchanger.pkg. This post aims to explain what authchanger does, differences between those two packages, and how to deploy NoMAD Login using authchanger.